Closed
Bug 412268
Opened 17 years ago
Closed 17 years ago
Mailnews topcrashes [@ nsUInt32Array::GetAt]
Categories
(MailNews Core :: Backend, defect)
MailNews Core
Backend
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: standard8, Assigned: neil)
References
()
Details
(Keywords: regression, topcrash)
Crash Data
Attachments
(1 file)
1.49 KB,
patch
|
standard8
:
review+
Bienvenu
:
superreview+
|
Details | Diff | Splinter Review |
We're seeing lots of crashes around nsUInt32Array, starting with the 2008010500 builds. The stacks point to nsMsgDBView.cpp changes which could be either bug 250811 or bug 410369: 0 nsUInt32Array::GetAt(unsigned int) d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\mailnews\base\util\nsuint32array.cpp:158 1 nsMsgDBView::NonDummyMsgSelected(unsigned int*, int) d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\mailnews\base\src\nsmsgdbview.cpp:6107 2 nsMsgDBView::SelectionChanged() d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\mailnews\base\src\nsmsgdbview.cpp:1025 3 NS_InvokeByIndex_P d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp:101 4 XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp:2344 5 XPC_WN_CallMethod(JSContext*, JSObject*, unsigned int, long*, long*) d:\builds\tinderbox\seamonkeytrunk\winnt_5.2_depend\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp:1480 I don't know about reproducing the failure, I think crash-stats is showing a clear regression here though.
Reporter | ||
Updated•17 years ago
|
Summary: topcrashes [@ nsUInt32Array::GetAt] → Mailnews topcrashes [@ nsUInt32Array::GetAt]
Assignee | ||
Comment 1•17 years ago
|
||
dwitte warned me about it, and at the time I couldn't see how, but I think the tree gets into a state where it thinks there's a selection when there isn't. I therefore allocate space for the selection, but never set it :-(
Assignee | ||
Comment 2•17 years ago
|
||
Assignee: nobody → neil
Status: NEW → ASSIGNED
Attachment #296948 -
Flags: superreview?(bienvenu)
Attachment #296948 -
Flags: review?(bugzilla)
Comment 3•17 years ago
|
||
Comment on attachment 296948 [details] [diff] [review] Proposed patch Maybe add a comment so someone doesn't optimize the bug fix away :-)
Attachment #296948 -
Flags: superreview?(bienvenu) → superreview+
Reporter | ||
Comment 5•17 years ago
|
||
Comment on attachment 296948 [details] [diff] [review] Proposed patch r=me assuming you add the comment that David suggested.
Attachment #296948 -
Flags: review?(bugzilla) → review+
Assignee | ||
Comment 6•17 years ago
|
||
Fix checked in. Let's see if this wallpapers the crash as suspected.
Comment 7•17 years ago
|
||
As a user responsible for a number of these in the crash reports db, I have a few observations / comments: 1) I first saw this by accidentally selecting the Junk folder shortly after it had been emptied to Trash - boom 2) After seeing a number of crashes with this signature (which subsequently did NOT require that the Junk folder be empty), I tried an old [NS 4.x] trick - I removed the Junk.msf file and let it it get rebuilt... problem solved for a while, then back again (also fixable by removing the bogus .msf). 3) I installed the nightly which should contain this proposed fix (2008011501), and notice a possibly related side-effect: after bringing my XP box back from Standby, a batch of new messages was downloaded, including about 50 of them which got marked as Junk but left in the Inbox. After deleting them manually, I noticed that the "unread" count was now about 50 too low... so is it possible that the "unread" count was in effect pre-decremented to account for these unread Junk messages getting removed, even though they in fact weren't?
Assignee | ||
Comment 8•17 years ago
|
||
OK, so we think this is fixed, but if anyone with a debug does hit the assertion, I want STR ;-)
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 9•16 years ago
|
||
Ok, this _isn't_ fixed. I'll do a debug build and try to catch a stack.
Reporter | ||
Comment 10•16 years ago
|
||
(In reply to comment #9) > Ok, this _isn't_ fixed. I'll do a debug build and try to catch a stack. Actually, you want bug 415601. The stacks in this new instance are caused by the changes in a different bug and they've got a different stack.
Updated•16 years ago
|
Product: Core → MailNews Core
Updated•13 years ago
|
Crash Signature: [@ nsUInt32Array::GetAt]
You need to log in
before you can comment on or make changes to this bug.
Description
•