Closed
Bug 382480
Opened 17 years ago
Closed 17 years ago
TB Crash [@ nsBidiPresUtils::ProcessText]
Categories
(Thunderbird :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 3
People
(Reporter: emaijala+moz, Assigned: emaijala+moz)
Details
(Keywords: crash, fixed1.8.0.14, verified1.8.1.8)
Crash Data
Attachments
(1 file)
577 bytes,
patch
|
roc
:
review+
roc
:
superreview+
dveditz
:
approval1.8.1.8+
dveditz
:
approval1.8.0.14+
|
Details | Diff | Splinter Review |
I just had my Thunderbird debug build crash unexpectedly and I decided to put it in the debugger for a quick check on what happened. To me it seems pretty obvious: nsBidiPresUtils::ProcessText was called with aText of 132 valid characters (message subject) and rest junk. aLength was properly set to 132, but it wasn't used when assigning aText to mBuffer. mBuffer tried to calculate the length and caused an AV. A possible patch is attached.
Attachment #266640 -
Flags: superreview?(roc)
Attachment #266640 -
Flags: superreview?(roc)
Attachment #266640 -
Flags: superreview+
Attachment #266640 -
Flags: review+
Assignee | ||
Comment 1•17 years ago
|
||
Fix checked in to trunk.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: in-testsuite?
Comment 3•17 years ago
|
||
Comment on attachment 266640 [details] [diff] [review] Patch to make ProcessText use the given length I think we should take this on branches as well.
Attachment #266640 -
Flags: approval1.8.1.6?
Attachment #266640 -
Flags: approval1.8.0.13?
Updated•17 years ago
|
Keywords: crash
Summary: TB Crash at nsBidiPresUtils::ProcessText → TB Crash [@ nsBidiPresUtils::ProcessText]
Target Milestone: --- → Thunderbird 3
Updated•17 years ago
|
Attachment #266640 -
Flags: approval1.8.0.13? → approval1.8.0.14?
Comment 4•17 years ago
|
||
Comment on attachment 266640 [details] [diff] [review] Patch to make ProcessText use the given length approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #266640 -
Flags: approval1.8.1.7?
Attachment #266640 -
Flags: approval1.8.1.7+
Attachment #266640 -
Flags: approval1.8.0.14?
Attachment #266640 -
Flags: approval1.8.0.14+
Comment 5•17 years ago
|
||
Ere, let me know if you'd like me to land this on the branch for you.
Assignee | ||
Comment 6•17 years ago
|
||
Please do. Thanks.
Comment 8•17 years ago
|
||
Ere: Any chance you can test this with the 2.0.0.8rc2 build to verify that crash is fixed? If you are unable to reproduce with the latest 1.8.1 build, please replace "fixed1.8.1.8" with "verified1.8.1.8". Thanks!
Comment 9•17 years ago
|
||
FWIW: I was not able to find any crashes in Talkback data with this stack signature.
Assignee | ||
Comment 10•17 years ago
|
||
Yep, I haven't been able to crash here anymore.
Keywords: fixed1.8.1.8 → verified1.8.1.8
Updated•17 years ago
|
Flags: blocking1.8.0.14+
Comment 11•17 years ago
|
||
Comment on attachment 266640 [details] [diff] [review] Patch to make ProcessText use the given length Ere: are you able to land this on the 1.8.0 branch in the next couple of days, or should I land it?
Assignee | ||
Comment 12•17 years ago
|
||
I'd appreciate it if you could land it.
Comment 13•17 years ago
|
||
Whats the difference of the checkin from comment 7? Wasn't it already landed for 1.8.1.8?
Comment 14•17 years ago
|
||
yes, this is now fixed as of 1.8.1.8, but it has not yet been fixed in 1.8.0.anything. We've stopped Firefox support on that branch but have one last Thunderbird 1.5.0.x release.
Comment 15•17 years ago
|
||
Patch checked into the 1.8.0.x branch. Ere: did you have a testcase for this one?
Keywords: fixed1.8.0.14
Comment 16•17 years ago
|
||
This is hard to verify without some sort of testcase, says QA. :-)
Assignee | ||
Comment 17•17 years ago
|
||
Without the patch Thunderbird reliably but intermittently crashed while hovering over a long subject line in the message list and a tooltip would have been displayed. It always happened after a couple of tries, but as it depends on what comes after the string in memory, it might not be repeatable with the same reliability (and apparently isn't, as I'm sure people would have crashed a lot otherwise).
Comment 18•16 years ago
|
||
This FIXED bug is flagged with in‑testsuite? It would be great if assignee or someone else can clear the flag if a test is not appropriate. And if appropriate, create a test and plus the flag to finish off the bug.
Comment 19•14 years ago
|
||
Given the age of this bug, and the fact that the issue was in core/graphics/layout. I'm not convinced its reasonably possible to whip up a test case for this bug. Therefore cancelling the in-testsuite request - if we really want a test for it, we should file a bug in layout which is where it really belongs (I won't move this bug due to the age though).
Flags: in-testsuite?
Updated•13 years ago
|
Crash Signature: [@ nsBidiPresUtils::ProcessText]
You need to log in
before you can comment on or make changes to this bug.
Description
•