Closed Bug 518565 Opened 15 years ago Closed 15 years ago

crash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]

Categories

(MailNews Core :: Filters, defect)

Product:
MailNews Core
Component:
Filters
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 3.0rc1

People

(Reporter: Usul, Assigned: rkent)

References

(
URL
)

Details

(Keywords: crash, testcase, Whiteboard: [no l10n impact])

Crash Data

Attachments

(1 file)

protect isspace
1.93 KB, patch
Bienvenu
: review+
Bienvenu
: superreview+
Bienvenu
: approval-thunderbird3+
Details | Diff | Splinter Review 
Loading the linked msgFilterRules.dat crashes thunderbird. I've tried with the original file and with the file stripped from it's CR. I get the following stack :


0  	thunderbird-bin  	nsMsgFilterList::LoadTextFilters  	mailnews/base/search/src/nsMsgFilterList.cpp:657
1 	thunderbird-bin 	nsMsgFilterService::OpenFilterList 	mailnews/base/search/src/nsMsgFilterService.cpp:119
2 	thunderbird-bin 	nsMsgIncomingServer::GetFilterList 	mailnews/base/util/nsMsgIncomingServer.cpp:1112
3 	thunderbird-bin 	nsMsgDBFolder::GetFilterList 	mailnews/base/util/nsMsgDBFolder.cpp:4842
4 	thunderbird-bin 	nsImapMailFolder::UpdateFolderWithListener 	mailnews/imap/src/nsImapMailFolder.cpp:709
5 	thunderbird-bin 	nsImapMailFolder::UpdateFolder 	mailnews/imap/src/nsImapMailFolder.cpp:690
6 	thunderbird-bin 	nsImapMailFolder::GetNewMessages 	mailnews/imap/src/nsImapMailFolder.cpp:2580
7 	thunderbird-bin 	nsImapIncomingServer::PerformBiff 	mailnews/imap/src/nsImapIncomingServer.cpp:981
8 	libxpcom_core.dylib 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179
9 	thunderbird-bin 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2454
10 	thunderbird-bin 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
11 	libmozjs.dylib 	js_Invoke 	js/src/jsinterp.cpp:1386
12 	libmozjs.dylib 	js_Interpret 	js/src/jsinterp.cpp:5179
13 	libmozjs.dylib 	js_Invoke 	js/src/jsinterp.cpp:1394
14 	libmozjs.dylib 	js_InternalInvoke 	js/src/jsinterp.cpp:1447
15 	libmozjs.dylib 	JS_CallFunctionValue 	js/src/jsapi.cpp:5187
16 	thunderbird-bin 	nsJSContext::CallEventHandler 	dom/src/base/nsJSEnvironment.cpp:2085
17 	thunderbird-bin 	nsGlobalWindow::RunTimeout 	dom/src/base/nsGlobalWindow.cpp:7843
18 	thunderbird-bin 	nsGlobalWindow::TimerCallback 	dom/src/base/nsGlobalWindow.cpp:8177
19 	libxpcom_core.dylib 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:420
20 	libxpcom_core.dylib 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:512
21 	libxpcom_core.dylib 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:521
22 	libxpcom_core.dylib 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:227
23 	libxpcom_core.dylib 	nsThread::Shutdown 	xpcom/threads/nsThread.cpp:468
24 	libxpcom_core.dylib 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179
25 	libxpcom_core.dylib 	nsProxyObjectCallInfo::Run 	xpcom/proxy/src/nsProxyEvent.cpp:181
26 	libxpcom_core.dylib 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:521
27 	libxpcom_core.dylib 	NS_ProcessPendingEvents_P 	nsThreadUtils.cpp:180
28 	thunderbird-bin 	nsBaseAppShell::NativeEventCallback 	widget/src/xpwidgets/nsBaseAppShell.cpp:121
29 	thunderbird-bin 	nsAppShell::ProcessGeckoEvents 	widget/src/cocoa/nsAppShell.mm:406
30 	CoreFoundation 	CFRunLoopRunSpecific 	
31 	CoreFoundation 	CFRunLoopRunInMode 	
32 	HIToolbox 	RunCurrentEventLoopInMode 	
33 	HIToolbox 	ReceiveNextEventCommon 	
34 	HIToolbox 	BlockUntilNextEventMatchingListInMode 	
35 	AppKit 	_DPSNextEvent 	
36 	AppKit 	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 	
37 	AppKit 	-[NSApplication run] 	
38 	thunderbird-bin 	nsAppShell::Run 	widget/src/cocoa/nsAppShell.mm:759
39 	thunderbird-bin 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:193
40 	thunderbird-bin 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3321
41 	thunderbird-bin 	main 	mail/app/nsMailApp.cpp:103
42 	thunderbird-bin 	thunderbird-bin@0x2111 	
43 	thunderbird-bin 	thunderbird-bin@0x2038 	
44 		@0x1
Summary: cash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ] → crash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]
Tried it, crashed it. I have a theory I'd like to try.
Assignee: nobody → kent
Status: NEW → ASSIGNED
there's actually a few of these, from various builds
http://crash-stats.mozilla.com/report/list?product=Thunderbird&query_search=signature&query_type=exact&query=nsMsgFilterList%3A%3ALoadTextFilters%28nsIInputStream*%29&date=&range_value=4&range_unit=weeks&do_query=1&signature=nsMsgFilterList%3A%3ALoadTextFilters%28nsIInputStream*%29

although at least 2 of the stacks don't exactly match:

- yours above bp-e5c88243-eba1-47c9-b66e-439ff2090924

- 3.0pre a few days ago bp-ff6326e1-32f2-47eb-b53a-f14722090917 with crash address 0x00

nsMsgFilterList::LoadTextFilters	mailnews/base/search/src/nsMsgFilterList.cpp:562
nsMsgFilterService::OpenFilterList	mailnews/base/search/src/nsMsgFilterService.cpp:119
nsMsgIncomingServer::GetFilterList	mailnews/base/util/nsMsgIncomingServer.cpp:1112
nsMsgIncomingServer::GetEditableFilterList	mailnews/base/util/nsMsgIncomingServer.cpp:1136
nsMsgDBFolder::GetEditableFilterList	mailnews/base/util/nsMsgDBFolder.cpp:4861
NS_InvokeByIndex_P	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
XPCWrappedNative::CallMethod	js/src/xpconnect/src/xpcwrappednative.cpp:2295
XPC_WN_CallMethod	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
The 0x0 sucks :-(
When I download this attachment, I am getting a file in UTF8 format with a BOM at the beginning. It is in reading the BOM that the crash is occurring, while trying to calculate isspace(-17)

I notice that sqlite does a protected version of isspace, perhaps because of this issue. I will try that to see if it solves the issue.

But I suspect that this file was not created by TB, but was created by someone manually and saved incorrectly. Ludovic, where did this file come from?
Attached patch protect isspaceSplinter Review 
Protecting isspace fixes the crash, though it also introduced a new crash that I also had to fix.
Attachment #402958 - Flags: superreview?(bienvenu)
Attachment #402958 - Flags: review?(bienvenu)
Attachment #402958 - Flags: approval-thunderbird3?
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [no l10n impact][needs r/sr bienvenu]
Target Milestone: --- → Thunderbird 3.0rc1
Version: 1.9.1 Branch → Trunk
(In reply to comment #4)
 
> But I suspect that this file was not created by TB, but was created by someone
> manually and saved incorrectly. Ludovic, where did this file come from?

from an other bug a user uploaded is file (that he probably edited.)
Comment on attachment 402958 [details] [diff] [review]
protect isspace

thx, Kent, this fixes the crash for me.
Attachment #402958 - Flags: superreview?(bienvenu)
Attachment #402958 - Flags: superreview+
Attachment #402958 - Flags: review?(bienvenu)
Attachment #402958 - Flags: review+
Attachment #402958 - Flags: approval-thunderbird3?
Attachment #402958 - Flags: approval-thunderbird3+
Whiteboard: [no l10n impact][needs r/sr bienvenu] → [no l10n impact]
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Crash Signature: [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: