Closed
Bug 430736
Opened 18 years ago
Closed 18 years ago
Crash [@ strlen - nsCharTraits<char>::length - nsDependentCString - nsMsgSearchValueImpl::GetStr] clicking on saved search folder
Categories
(MailNews Core :: Search, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bc, Assigned: timeless)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
836 bytes,
patch
|
prasad
:
review+
dmosedale
:
superreview+
|
Details | Diff | Splinter Review |
Started seeing this today with a nightly 32 bit build on Centos5 64bit. The crash reports were supposedly sent in, but I can't find them on crash-stats or any others for Linux today. Reproduced with a 64bit debug build.
#0 0x0000003057e95511 in nanosleep () from /lib64/libc.so.6
#1 0x0000003057e95334 in sleep () from /lib64/libc.so.6
#2 0x00002aaaaae3a93c in ah_crap_handler (signum=11) at nsSigHandlers.cpp:149
#3 0x00002aaaaae52211 in nsProfileLock::FatalSignalHandler (signo=11)
at nsProfileLock.cpp:216
#4 <signal handler called>
#5 0x0000003057e76170 in strlen () from /lib64/libc.so.6
#6 0x00002aaab61f50fb in nsCharTraits<char>::length (s=0x0)
at ../../../../dist/include/string/nsCharTraits.h:629
#7 0x00002aaab61f5143 in nsDependentCString (this=0x7fff4fd26ab0, data=0x0)
at ../../../../dist/include/string/nsTDependentString.h:89
#8 0x00002aaab62b8086 in nsMsgSearchValueImpl::GetStr (this=0x108980e0,
aResult=@0x7fff4fd26af0)
at /work/mozilla/builds/1.9.0/mozilla/mailnews/base/search/src/nsMsgSearchValue.cpp:92
#9 0x00002aaab62ad7b0 in nsMsgResultElement::AssignValues (src=0x108980e0,
dst=0xf8a6b28)
at /work/mozilla/builds/1.9.0/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp:1727
#10 0x00002aaab62ad977 in nsMsgSearchTerm::SetValue (this=0xf8a6b00,
aValue=0x108980e0)
at /work/mozilla/builds/1.9.0/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp:1472
#11 0x00002aaaab3578e5 in NS_InvokeByIndex_P (that=0xf8a6b00, methodIndex=8,
paramCount=1, params=0x7fff4fd26d30)
at /work/mozilla/builds/1.9.0/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_linux.cpp:208
#12 0x00002aaabcefb622 in XPCWrappedNative::CallMethod (ccx=@0x7fff4fd271b0,
mode=XPCWrappedNative::CALL_SETTER)
at /work/mozilla/builds/1.9.0/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2369
#13 0x00002aaabcf0ac86 in XPCWrappedNative::SetAttribute (ccx=@0x7fff4fd271b0)
at /work/mozilla/builds/1.9.0/mozilla/js/src/xpconnect/src/xpcprivate.h:2264
#14 0x00002aaabcf07c59 in XPC_WN_GetterSetter (cx=0xf5a6800, obj=0xf07cd80,
argc=1, argv=0xf18c428, vp=0x7fff4fd273a8)
at /work/mozilla/builds/1.9.0/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1497
#15 0x00002aaaaab5b02b in js_Invoke (cx=0xf5a6800, argc=1, vp=0xf18c418,
flags=2050) at /work/mozilla/builds/1.9.0/mozilla/js/src/jsinterp.c:1283
#16 0x00002aaaaab5b3bc in js_InternalInvoke (cx=0xf5a6800, obj=0xf07cd80,
fval=252169792, flags=0, argc=1, argv=0x7fff4fd27d58, rval=0x7fff4fd27d58)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsinterp.c:1355
#17 0x00002aaaaab5b614 in js_InternalGetOrSet (cx=0xf5a6800, obj=0xf07cd80,
id=251413892, fval=252169792, mode=JSACC_WRITE, argc=1,
argv=0x7fff4fd27d58, rval=0x7fff4fd27d58)
#18 0x00002aaaaab6fca8 in js_NativeSet (cx=0xf5a6800, obj=0xf07cd80,
sprop=0x14919c90, vp=0x7fff4fd27d58)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsobj.c:3603
#19 0x00002aaaaab7165b in js_SetPropertyHelper (cx=0xf5a6800, obj=0xf07cd80,
id=251413892, vp=0x7fff4fd27d58, entryp=0x7fff4fd27bd0)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsobj.c:3907
#20 0x00002aaaaab4b677 in js_Interpret (cx=0xf5a6800)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsinterp.c:4496
#21 0x00002aaaaab5b0a4 in js_Invoke (cx=0xf5a6800, argc=1, vp=0xf18c0d8,
flags=2) at /work/mozilla/builds/1.9.0/mozilla/js/src/jsinterp.c:1299
#22 0x00002aaaaab5b3bc in js_InternalInvoke (cx=0xf5a6800, obj=0xfb61440,
fval=252440576, flags=0, argc=1, argv=0xf18c0d0, rval=0x7fff4fd28608)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsinterp.c:1355
#23 0x00002aaaaaaf7b8a in JS_CallFunctionValue (cx=0xf5a6800, obj=0xfb61440,
fval=252440576, argc=1, argv=0xf18c0d0, rval=0x7fff4fd28608)
at /work/mozilla/builds/1.9.0/mozilla/js/src/jsapi.c:5053
#24 0x00002aaab8c57e3c in nsJSContext::CallEventHandler (this=0xf0e6440,
aTarget=0xf9ba2f0, aScope=0xf2e94c0, aHandler=0xf0bf000, aargv=0x12867520,
arv=0x7fff4fd287e0)
at /work/mozilla/builds/1.9.0/mozilla/dom/src/base/nsJSEnvironment.cpp:1962
#25 0x00002aaab8cc9510 in nsJSEventListener::HandleEvent (this=0xf9ba390,
aEvent=0xf091f70)
Flags: blocking-thunderbird3.0a1?
|
||
Comment 1•18 years ago
|
||
Hey Bob, you'd have to give some steps to reproduce, creating a saved search and clicking on it (for the debug build on the mac though) for today's build WFM here.
Could you please give stacks from a 32-bit build? (Though I'm not sure if they'll differ in the places they crash at)
Mark, you test on linux, could you please confirm this?
Keywords: qawanted
|
Reporter | |
Comment 2•18 years ago
|
||
steps to reproduce:
1. click on saved search folder.
2. crash
Some of the report ids in my Crash Reports folder:
bp-a2854fc2-124b-11dd-bf42-001cc45a2c28
bp-9ebc1633-124b-11dd-bc34-001cc45a2c28
bp-028f0911-1247-11dd-9809-001cc4e2bf68
bp-b45cb475-1246-11dd-a5b4-0013211cbf8a
bp-a5617c0f-1246-11dd-8026-001cc45a2c28
If no one else can reproduce, I'll rsync my profile over to a 32bit linux vm and try to reproduce there.
|
||
Comment 3•18 years ago
|
||
Call it a hunch, but I just don't think it's a coincidence that Prasad touched the next-to-last line in your stack just yesterday.
Prasad: if you can't reproduce the crash, bc is awesome at remotely debugging, and you can usually catch him on IRC in #developers in the (US) daytime.
Component: General → MailNews: Search
Product: Thunderbird → Core
QA Contact: general → search
don't bother debugging.
here's the rule: thou shalt not make an
nsDependentCString (..., data=0x0)
with a null pointer ^^^^^^^^
in nsMsgSearchValueImpl::GetStr
92 bugzilla 1.29 CopyUTF8toUTF16(nsDependentCString(mValue.string), aResult);
Attachment #317670 -
Flags: review?(prasad)
|
|
||
Comment 5•18 years ago
|
||
Comment on attachment 317670 [details] [diff] [review]
null check
thanks timeless.
I could not reproduce the problem at my end (Linux), but based on DependentString and CharTraits there should be a null check here.
Attachment #317670 -
Flags: review?(prasad) → review+
|
|
Reporter | |
Comment 6•18 years ago
|
||
fwiw, this patch fixes the crash for me.
|
|
||
Comment 7•18 years ago
|
||
approving for tb3a1
Flags: blocking-thunderbird3.0a1? → blocking-thunderbird3.0a1+
|
||
Comment 8•18 years ago
|
||
Comment on attachment 317670 [details] [diff] [review]
null check
sr=dmose
Attachment #317670 -
Flags: superreview+
|
|
||
Updated•18 years ago
|
Keywords: checkin-needed
|
|
||
Updated•18 years ago
|
Whiteboard: [has reviewed patch; needs checkin]
|
||
Updated•18 years ago
|
Assignee: nobody → timeless
|
|
||
Comment 9•18 years ago
|
||
timeless usually prefers to check-in his own patches. Unless he asks specifically, I doubt anybody will land this for him based on past experience.
Status: NEW → ASSIGNED
Summary: Crash [@ strlen] clicking on saved search folder → Crash [@ strlen - nsCharTraits<char>::length - nsDependentCString - nsMsgSearchValueImpl::GetStr] clicking on saved search folder
|
Assignee | |
Comment 10•18 years ago
|
||
Comment on attachment 317670 [details] [diff] [review]
null check
mozilla/mailnews/base/search/src/nsMsgSearchValue.cpp 1.30
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Whiteboard: [has reviewed patch; needs checkin]
|
|
||
Updated•18 years ago
|
Keywords: checkin-needed
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
|
|
||
Updated•15 years ago
|
Crash Signature: [@ strlen - nsCharTraits<char>::length - nsDependentCString - nsMsgSearchValueImpl::GetStr]
You need to log in
before you can comment on or make changes to this bug.
Description
•