Closed Bug 522327 Opened 16 years ago Closed 16 years ago

crash clicking Go Back in search results [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)]

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Version:
1.9.1 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 3.0rc1

People

(Reporter: wsmwk, Assigned: Bienvenu)

Details

(Keywords: crash, fixed-seamonkey2.0.1, topcrash, Whiteboard: [no l10n impact][ccbr])

Crash Data

Attachments

(1 file)

proposed fix
2.30 KB, patch
standard8
: review+
standard8
: superreview+
Details | Diff | Splinter Review
crash in search results [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)] I chanced across this good crash comment - the steps are 100% accurate. so hopefully easy to fix. and the signature turns out to be 3.0b4 #17 crasher after doing a global search and opening an email that was in the search results I pressed the back button and thudnerbird crashed. bp-a1fa9bfc-0661-41f7-b40a-b9fd42090929 0 thunderbird-bin nsMsgDBView::NavigateFromPos mailnews/base/src/nsMsgDBView.cpp:6169 1 thunderbird-bin nsMsgDBView::ViewNavigate mailnews/base/src/nsMsgDBView.cpp:5967 2 libxpcom_core.dylib NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 3 thunderbird-bin XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2454 4 thunderbird-bin XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590 5 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1386 6 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5179 7 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 8 libmozjs.dylib js_fun_call js/src/jsfun.cpp:1985 9 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5147 10 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1394 11 libmozjs.dylib js_InternalInvoke js/src/jsinterp.cpp:1447 12 libmozjs.dylib JS_CallFunctionValue js/src/jsapi.cpp:5187 13 thunderbird-bin nsJSContext::CallEventHandler dom/src/base/nsJSEnvironment.cpp:2085 14 thunderbird-bin nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:247
Flags: in-testsuite?
Whiteboard: [ccbr]
Awesome - reproducible on Mac too. :) Seems to be a null deref? Stack: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 org.mozilla.thunderbird 0x009bed40 nsStopwatch::QueryInterface(nsID const&, void**) + 272880 1 org.mozilla.thunderbird 0x009bf324 nsStopwatch::QueryInterface(nsID const&, void**) + 274388 2 libxpcom_core.dylib 0x0102e138 NS_InvokeByIndex_P + 88 3 org.mozilla.thunderbird 0x0010b148 void std::_Destroy<google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef> >(google_breakpad::DynamicImageRef*, google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef>) + 942968 4 org.mozilla.thunderbird 0x0010ee6e void std::_Destroy<google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef> >(google_breakpad::DynamicImageRef*, google_breakpad::DynamicImageRef*, std::allocator<google_breakpad::DynamicImageRef>) + 958622 5 libmozjs.dylib 0x00f364da js_Invoke + 1680 6 libmozjs.dylib 0x00f2640e JS_CompareValues + 1380 7 libmozjs.dylib 0x00f364e7 js_Invoke + 1693 8 libmozjs.dylib 0x00f1fcd4 js_PutArgsObject + 4502 9 libmozjs.dylib 0x00f2f1a9 JS_CompareValues + 37631 10 libmozjs.dylib 0x00f364e7 js_Invoke + 1693 11 libmozjs.dylib 0x00f36ab4 js_Invoke + 3178 12 libmozjs.dylib 0x00ef9572 JS_CallFunctionValue + 62 13 org.mozilla.thunderbird 0x005ceb68 non-virtual thunk to nsPrintSession::Release() + 3475768 14 org.mozilla.thunderbird 0x006054ff non-virtual thunk to nsPrintSession::Release() + 3699407 15 org.mozilla.thunderbird 0x004aaf84 non-virtual thunk to nsPrintSession::Release() + 2280788 16 org.mozilla.thunderbird 0x004ab59c non-virtual thunk to nsPrintSession::Release() + 2282348 17 org.mozilla.thunderbird 0x004c9203 non-virtual thunk to nsPrintSession::Release() + 2404307 18 org.mozilla.thunderbird 0x004c954f non-virtual thunk to nsPrintSession::Release() + 2405151 19 org.mozilla.thunderbird 0x004ca04b non-virtual thunk to nsPrintSession::Release() + 2407963 20 org.mozilla.thunderbird 0x002d9261 non-virtual thunk to nsPrintSession::Release() + 372785 21 org.mozilla.thunderbird 0x003fab76 non-virtual thunk to nsPrintSession::Release() + 1558854 22 org.mozilla.thunderbird 0x003fa9bf non-virtual thunk to nsPrintSession::Release() + 1558415 23 org.mozilla.thunderbird 0x002de5a8 non-virtual thunk to nsPrintSession::Release() + 394104 24 org.mozilla.thunderbird 0x004c95d9 non-virtual thunk to nsPrintSession::Release() + 2405289 25 org.mozilla.thunderbird 0x004ca04b non-virtual thunk to nsPrintSession::Release() + 2407963 26 org.mozilla.thunderbird 0x002d543f non-virtual thunk to nsPrintSession::Release() + 356879 27 org.mozilla.thunderbird 0x002d6cce non-virtual thunk to nsPrintSession::Release() + 363166 28 org.mozilla.thunderbird 0x004b73eb non-virtual thunk to nsPrintSession::Release() + 2331067 29 org.mozilla.thunderbird 0x004b7a50 non-virtual thunk to nsPrintSession::Release() + 2332704 30 org.mozilla.thunderbird 0x002d55a3 non-virtual thunk to nsPrintSession::Release() + 357235 31 org.mozilla.thunderbird 0x002d6dcc non-virtual thunk to nsPrintSession::Release() + 363420 32 org.mozilla.thunderbird 0x002ddcd5 non-virtual thunk to nsPrintSession::Release() + 391845 33 org.mozilla.thunderbird 0x005c2cc7 non-virtual thunk to nsPrintSession::Release() + 3426967 34 org.mozilla.thunderbird 0x005c4ceb non-virtual thunk to nsPrintSession::Release() + 3435195 35 org.mozilla.thunderbird 0x005be958 non-virtual thunk to nsPrintSession::Release() + 3409704 36 org.mozilla.thunderbird 0x002541cc void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 336892 37 org.mozilla.thunderbird 0x0024b292 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 300226 38 org.mozilla.thunderbird 0x0025f7fb void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 383531 39 com.apple.AppKit 0x96cccb95 -[NSWindow sendEvent:] + 5539 40 org.mozilla.thunderbird 0x002457eb void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 277019 41 org.mozilla.thunderbird 0x00243863 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 268947 42 com.apple.AppKit 0x96c996a5 -[NSApplication sendEvent:] + 2939 43 com.apple.AppKit 0x96bf6fe7 -[NSApplication run] + 867 44 org.mozilla.thunderbird 0x00240908 void std::__adjust_heap<__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)>(__gnu_cxx::__normal_iterator<nsRefPtr<imgCacheEntry>*, std::vector<nsRefPtr<imgCacheEntry>, std::allocator<nsRefPtr<imgCacheEntry> > > >, int, int, nsRefPtr<imgCacheEntry>, bool (*)(nsRefPtr<imgCacheEntry> const&, nsRefPtr<imgCacheEntry> const&)) + 256824 45 org.mozilla.thunderbird 0x0087da87 non-virtual thunk to nsPrintSession::Release() + 6289495 46 org.mozilla.thunderbird 0x00007eb8 XRE_main + 9432 47 org.mozilla.thunderbird 0x00003963 start + 2131 48 org.mozilla.thunderbird 0x0000320b start + 251 49 org.mozilla.thunderbird 0x00003139 start + 41
Flags: blocking-thunderbird3?
Keywords: topcrash
Hardware: x86 → All
Assignee: nobody → bienvenu
Target Milestone: --- → Thunderbird 3.0rc1
should be easy to fix - marking blocking, since it's easy to reproduce.
Flags: blocking-thunderbird3? → blocking-thunderbird3+
Attached patch proposed fixSplinter Review
this fixes the crash, and makes back/forward work in search results. Basically, if there's no folder, we know we haven't crossed folders in the navigation.
Attachment #406766 - Flags: superreview?(bugzilla)
Attachment #406766 - Flags: review?(bugzilla)
Whiteboard: [ccbr] → [no l10n impact][ccbr]
Whiteboard: [no l10n impact][ccbr] → [no l10n impact][ccbr][needs r/sr standard8]
Attachment #406766 - Flags: superreview?(bugzilla)
Attachment #406766 - Flags: superreview+
Attachment #406766 - Flags: review?(bugzilla)
Attachment #406766 - Flags: review+
Whiteboard: [no l10n impact][ccbr][needs r/sr standard8] → [no l10n impact][ccbr][ready to land]
fix pushed
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: [no l10n impact][ccbr][ready to land] → [no l10n impact][ccbr]
Keywords: fixed-seamonkey2.0.1
Crash Signature: [@ nsMsgDBView::NavigateFromPos(int, unsigned int, unsigned int*, unsigned int*, unsigned int*, int)]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: