crash: textbox with type="autocomplete" and searchSession="ldap" [@ nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int, unsigned int, nsLDAPAutoCompleteSession::SessionState)], should assert

RESOLVED FIXED in Thunderbird 3.3a2

Status

--
critical
RESOLVED FIXED
9 years ago
8 years ago

People

(Reporter: nomisvai, Assigned: standard8)

Tracking

({calendar-integration, crash})

unspecified
Thunderbird 3.3a2
x86
All
calendar-integration, crash

Thunderbird Tracking Flags

(thunderbird3.1 .8-fixed)

Details

(crash signature)

Attachments

(3 attachments)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/2.0.0.18 X-ORACLE-DEBUG=STATS (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3pre) Gecko/20090818 Lightning/1.0pre Shredder/3.0b4pre

Thunderbird will crash as soon as something is typed in a textbox using the searchSession="ldap" attribute. 

This was also happening with Tb2. Some addons (Lightning) would probably benefit from having this fixed since their ldap autocompletion could be deprecated in favor of this "standard" one.

In nsLDAPAutoCompleteSession.cpp,  "mFormatter" never seems to be set by anyone. 

Reproducible: Always

Steps to Reproduce:
1. Install addon attached
2. Type in an email in the textbox with this bug number
Note that no LDAP needs to be configured, it crashes at the same place.
Actual Results:  
>	addrbook.dll!nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int aACStatus=3, const unsigned int aResult=0, nsLDAPAutoCompleteSession::SessionState aEndState=UNBOUND)  Line 970 + 0x3b bytes	C++
 	addrbook.dll!nsLDAPAutoCompleteSession::InitConnection()  Line 846	C++
 	addrbook.dll!nsLDAPAutoCompleteSession::OnStartLookup(const wchar_t * searchString=0x09257820, nsIAutoCompleteResults * previousSearchResult=0x00000000, nsIAutoCompleteListener * listener=0x07b83118)  Line 189 + 0xb bytes	C++
 	xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x002ce2b4, unsigned int methodIndex=2942144, unsigned int paramCount=1789455255, nsXPTCVariant * params=0x04e27ee0)  Line 102	C++
 	xpc3250.dll!AutoJSSuspendNonMainThreadRequest::SuspendRequest()  Line 3629 + 0x13 bytes	C++
 	xpcom_core.dll!NS_LogDtor_P(void * aPtr=0x002ce36c, const char * aType=0x6d0e5364, unsigned int aInstanceSize=0)  Line 1073 + 0x15 bytes	C++
 	00000004()	
 	gklayout.dll!nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder * aBuilder=0x002ce3b4, nsIFrame * aChild=0x002ce3b0, const nsRect & aDirtyRect={...}, const nsDisplayListSet & aLists={...}, unsigned int aFlags=15279680)  Line 1486 + 0x13 bytes	C++
 	002ce3a4()	
 	nspr4.dll!_MD_CURRENT_THREAD()  Line 308 + 0xc bytes	C
 	03af21c0()	
 	xpcom_core.dll!NS_LogAddRef_P(void * aPtr=0x002ce498, unsigned long aRefcnt=1799553162, const char * aClazz=0x03247580, unsigned int classSize=50858432)  Line 916 + 0x15 bytes	C++
 	04ecff01()	
 	xpc3250.dll!XPCNativeMember::GetCallInfo(XPCCallContext & ccx={...}, JSObject * funobj=0x6aa9b147, XPCNativeInterface * * pInterface=0x002ce4ec, XPCNativeMember * * pMember=0x00000000)  Line 101 + 0x39 bytes	C++
 	002ce330()	
 	js3250.dll!js_Invoke(JSContext * cx=0x03247580, unsigned int argc=3, int * vp=0x057f10e8, unsigned int flags=2)  Line 1386 + 0x1a bytes	C++
 	js3250.dll!js_Interpret(JSContext * cx=0x03247580)  Line 5179 + 0x16 bytes	C++
 	js3250.dll!js_Invoke(JSContext * cx=0x03247580, unsigned int argc=3, int * vp=0x057f1040, unsigned int flags=0)  Line 1394 + 0x9 bytes	C++
 	js3250.dll!js_InternalInvoke(JSContext * cx=0x03247580, JSObject * obj=0x026c2e00, int fval=61746144, unsigned int flags=0, unsigned int argc=3, int * argv=0x07b82fc8, int * rval=0x002cef68)  Line 1447 + 0x15 bytes	C++
 	js3250.dll!JS_CallFunctionValue(JSContext * cx=0x03247580, JSObject * obj=0x026c2e00, int fval=61746144, unsigned int argc=3, int * argv=0x07b82fc8, int * rval=0x002cef68)  Line 5187 + 0x1f bytes	C++
 	gklayout.dll!nsJSContext::CallEventHandler(nsISupports * aTarget=0x03334cc0, void * aScope=0x026c2e00, void * aHandler=0x03ae2be0, nsIArray * aargv=0x10818124, nsIVariant * * arv=0x002cf020)  Line 2035 + 0x21 bytes	C++
 	gklayout.dll!nsGlobalWindow::RunTimeout(nsTimeout * aTimeout=0x0e4e03b8)  Line 7818 + 0xab bytes	C++
 	gklayout.dll!nsGlobalWindow::TimerCallback(nsITimer * aTimer=0x07d27848, void * aClosure=0x0e4e03b8)  Line 8155	C++
 	xpcom_core.dll!nsTimerImpl::Fire()  Line 420 + 0xe bytes	C++
 	xpcom_core.dll!nsTimerEvent::Run()  Line 514	C++
 	xpcom_core.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x002cf188)  Line 511	C++
 	xpcom_core.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x00d9d4c0, int mayWait=1)  Line 227 + 0x16 bytes	C++
 	gkwidget.dll!nsBaseAppShell::Run()  Line 170 + 0xc bytes	C++
 	tkitcmps.dll!nsAppStartup::Run()  Line 193 + 0x1c bytes	C++
 	xul.dll!XRE_main(int argc=2, char * * argv=0x00e9d1e0, const nsXREAppData * aAppData=0x00d932f0)  Line 3321 + 0x25 bytes	C++
 	thunderbird.exe!NS_internal_main(int argc=2, char * * argv=0x00e9d1e0)  Line 103 + 0x12 bytes	C++
 	thunderbird.exe!wmain(int argc=2, wchar_t * * argv=0x00e9f288)  Line 110 + 0xd bytes	C++
 	thunderbird.exe!__tmainCRTStartup()  Line 579 + 0x19 bytes	C
 	thunderbird.exe!wmainCRTStartup()  Line 399	C
 	kernel32.dll!77324911() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]	
 	ntdll.dll!77b3e4b6() 	
 	ntdll.dll!77b3e489() 	



Problem signature:
  Problem Event Name:	APPCRASH
  Application Name:	thunderbird.exe
  Application Version:	1.9.1.3517
  Application Timestamp:	4a8b1954
  Fault Module Name:	addrbook.dll
  Fault Module Version:	1.9.1.3517
  Fault Module Timestamp:	4a8b18bd
  Exception Code:	c0000005
  Exception Offset:	00060fec
  OS Version:	6.0.6001.2.1.0.256.6
  Locale ID:	1033
  Additional Information 1:	fd00
  Additional Information 2:	ea6f5fe8924aaa756324d57f87834160
  Additional Information 3:	fd00
  Additional Information 4:	ea6f5fe8924aaa756324d57f87834160
(Reporter)

Comment 1

9 years ago
Created attachment 395380 [details]
addon used to reproduce the bug
This is really a documentation/bulletproofing problem.  Which is to say that the expectation is that whoever constructs the nsILDAPAutoCompleteSession (eg, the addon, in this case) is expected to set .formatter attribute before using the session object.  We should do two things here:

* make that expectation clear in nsILDAPAutoCompleteSession.idl

* make the code more robust such that if an extension doesn't do that, an exception is thrown rather than crashing.
Component: Address Book → LDAP Integration
Product: Thunderbird → MailNews Core
QA Contact: address-book → ldap-integration
(Reporter)

Comment 3

9 years ago
Wouldn't it be better to have a default format such as "cn <mail>" ? Some existing code seems to assume that there is a default:
http://hg.mozilla.org/comm-central/file/117e438feb4a/mail/components/compose/content/MsgComposeCommands.js#l975
(Reporter)

Comment 4

9 years ago
Please disregard my last comment I misunderstood the code.
(Reporter)

Comment 5

9 years ago
I got it to work on both tb2 and tb3 and added my demo addon to the wiki:
https://developer.mozilla.org/index.php?title=en/Thunderbird_Addon_Demonstrating_Autocomplete_With_Addrbook_And_LDAP_(Gecko_1.8_and_1.9)

The tasks enumerated by Dan however will still need to be done.

Updated

9 years ago
Severity: normal → critical
Keywords: crash
fwiw, nsLDAPAutoCompleteSession crashes must be quite rare in beta testeres - nothing on crash-stats for the last few months
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: crash: textbox with type="autocomplete" and searchSession="ldap" is crashing → crash: textbox with type="autocomplete" and searchSession="ldap" [@ nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int aACStatus=3, const unsigned int aResult=0, nsLDAPAutoCompleteSession::SessionState aEndState=UNBOUND)], should assert
Duplicate of this bug: 584773
http://crash-stats.mozilla.com/ lists 267 crash reports for the last two weeks using Thunderbird 3.1.2 where the crash signature starts with nsLDAPAutoCompleteSession::FinishAutoCompleteLookup.
Keywords: calendar-integration
I can exactly reproduce this crash using TB 3.1.6 on Linux with Lightning 1.0b2 as well as Lightning 1.0b3pre.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b3pre Thunderbird/3.1.6 ThunderBrowse/3.3.2

Example crash IDs:
http://crash-stats.mozilla.com/report/index/bp-e4ff224d-f4e6-4c47-8dc8-1aadb2101103
http://crash-stats.mozilla.com/report/index/bp-7e9949c6-1616-4c4a-9f95-598192101103

No LDAP configured here. TB crashes immediately when typing an email address in the Invite Attendees window.
bp-786d978a-3105-4843-9abb-c6a962101029 has a user, patrick, who would probably be a good testcase

~#100 crash for version 3.1.6

nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int, unsigned int, nsLDAPAutoCompleteSession::SessionState) is what shows up in crash-stats, not nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int aACStatus=3, const unsigned int aResult=0, nsLDAPAutoCompleteSession::SessionState aEndState=UNBOUND)
OS: Windows XP → All
Summary: crash: textbox with type="autocomplete" and searchSession="ldap" [@ nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int aACStatus=3, const unsigned int aResult=0, nsLDAPAutoCompleteSession::SessionState aEndState=UNBOUND)], should assert → crash: textbox with type="autocomplete" and searchSession="ldap" [@ nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int, unsigned int, nsLDAPAutoCompleteSession::SessionState)], should assert

Comment 12

8 years ago
Hi, I'm Patrick and will follow this now.

I can provide a some detailed information on my crashes if that helps. But basically I was trying to invite someone to an appointment. On typing the name autocompletion will show up. Autocompletion starts with typing the first character, but it is always the second character that will trigger the crash.

Hope that helps a bit.
I ran into a user that I think had this issue.

I found out that under "Tools | Composition | Addressing" the "Directory Server" option was checked but the selected directory was blank (empty) instead of "None" or the name of configured LDAP directory server.
(Reporter)

Comment 14

8 years ago
Could the latest increase in this specific crash be caused by an upgrade issue? The pattern I see is that the auto-completion starts to crash after a TB upgrade, has anything changed w/ regards to the way LDAP preferences are configured between TB 3.0 and 3.1.X ? 

I know we could fix the crash in lightning by NOT doing the auto-completion if any of the LDAP preferences are not properly set. But I think it's worth investigating why the LDAP preferences got in this state in the first place. The few people experiencing this crash seem to report that auto-completion was working before the upgrade (the upgrade to the latest version of Thunderbird which might be anything from 3.x to 3.1x).
(Assignee)

Comment 15

8 years ago
Based on Bernard's comment 13, I've just taken a look at this issue and it is reproducible with Lightning.

STR:
1) Set the ldap_2.autoComplete.directoryServer preference to something that is invalid, e.g. not empty and not pointing to a LDAP or any other address book, e.g. ldap_2.servers.Mozilla123 (where Mozilla123 doesn't exist).

This gives the effect that Bernard commented that the directory server option is blank.

This doesn't surprise me, around the TB 3.0 or 3.1 time, I remember finding that an LDAP address book deleted in an earlier version of Thunderbird (possibly 2.0 or 3.0, it doesn't really matter) could leave the ldap_2.autoComplete.directoryServer preference pointing to an "invalid" address book. iirc I stopped that happening, but there's obviously still some incorrect cases about.

2) Open up a new event item in Lightning, and select Invite Attendees.

3) Start typing a name

-> Crash.

Just as I start typing the name I see:

uncaught exception ... NS_ERROR_UNEXPECTED ... calendar-event-dialog-attendees.xml line 1041.

That line is here:

http://hg.mozilla.org/releases/comm-1.9.2/annotate/ed1ca157bf2b/calendar/base/content/dialogs/calendar-event-dialog-attendees.xml#l1041

That error reflects the invalid preference from step 1.


What I'm not quite sure about yet, is why that ends up causing the crash. My suspicion is that it stops the autocomplete setup completing, and so obviously ends up with some invalid state.

The strange bit is why the main Thunderbird compose doesn't hit this state. I know there are various try/catches that will stop the error propagating, but I would have thought that it would have been left in an invalid state as well.

I'll do a bit more investigation on this later once I've got TB built with Lightning.
Assignee: nobody → bugzilla

Comment 16

8 years ago
Crash on thunderbird 3.1.6 with lightning 1.0b3pre

Comment 17

8 years ago
Just so you know and to confirm the workaround:

Following comment 13 and comment 15, I have simply disabled Address Auto-Completion for the Directory Server for the time being and it stopped crashing.

While selected, my Directory Server configuration was previously set to 'empty' (Not 'None'). Possibly from an upgrade procedure as I don't recall changing this value.

Thunderbird 3.17
Lightning 1.0b2
(Assignee)

Comment 18

8 years ago
Created attachment 502769 [details] [diff] [review]
The fix

This fixes the crash - if we don't have a mFormatter then we won't even try to start doing things in OnStartLookup.

I've also moved the null check for the listener argument to the top.

Also added is the documentation update, there's no semantic change here, just documenting what was already necessary not to crash ;-)
Attachment #502769 - Flags: review?(bienvenu)

Updated

8 years ago
Attachment #502769 - Flags: review?(bienvenu) → review+
(Assignee)

Comment 19

8 years ago
Checked in: http://hg.mozilla.org/comm-central/rev/30e93bd351c9
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 3.3a2
(Assignee)

Updated

8 years ago
Attachment #502769 - Flags: approval-thunderbird3.1.8?
(Assignee)

Updated

8 years ago
Blocks: 557932
(Assignee)

Updated

8 years ago
Attachment #502769 - Flags: approval-thunderbird3.1.8? → approval-thunderbird3.1.8+
(Assignee)

Comment 20

8 years ago
Checked in: http://hg.mozilla.org/releases/comm-1.9.2/rev/36bf4cdee416
status-thunderbird3.1: --- → .8-fixed
Crash Signature: [@ nsLDAPAutoCompleteSession::FinishAutoCompleteLookup(int, unsigned int, nsLDAPAutoCompleteSession::SessionState)]
You need to log in before you can comment on or make changes to this bug.