Closed Bug 336737 Opened 18 years ago Closed 16 years ago

Crash when switching folders [@ NS_strlen]

Categories

(MailNews Core :: Database, defect)

Product:
MailNews Core
Component:
Database
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ajschult784, Assigned: Bienvenu)

References

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(3 files, 2 obsolete files)

stacktrace
6.07 KB, text/plain
Details
patch for checkin
6.53 KB, patch
Details | Diff | Splinter Review
additional fix
1010 bytes, patch
Bienvenu
: superreview+
Details | Diff | Splinter Review 
With seamonkey trunk build 2006050410, I've crashed a few times switching to a different mail folder (usually IMAP) but it doesn't happen consistently.  I don't remember crashing with the previous nightly, 2006050309.
Attached file stacktrace 

    
  
Summary: Crash when switching folders → Crash when switching folders [@ NS_strlen]

    
    

    
  
I got same top of stack with windows on startup of thunderbird trunk 2006050409
talkback id TB18335210


    
    

    
  
There are a few others for windows also reported since yesterday 5/4. The oldest deployment id is MozillaOrgMozillaTrunkWin322006050310 for TB18287346

    
    

    
  
I went back to the 2006050309 build and did still hit this.  2006050210 seems ok.
Keywords: topcrash

    
    

    
  
Comment on attachment 221114 [details] [diff] [review]
null pointers are not legal for strlen and strdup and friends, they aren't healthy in general either

I've actually already got a different patch in my tree that uses the empty string instead of returning errors, so I'm going to decide which I prefer. Also, something changed underneath this code to cause this crash - so I'd like to investigate the underlying cause...

    
    

    
  
*** Bug 336893 has been marked as a duplicate of this bug. ***

    
    

    
  
I changed nsCRT::strlen (which became NS_strlen) to not accept null input... mostly accidentally, but I think it's the right thing to do if the callers can be easily fixed.

    
    

    
  
that's always been part of the contract of the nsCRT:: string routines, part of their raison d'etre, if you will, and part of the reason we used them instead of the vanilla c library or PL_ routines. A better thing to do might be to fix all the callers to null check and not use nsCRT:: routines, but leave the nsCRT:: routines the way there were...

    
    

    
  
The reason for nsCRT:: functions was because we needed a strlen for prunichar*, not just char*. The nsCRT::strlen(char*) function has crashed-on-null for a long time.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        tweak timeless's fix (obsolete)
        — Splinter Review
      

    


  

        Attachment #221114 -
        Attachment is obsolete: true

        Attachment #221337 -
        Flags: superreview?(mscott)

        Attachment #221114 -
        Flags: superreview?(bienvenu)

        Attachment #221114 -
        Flags: review?(bienvenu)

    
  

        Attachment #221337 -
        Flags: superreview?(mscott) → superreview+

    
    

    
  
Comment on attachment 221337 [details] [diff] [review]
tweak timeless's fix

thanks for addressing most of my XXXs, however you removed one w/o addressing it:

nsMsgGroupThread *nsMsgGroupView::AddHdrToThread(nsIMsgDBHdr *msgHdr, PRBool *pNewThread)
  nsHashKey *hashKey = AllocHashKeyForHdr(msgHdr);
  // XXX using this pointer without null checking will almost certainly

Why? the code ends up sticking a null pointer into a hash among other strange things....

    
    

    
  


  
this is the -u patch for checkin, also addresses timeless's last comment.

        Attachment #221337 -
        Attachment is obsolete: true

    
    

    
  
*** Bug 337580 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 337672 has been marked as a duplicate of this bug. ***

    
    

    
  
I checked this in for David now that the tree is open again.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

    
    

    
  
Even with the patch checked in, I'm still seeing talkback reports today with this crash such as:

TB18759487M


Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  

      
      
      
      

        Attached patch
          
          
        additional fixSplinter Review
      

    


  
This additional change might fix the crash seen in TB18759487M.

    
  

        Attachment #222240 -
        Flags: superreview+

    
  
Blocks: 334038

    
    

    
  
+  *aRecipientsString = nsCRT::strdup(unparsedRecipients.IsEmpty() ? NS_LITERAL_STRING("").get() : unparsedRecipients.get());

Could this be:
  *aRecipientsString = ToNewUnicode(unparsedRecipients);
?

    
    

    
  
should this be marked fixed now? 

    
    

    
  
Bienvenu in comment #20
> should this be marked fixed now? 

one would think. both patches checked in, and NS_strlen doesn't appear in TB trunk or TB2 on talkback





    
    

    
  
thx, marking fixed.
Status: REOPENED → RESOLVED
Closed: 18 years ago16 years ago
Resolution: --- → FIXED
Product: Core → MailNews Core
Crash Signature: [@ NS_strlen]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: