Closed Bug 332881 Opened 19 years ago Closed 18 years ago

Opening mail with extremely long subject line causes crash

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: cory.omand, Assigned: mscott)

References

Details

Attachments

(2 files)

HTML that crashes Firefox with stack overflow in PutSubImage()
4.86 KB, text/html
Details
Screenshot for the unclear subject line
25.47 KB, image/png
Details
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8) Gecko/20051130 Firefox/1.5 Build Identifier: Version 1.5 (20060113) A colleague of mine sent me a mail in which he had accidentally pasted the entire text of the message into the subject line. When selecting the message from the messages pane, Thunderbird dumped core. Reproducible: Always Steps to Reproduce: 1. Compose an email with a very large subject line (probably using a different email client because TB dumps core when you try to compose a mail with a very long subject line -- there is a separate bug for this issue). 2. Send it to yourself. 3. When the mail is received, click on it in the message list window. 4. Core! Actual Results: Core dump -- see attached stack trace. Expected Results: Open the mail -- truncating the subject line if necessary.
I lost the core, so a complete stack trace is not available, as I overwrote the original core file while trying to isolate the issue (I found another situation where TB dumps core in the process). However, I do remember what I saw when examining the core in mdb... thousands of lines of: fe6204fc PutSubImage (55648, 20, 579328, ddb6f0, 1fff20, 0) + 1c0 at the top of the stack trace. All calls had identical address and arguments.
Maybe related to bug 231728?
I can reproduce it at will with Firefox 1.5.0.3 on Linux; I've tried SuSE 9 (gtk2-2.2.4-125.1), Fedora Core 3 (gtk2-2.4.14-4.fc3.3) and Fedora Core 5 (gtk2-2.8.17-1.fc5.1). I'll attach the HTML page that causes the crash for me; it doesn't crash on Windows. As mentioned in comment #3, it looks like a stack overflow in the call to PutSubImage (in libX11.so). The end of the stack trace: [...] #29000 0x405cd719 in PutSubImage () from /usr/X11R6/lib/libX11.so.6 #29001 0x405cd719 in PutSubImage () from /usr/X11R6/lib/libX11.so.6 #29002 0x405cd719 in PutSubImage () from /usr/X11R6/lib/libX11.so.6 ---Type <return> to continue, or q <return> to quit--- #29003 0x405cd678 in PutSubImage () from /usr/X11R6/lib/libX11.so.6 #29004 0x405ce673 in XPutImage () from /usr/X11R6/lib/libX11.so.6 #29005 0x40a9585c in XftGlyphFontSpecCore () from /usr/X11R6/lib/libXft.so.2 #29006 0x40a8c2ec in XftDrawGlyphFontSpec () from /usr/X11R6/lib/libXft.so.2 #29007 0x081afdf3 in XmlInitUnknownEncodingNS () #29008 0x081afd7a in XmlInitUnknownEncodingNS () #29009 0x081af899 in XmlInitUnknownEncodingNS () #29010 0x081aed2d in XmlInitUnknownEncodingNS () #29011 0x081aea3c in XmlInitUnknownEncodingNS () #29012 0x081aeba7 in XmlInitUnknownEncodingNS () #29013 0x081ad303 in XmlInitUnknownEncodingNS () #29014 0x081abf7a in XmlInitUnknownEncodingNS () #29015 0x08275520 in XmlInitUnknownEncodingNS () #29016 0x082720e5 in XmlInitUnknownEncodingNS () #29017 0x08239a72 in XmlInitUnknownEncodingNS () #29018 0x08232a3a in XmlInitUnknownEncodingNS () #29019 0x0824bb89 in XmlInitUnknownEncodingNS () #29020 0x082327d4 in XmlInitUnknownEncodingNS () #29021 0x08239a72 in XmlInitUnknownEncodingNS () #29022 0x082399a8 in XmlInitUnknownEncodingNS () #29023 0x082d805f in nsPRUint32Key::Clone () #29024 0x08239a72 in XmlInitUnknownEncodingNS () #29025 0x082399a8 in XmlInitUnknownEncodingNS () ---Type <return> to continue, or q <return> to quit--- #29026 0x082ecaa9 in nsPRUint32Key::Clone () #29027 0x08239a72 in XmlInitUnknownEncodingNS () #29028 0x082399a8 in XmlInitUnknownEncodingNS () #29029 0x082eea85 in nsPRUint32Key::Clone () #29030 0x08239a72 in XmlInitUnknownEncodingNS () #29031 0x082399a8 in XmlInitUnknownEncodingNS () #29032 0x082dc64e in nsPRUint32Key::Clone () #29033 0x082dc6b1 in nsPRUint32Key::Clone () #29034 0x08239a72 in XmlInitUnknownEncodingNS () #29035 0x082e879b in nsPRUint32Key::Clone () #29036 0x08239a72 in XmlInitUnknownEncodingNS () #29037 0x08232a3a in XmlInitUnknownEncodingNS () #29038 0x0824bb89 in XmlInitUnknownEncodingNS () #29039 0x082327d4 in XmlInitUnknownEncodingNS () #29040 0x08239a72 in XmlInitUnknownEncodingNS () #29041 0x08232a3a in XmlInitUnknownEncodingNS () #29042 0x0824bb89 in XmlInitUnknownEncodingNS () #29043 0x082327d4 in XmlInitUnknownEncodingNS () #29044 0x08239a72 in XmlInitUnknownEncodingNS () #29045 0x082399a8 in XmlInitUnknownEncodingNS () #29046 0x0824bb1e in XmlInitUnknownEncodingNS () #29047 0x0824c6c1 in XmlInitUnknownEncodingNS () #29048 0x08224de1 in XmlInitUnknownEncodingNS () ---Type <return> to continue, or q <return> to quit--- #29049 0x083c3a5f in nsReadingIterator<unsigned short>::advance () #29050 0x083c70b6 in nsReadingIterator<unsigned short>::advance () #29051 0x083c6b00 in nsReadingIterator<unsigned short>::advance () #29052 0x083c5c3b in nsReadingIterator<unsigned short>::advance () #29053 0x083c8254 in nsReadingIterator<unsigned short>::advance () #29054 0x083c34ec in nsReadingIterator<unsigned short>::advance () #29055 0x081ef845 in XmlInitUnknownEncodingNS () #29056 0x081e93a0 in XmlInitUnknownEncodingNS () #29057 0x081ed21a in XmlInitUnknownEncodingNS () #29058 0x4028b264 in _gtk_marshal_BOOLEAN__BOXED () from /opt/gnome/lib/libgtk-x11-2.0.so.0 #29059 0x405044db in g_closure_invoke () from /opt/gnome/lib/libgobject-2.0.so.0 #29060 0x40513f95 in signal_emit_unlocked_R () from /opt/gnome/lib/libgobject-2.0.so.0 #29061 0x4051510f in g_signal_emit_valist () from /opt/gnome/lib/libgobject-2.0.so.0 #29062 0x40515652 in g_signal_emit () from /opt/gnome/lib/libgobject-2.0.so.0 #29063 0x403679b4 in gtk_widget_event_internal () from /opt/gnome/lib/libgtk-x11-2.0.so.0 #29064 0x40286c79 in gtk_main_do_event () from /opt/gnome/lib/libgtk-x11-2.0.so.0 #29065 0x4042ebe7 in gdk_window_process_updates_internal () ---Type <return> to continue, or q <return> to quit--- from /opt/gnome/lib/libgdk-x11-2.0.so.0 #29066 0x4042ed97 in gdk_window_process_all_updates () from /opt/gnome/lib/libgdk-x11-2.0.so.0 #29067 0x4042edff in gdk_window_update_idle () from /opt/gnome/lib/libgdk-x11-2.0.so.0 #29068 0x40557b81 in g_idle_dispatch () from /opt/gnome/lib/libglib-2.0.so.0 #29069 0x405599ca in g_main_context_dispatch () from /opt/gnome/lib/libglib-2.0.so.0 #29070 0x4055badb in g_main_context_iterate () from /opt/gnome/lib/libglib-2.0.so.0 #29071 0x4055bd07 in g_main_loop_run () from /opt/gnome/lib/libglib-2.0.so.0 #29072 0x4028711f in gtk_main () from /opt/gnome/lib/libgtk-x11-2.0.so.0 #29073 0x08d8ec20 in ?? () #29074 0x00000000 in ?? () #29075 0x00000000 in ?? () #29076 0x08052b8c in ?? () #29077 0x08d8ec20 in ?? () #29078 0x00000000 in ?? () #29079 0x080620f9 in ?? () #29080 0x401c1498 in ?? () from /opt/gnome/lib/libgtk-x11-2.0.so.0 #29081 0x08a94a20 in ?? () #29082 0xbfffca74 in ?? () #29083 0xbfffcae8 in ?? () ---Type <return> to continue, or q <return> to quit--- #29084 0xbfffca4c in ?? () #29085 0x4000cc10 in _dl_runtime_resolve () from /lib/ld-linux.so.2 #29086 0x081eecac in XmlInitUnknownEncodingNS () Previous frame inner to this frame (corrupt stack?) (gdb)
please ask your vendor to give you symbols before you ask gdb to give you a stack trace, otherwise you give garbage stacks.
Blocks: longlines
*** Bug 332882 has been marked as a duplicate of this bug. ***
WFM windows, version 2 beta 2 (20070124) with 7k subject (this could indeed be a dupe of bug 231728) cory.omand can you cause this with TB 2 or trunk?
Following the steps in the descriptions, I didn't get the crash on TB version 1.5.0.8 (20061204) Solaris nevada 55 x86. The subject line for the email is about 60K. The attached image shows us another bug. The subject line is unclear... Is this a known issue? Cory, could you still reproduce the crash with the latest TB1.5.0.9?
(In reply to comment #8) > The attached image shows us another bug. The subject line is unclear... Is this > a known issue? > like bug 337569, which is not reproducible in 1.8 branch
QA Contact: front-end
WFM on Solaris neveda 63 Thunderbird version 2.0.0.0 (20070423), can not reproduce this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: