Closed Bug 518565 Opened 16 years ago Closed 16 years ago

crash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]

Categories

(MailNews Core :: Filters, defect)

Product:
MailNews Core
Component:
Filters
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 3.0rc1

People

(Reporter: Usul, Assigned: rkent)

References

(
URL
)

Details

(Keywords: crash, testcase, Whiteboard: [no l10n impact])

Crash Data

Attachments

(1 file)

protect isspace
1.93 KB, patch
Bienvenu
: review+
Bienvenu
: superreview+
Bienvenu
: approval-thunderbird3+
Details | Diff | Splinter Review
Loading the linked msgFilterRules.dat crashes thunderbird. I've tried with the original file and with the file stripped from it's CR. I get the following stack : 0 thunderbird-bin nsMsgFilterList::LoadTextFilters mailnews/base/search/src/nsMsgFilterList.cpp:657 1 thunderbird-bin nsMsgFilterService::OpenFilterList mailnews/base/search/src/nsMsgFilterService.cpp:119 2 thunderbird-bin nsMsgIncomingServer::GetFilterList mailnews/base/util/nsMsgIncomingServer.cpp:1112 3 thunderbird-bin nsMsgDBFolder::GetFilterList mailnews/base/util/nsMsgDBFolder.cpp:4842 4 thunderbird-bin nsImapMailFolder::UpdateFolderWithListener mailnews/imap/src/nsImapMailFolder.cpp:709 5 thunderbird-bin nsImapMailFolder::UpdateFolder mailnews/imap/src/nsImapMailFolder.cpp:690 6 thunderbird-bin nsImapMailFolder::GetNewMessages mailnews/imap/src/nsImapMailFolder.cpp:2580 7 thunderbird-bin nsImapIncomingServer::PerformBiff mailnews/imap/src/nsImapIncomingServer.cpp:981 8 libxpcom_core.dylib NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 9 thunderbird-bin XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2454 10 thunderbird-bin XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590 11 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1386 12 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5179 13 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 14 libmozjs.dylib js_InternalInvoke js/src/jsinterp.cpp:1447 15 libmozjs.dylib JS_CallFunctionValue js/src/jsapi.cpp:5187 16 thunderbird-bin nsJSContext::CallEventHandler dom/src/base/nsJSEnvironment.cpp:2085 17 thunderbird-bin nsGlobalWindow::RunTimeout dom/src/base/nsGlobalWindow.cpp:7843 18 thunderbird-bin nsGlobalWindow::TimerCallback dom/src/base/nsGlobalWindow.cpp:8177 19 libxpcom_core.dylib nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:420 20 libxpcom_core.dylib nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:512 21 libxpcom_core.dylib nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:521 22 libxpcom_core.dylib NS_ProcessNextEvent_P nsThreadUtils.cpp:227 23 libxpcom_core.dylib nsThread::Shutdown xpcom/threads/nsThread.cpp:468 24 libxpcom_core.dylib NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 25 libxpcom_core.dylib nsProxyObjectCallInfo::Run xpcom/proxy/src/nsProxyEvent.cpp:181 26 libxpcom_core.dylib nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:521 27 libxpcom_core.dylib NS_ProcessPendingEvents_P nsThreadUtils.cpp:180 28 thunderbird-bin nsBaseAppShell::NativeEventCallback widget/src/xpwidgets/nsBaseAppShell.cpp:121 29 thunderbird-bin nsAppShell::ProcessGeckoEvents widget/src/cocoa/nsAppShell.mm:406 30 CoreFoundation CFRunLoopRunSpecific 31 CoreFoundation CFRunLoopRunInMode 32 HIToolbox RunCurrentEventLoopInMode 33 HIToolbox ReceiveNextEventCommon 34 HIToolbox BlockUntilNextEventMatchingListInMode 35 AppKit _DPSNextEvent 36 AppKit -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 37 AppKit -[NSApplication run] 38 thunderbird-bin nsAppShell::Run widget/src/cocoa/nsAppShell.mm:759 39 thunderbird-bin nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:193 40 thunderbird-bin XRE_main toolkit/xre/nsAppRunner.cpp:3321 41 thunderbird-bin main mail/app/nsMailApp.cpp:103 42 thunderbird-bin thunderbird-bin@0x2111 43 thunderbird-bin thunderbird-bin@0x2038 44 @0x1
Summary: cash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ] → crash [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]
Tried it, crashed it. I have a theory I'd like to try.
Assignee: nobody → kent
Status: NEW → ASSIGNED
there's actually a few of these, from various builds http://crash-stats.mozilla.com/report/list?product=Thunderbird&query_search=signature&query_type=exact&query=nsMsgFilterList%3A%3ALoadTextFilters%28nsIInputStream*%29&date=&range_value=4&range_unit=weeks&do_query=1&signature=nsMsgFilterList%3A%3ALoadTextFilters%28nsIInputStream*%29 although at least 2 of the stacks don't exactly match: - yours above bp-e5c88243-eba1-47c9-b66e-439ff2090924 - 3.0pre a few days ago bp-ff6326e1-32f2-47eb-b53a-f14722090917 with crash address 0x00 nsMsgFilterList::LoadTextFilters mailnews/base/search/src/nsMsgFilterList.cpp:562 nsMsgFilterService::OpenFilterList mailnews/base/search/src/nsMsgFilterService.cpp:119 nsMsgIncomingServer::GetFilterList mailnews/base/util/nsMsgIncomingServer.cpp:1112 nsMsgIncomingServer::GetEditableFilterList mailnews/base/util/nsMsgIncomingServer.cpp:1136 nsMsgDBFolder::GetEditableFilterList mailnews/base/util/nsMsgDBFolder.cpp:4861 NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2295 XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
The 0x0 sucks :-(
When I download this attachment, I am getting a file in UTF8 format with a BOM at the beginning. It is in reading the BOM that the crash is occurring, while trying to calculate isspace(-17) I notice that sqlite does a protected version of isspace, perhaps because of this issue. I will try that to see if it solves the issue. But I suspect that this file was not created by TB, but was created by someone manually and saved incorrectly. Ludovic, where did this file come from?
Attached patch protect isspaceSplinter Review
Protecting isspace fixes the crash, though it also introduced a new crash that I also had to fix.
Attachment #402958 - Flags: superreview?(bienvenu)
Attachment #402958 - Flags: review?(bienvenu)
Attachment #402958 - Flags: approval-thunderbird3?
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [no l10n impact][needs r/sr bienvenu]
Target Milestone: --- → Thunderbird 3.0rc1
Version: 1.9.1 Branch → Trunk
(In reply to comment #4) > But I suspect that this file was not created by TB, but was created by someone > manually and saved incorrectly. Ludovic, where did this file come from? from an other bug a user uploaded is file (that he probably edited.)
Comment on attachment 402958 [details] [diff] [review] protect isspace thx, Kent, this fixes the crash for me.
Attachment #402958 - Flags: superreview?(bienvenu)
Attachment #402958 - Flags: superreview+
Attachment #402958 - Flags: review?(bienvenu)
Attachment #402958 - Flags: review+
Attachment #402958 - Flags: approval-thunderbird3?
Attachment #402958 - Flags: approval-thunderbird3+
Whiteboard: [no l10n impact][needs r/sr bienvenu] → [no l10n impact]
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Crash Signature: [@nsMsgFilterList::LoadTextFilters(nsIInputStream*) ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: