crash clicking Go Back in search results [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)]

RESOLVED FIXED in Thunderbird 3.0rc1

Status

MailNews Core
Backend
--
critical
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: wsmwk, Assigned: Bienvenu)

Tracking

({crash, fixed-seamonkey2.0.1, topcrash})

1.9.1 Branch
Thunderbird 3.0rc1
crash, fixed-seamonkey2.0.1, topcrash
Bug Flags:
blocking-thunderbird3 +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [no l10n impact][ccbr], crash signature)

Attachments

(1 attachment)

crash in search results [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)]

I chanced across this good crash comment - the steps are 100% accurate.
so hopefully easy to fix.
and the signature turns out to be 3.0b4 #17 crasher

after doing a global search and opening an email that was in the search results I pressed the back button and thudnerbird crashed.
bp-a1fa9bfc-0661-41f7-b40a-b9fd42090929
0	thunderbird-bin	nsMsgDBView::NavigateFromPos	 mailnews/base/src/nsMsgDBView.cpp:6169
1	thunderbird-bin	nsMsgDBView::ViewNavigate	mailnews/base/src/nsMsgDBView.cpp:5967
2	libxpcom_core.dylib	NS_InvokeByIndex_P	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179
3	thunderbird-bin	XPCWrappedNative::CallMethod	js/src/xpconnect/src/xpcwrappednative.cpp:2454
4	thunderbird-bin	XPC_WN_CallMethod	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
5	libmozjs.dylib	js_Invoke	js/src/jsinterp.cpp:1386
6	libmozjs.dylib	js_Interpret	js/src/jsinterp.cpp:5179
7	libmozjs.dylib	js_Invoke	js/src/jsinterp.cpp:1394
8	libmozjs.dylib	js_fun_call	js/src/jsfun.cpp:1985
9	libmozjs.dylib	js_Interpret	js/src/jsinterp.cpp:5147
10	libmozjs.dylib	js_Invoke	js/src/jsinterp.cpp:1394
11	libmozjs.dylib	js_InternalInvoke	js/src/jsinterp.cpp:1447
12	libmozjs.dylib	JS_CallFunctionValue	js/src/jsapi.cpp:5187
13	thunderbird-bin	nsJSContext::CallEventHandler	dom/src/base/nsJSEnvironment.cpp:2085
14	thunderbird-bin	nsJSEventListener::HandleEvent	dom/src/events/nsJSEventListener.cpp:247
Flags: in-testsuite?
(Reporter)

Updated

8 years ago
Whiteboard: [ccbr]
Awesome - reproducible on Mac too. :)

Seems to be a null deref?

Stack:

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
Crashed Thread:  0

Thread 0 Crashed:
0   org.mozilla.thunderbird       	0x009bed40 nsStopwatch::QueryInterface(nsID const&, void**) + 272880
1   org.mozilla.thunderbird       	0x009bf324 nsStopwatch::QueryInterface(nsID const&, void**) + 274388
2   libxpcom_core.dylib           	0x0102e138 NS_InvokeByIndex_P + 88
3   org.mozilla.thunderbird       	0x0010b148 void std::_Destroy<google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef> >(google_breakpad::DynamicImageRef*, google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef>) + 942968
4   org.mozilla.thunderbird       	0x0010ee6e void std::_Destroy<google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef> >(google_breakpad::DynamicImageRef*, google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef>) + 958622
5   libmozjs.dylib                	0x00f364da js_Invoke + 1680
6   libmozjs.dylib                	0x00f2640e JS_CompareValues + 1380
7   libmozjs.dylib                	0x00f364e7 js_Invoke + 1693
8   libmozjs.dylib                	0x00f1fcd4 js_PutArgsObject + 4502
9   libmozjs.dylib                	0x00f2f1a9 JS_CompareValues + 37631
10  libmozjs.dylib                	0x00f364e7 js_Invoke + 1693
11  libmozjs.dylib                	0x00f36ab4 js_Invoke + 3178
12  libmozjs.dylib                	0x00ef9572 JS_CallFunctionValue + 62
13  org.mozilla.thunderbird       	0x005ceb68 non-virtual thunk to nsPrintSession::Release() + 3475768
14  org.mozilla.thunderbird       	0x006054ff non-virtual thunk to nsPrintSession::Release() + 3699407
15  org.mozilla.thunderbird       	0x004aaf84 non-virtual thunk to nsPrintSession::Release() + 2280788
16  org.mozilla.thunderbird       	0x004ab59c non-virtual thunk to nsPrintSession::Release() + 2282348
17  org.mozilla.thunderbird       	0x004c9203 non-virtual thunk to nsPrintSession::Release() + 2404307
18  org.mozilla.thunderbird       	0x004c954f non-virtual thunk to nsPrintSession::Release() + 2405151
19  org.mozilla.thunderbird       	0x004ca04b non-virtual thunk to nsPrintSession::Release() + 2407963
20  org.mozilla.thunderbird       	0x002d9261 non-virtual thunk to nsPrintSession::Release() + 372785
21  org.mozilla.thunderbird       	0x003fab76 non-virtual thunk to nsPrintSession::Release() + 1558854
22  org.mozilla.thunderbird       	0x003fa9bf non-virtual thunk to nsPrintSession::Release() + 1558415
23  org.mozilla.thunderbird       	0x002de5a8 non-virtual thunk to nsPrintSession::Release() + 394104
24  org.mozilla.thunderbird       	0x004c95d9 non-virtual thunk to nsPrintSession::Release() + 2405289
25  org.mozilla.thunderbird       	0x004ca04b non-virtual thunk to nsPrintSession::Release() + 2407963
26  org.mozilla.thunderbird       	0x002d543f non-virtual thunk to nsPrintSession::Release() + 356879
27  org.mozilla.thunderbird       	0x002d6cce non-virtual thunk to nsPrintSession::Release() + 363166
28  org.mozilla.thunderbird       	0x004b73eb non-virtual thunk to nsPrintSession::Release() + 2331067
29  org.mozilla.thunderbird       	0x004b7a50 non-virtual thunk to nsPrintSession::Release() + 2332704
30  org.mozilla.thunderbird       	0x002d55a3 non-virtual thunk to nsPrintSession::Release() + 357235
31  org.mozilla.thunderbird       	0x002d6dcc non-virtual thunk to nsPrintSession::Release() + 363420
32  org.mozilla.thunderbird       	0x002ddcd5 non-virtual thunk to nsPrintSession::Release() + 391845
33  org.mozilla.thunderbird       	0x005c2cc7 non-virtual thunk to nsPrintSession::Release() + 3426967
34  org.mozilla.thunderbird       	0x005c4ceb non-virtual thunk to nsPrintSession::Release() + 3435195
35  org.mozilla.thunderbird       	0x005be958 non-virtual thunk to nsPrintSession::Release() + 3409704
36  org.mozilla.thunderbird       	0x002541cc void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 336892
37  org.mozilla.thunderbird       	0x0024b292 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 300226
38  org.mozilla.thunderbird       	0x0025f7fb void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 383531
39  com.apple.AppKit              	0x96cccb95 -[NSWindow sendEvent:] + 5539
40  org.mozilla.thunderbird       	0x002457eb void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 277019
41  org.mozilla.thunderbird       	0x00243863 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 268947
42  com.apple.AppKit              	0x96c996a5 -[NSApplication sendEvent:] + 2939
43  com.apple.AppKit              	0x96bf6fe7 -[NSApplication run] + 867
44  org.mozilla.thunderbird       	0x00240908 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 256824
45  org.mozilla.thunderbird       	0x0087da87 non-virtual thunk to nsPrintSession::Release() + 6289495
46  org.mozilla.thunderbird       	0x00007eb8 XRE_main + 9432
47  org.mozilla.thunderbird       	0x00003963 start + 2131
48  org.mozilla.thunderbird       	0x0000320b start + 251
49  org.mozilla.thunderbird       	0x00003139 start + 41
Flags: blocking-thunderbird3?
Keywords: topcrash
Hardware: x86 → All
(Assignee)

Updated

8 years ago
Assignee: nobody → bienvenu
Target Milestone: --- → Thunderbird 3.0rc1
(Assignee)

Comment 2

8 years ago
should be easy to fix - marking blocking, since it's easy to reproduce.
Flags: blocking-thunderbird3? → blocking-thunderbird3+
(Assignee)

Comment 3

8 years ago
Created attachment 406766 [details] [diff] [review]
proposed fix

this fixes the crash, and makes back/forward work in search results. Basically, if there's no folder, we know we haven't crossed folders in the navigation.
Attachment #406766 - Flags: superreview?(bugzilla)
Attachment #406766 - Flags: review?(bugzilla)

Updated

8 years ago
Whiteboard: [ccbr] → [no l10n impact][ccbr]
(Assignee)

Updated

8 years ago
Whiteboard: [no l10n impact][ccbr] → [no l10n impact][ccbr][needs r/sr standard8]
Attachment #406766 - Flags: superreview?(bugzilla)
Attachment #406766 - Flags: superreview+
Attachment #406766 - Flags: review?(bugzilla)
Attachment #406766 - Flags: review+
Whiteboard: [no l10n impact][ccbr][needs r/sr standard8] → [no l10n impact][ccbr][ready to land]
(Assignee)

Comment 4

8 years ago
fix pushed
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Whiteboard: [no l10n impact][ccbr][ready to land] → [no l10n impact][ccbr]

Updated

8 years ago
Keywords: fixed-seamonkey2.0.1
Crash Signature: [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)]
You need to log in before you can comment on or make changes to this bug.