Closed Bug 46390 Opened 24 years ago Closed 24 years ago

crash on exit in nsStringRecycler::~nsStringRecycler

Categories

(Core :: XPCOM, defect, P3)

Product:
Core
Component:
XPCOM
Platform:
x86
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: blizzard, Assigned: scottputterman)

References

Details

(Keywords: crash, Whiteboard: [nsbeta2+]have a fix.) 

I'm crashing on exit.  I've opened mail/news, read some mail on an imap server.
 I'm getting a crash when I exit.  Here is the stack trace:

(gdb) where
#0  0x458bfc45 in ?? ()
#1  0x400cdf46 in nsDeque::ForEach (this=0x40194240, aFunctor=@0xbffff7f8)
    at ../../../mozilla/xpcom/ds/nsDeque.cpp:346
#2  0x4014f201 in nsStringRecycler::~nsStringRecycler (this=0x40194240,
    __in_chrg=2) at ../../../mozilla/xpcom/ds/nsString2.cpp:2079
#3  0x400dd784 in __tcf_0 () at ../../../mozilla/xpcom/ds/nsString2.cpp:2103
#4  0x4036f25a in exit (status=0) at exit.c:57
#5  0x403669d1 in __libc_start_main () at ../sysdeps/generic/libc-start.c:92
I believe this bug has been filed several times and cleared out at least once 
because no one could reproduce it.  I run mail/news and do whatever I can 
without crashing (it has never worked well enough for me to actually read mail 
from an imap server, but perhaps I missed something in the configuration).
*** Bug 46621 has been marked as a duplicate of this bug. ***
adding myself to cc. I see this all of the time and I see it on NT on both
mozilla debug builds and netscape commercial release builds.

Nomintating for nsbeta2
Keywords: crash, nsbeta2
OS: Linux → All
I suggest that someone work out exactly how to duplicate this bug.
cc'ing alecf.  reassigning to myself.  It looks like this is happening when new
messages are downloaded and filter rules are applied to them.  Just a guess
right now based on breakpoints on when the recycler is called.
Assignee: rayw → putterman
I have a fix for this. cc'ing taka.

Basically in nsMsgSearchTerm.cpp MatchRfc2047String we are recylcing an nstring 
on the stack that gets deleted when it goes out of scope and also gets deleted 
when it gets recyled.  My fix it to just remove the recyling for now.  This will 
probably cause a leak, but it's better than a crash.

On line 802, the fix is:

//	if (mimedecode == PR_TRUE)
//		nsString::Recycle(&decodedString);
Whiteboard: have a fix.
scott and I discussed this, and so I'm the reviewer and can vouch that this is a
very safe fix.
we're basically preventing the double-delete of the nsString...the string lives
on the stack and should not be recycled in the first place.
Putting on [nsbeta2+] radar.  Please check in to branch and trunk.
Whiteboard: have a fix. → [nsbeta2+]have a fix.
I checked in the fix on the branch and will check in the fix on the tip by the 
time anyone is looking at this most likely. So, I'm marking fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
lchiang, can you have your team verify that there is no crash on exit with all 
platforms after reading mail for branch...thanks!
QA Contact: leger → lchiang
This is verified on Win32 on the 8-2 nsbeta2 build.  I'll check with others to 
verify on other platforms.
Verified using:
Linux (2000-08-02-08 M18)
Win32 (2000-08-02-09 M18)
No more crash on exit after reading mail and have had some imcoming mail being
filtered.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.