541149 - crash [@ apply_rfc2047_encoding ] while importing from outlook 2010

Status: RESOLVED FIXED

(MailNews Core :: Import, defect)

Description

[Ludovic Hirlimann [:Usul]]

0  	thunderbird.exe  	apply_rfc2047_encoding  	 mailnews/mime/src/comi18n.cpp:721
1 	thunderbird.exe 	MIME_EncodeMimePartIIStr 	mailnews/mime/src/comi18n.cpp:769
2 	thunderbird.exe 	nsMimeConverter::EncodeMimePartIIStr_UTF8 	mailnews/mime/src/nsMimeConverter.cpp:133
3 	thunderbird.exe 	nsMsgI18NEncodeMimePartIIStr 	mailnews/base/util/nsMsgI18N.cpp:249
4 	thunderbird.exe 	mime_generate_headers 	mailnews/compose/src/nsMsgCompUtils.cpp:423
5 	thunderbird.exe 	nsMsgComposeAndSend::GatherMimeAttachments 	mailnews/compose/src/nsMsgSend.cpp:925
6 	thunderbird.exe 	nsMsgComposeAndSend::HackAttachments 	mailnews/compose/src/nsMsgSend.cpp:2760
7 	thunderbird.exe 	nsMsgComposeAndSend::Init 	mailnews/compose/src/nsMsgSend.cpp:3459
8 	thunderbird.exe 	nsMsgComposeAndSend::CreateAndSendMessage 	mailnews/compose/src/nsMsgSend.cpp:4298
9 	xpcom_core.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
10 	xpcom_core.dll 	nsProxyObjectCallInfo::Run 	xpcom/proxy/src/nsProxyEvent.cpp:181
11 	xpcom_core.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:527
12 	xpcom_core.dll 	NS_ProcessNextEvent_P 	objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp:250
13 	thunderbird.exe 	nsXULWindow::ShowModal 	xpfe/appshell/src/nsXULWindow.cpp:416
14 	thunderbird.exe 	nsContentTreeOwner::ShowAsModal 	xpfe/appshell/src/nsContentTreeOwner.cpp:528
15 	thunderbird.exe 	nsWindowWatcher::OpenWindowJSInternal 	embedding/components/windowwatcher/src/nsWindowWatcher.cpp:1003
16 	thunderbird.exe 	nsWindowWatcher::OpenWindowJS 	embedding/components/windowwatcher/src/nsWindowWatcher.cpp:489
17 	thunderbird.exe 	nsGlobalWindow::OpenInternal 	dom/base/nsGlobalWindow.cpp:7596
18 	thunderbird.exe 	nsGlobalWindow::OpenDialog 	dom/base/nsGlobalWindow.cpp:5229
19 	xpcom_core.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
20 	thunderbird.exe 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2721
21 	thunderbird.exe 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1740
22 	js3250.dll 	js_Invoke 	js/src/jsinterp.cpp:1360
23 	js3250.dll 	js_Interpret 	js/src/jsops.cpp:2240
24 	js3250.dll 	js_Invoke 	js/src/jsinterp.cpp:1368
25 	js3250.dll 	js_InternalInvoke 	js/src/jsinterp.cpp:1423
26 	js3250.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5112
27 	thunderbird.exe 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:2134
28 	thunderbird.exe 	nsJSEventListener::HandleEvent 	dom/src/events/nsJSEventListener.cpp:266
29 	thunderbird.exe 	nsEventListenerManager::HandleEventSubType 	content/events/src/nsEventListenerManager.cpp:1041
30 	thunderbird.exe 	nsEventListenerManager::HandleEvent 	content/events/src/nsEventListenerManager.cpp:1147
31 	thunderbird.exe 	nsEventTargetChainItem::HandleEvent 	content/events/src/nsEventDispatcher.cpp:246
32 	thunderbird.exe 	nsEventTargetChainItem::HandleEventTargetChain 	content/events/src/nsEventDispatcher.cpp:310
33 	thunderbird.exe 	nsEventDispatcher::Dispatch 	content/events/src/nsEventDispatcher.cpp:573
34 	thunderbird.exe 	nsEventDispatcher::DispatchDOMEvent 	content/events/src/nsEventDispatcher.cpp:636
35 	thunderbird.exe 	PresShell::HandleDOMEventWithTarget 	layout/base/nsPresShell.cpp:6573
36 	thunderbird.exe 	nsContentUtils::DispatchXULCommand 	content/base/src/nsContentUtils.cpp:5124
37 	thunderbird.exe 	nsXULMenuCommandEvent::Run 	layout/xul/base/src/nsXULPopupManager.cpp:2112
38 	xpcom_core.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:527
39 	xpcom_core.dll 	NS_ProcessNextEvent_P 	objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp:250
40 	xpcom_core.dll 	nsThread::Shutdown 	xpcom/threads/nsThread.cpp:468
41 	thunderbird.exe 	nsSound::PurgeLastSound 	widget/src/windows/nsSound.cpp:139
42 	thunderbird.exe 	nsSound::~nsSound 	widget/src/windows/nsSound.cpp:134
43 	thunderbird.exe 	nsSound::`scalar deleting destructor' 	
44 	thunderbird.exe 	nsConverterInputStream::Release 	intl/uconv/ucvko/nsUnicodeToJamoTTF.cpp:162
45 	thunderbird.exe 	nsSoundPlayer::SoundReleaser::Run 	widget/src/windows/nsSound.cpp:113
46 	xpcom_core.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:527
47 	xpcom_core.dll 	NS_ProcessNextEvent_P 	objdir-tb/mozilla/xpcom/build/nsThreadUtils.cpp:250
48 	thunderbird.exe 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:170
49 	thunderbird.exe 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:182
50 	thunderbird.exe 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3506
51 	thunderbird.exe 	NS_internal_main 	mail/app/nsMailApp.cpp:103
52 	thunderbird.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:120
53 	thunderbird.exe 	__tmainCRTStartup 	objdir-tb/mozilla/memory/jemalloc/crtsrc/crtexe.c:591
54 	kernel32.dll 	BaseThreadInitThunk 	
55 	ntdll.dll 	__RtlUserThreadStart 	
56 	ntdll.dll 	_RtlUserThreadStart

Comment 1

[timeless]

Signature	apply_rfc2047_encoding
UUID	6b1922f2-660f-4406-8613-11e472100120
Crash Reason	EXCEPTION_INT_DIVIDE_BY_ZERO
Crash Address	0x1839cea

Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	thunderbird.exe 	apply_rfc2047_encoding 	mailnews/mime/src/comi18n.cpp:721

Comment 2

[Zane U. Ji]

Attachment: Patch

We only make sure that (foldlen - perLineOverhead) is positive, but not greater than or equal to 4. So charsPerLine still can be 0 if (foldlen - perLineOverhead) < 4.

Comment 3

[Zane U. Ji]

There is only one integer division in apply_rfc2047_encoding. It's at line 621. The crashing position should be line 621. But crash reporter believe it's line 721. I don't know what is wrong. As far as I can tell, it could be:
1. the data collected by crash reporter is wrong
2. or the CGI code used to generate bp-6b1922f2-660f-4406-8613-11e472100120 web page is incorrect

Comment 4

[David :Bienvenu]

Do you know if any of our unit tests exercise this code? The fix looks straightforward, but it should at least be run during one of our unit tests...I'll try to figure out if a unit test runs this code.

Comment 5

[Mark Banner (:standard8)]

(In reply to comment #4)
> Do you know if any of our unit tests exercise this code? The fix looks
> straightforward, but it should at least be run during one of our unit
> tests...I'll try to figure out if a unit test runs this code.

http://mxr.mozilla.org/comm-central/source/mailnews/mime/test/unit/test_EncodeMimePartIIStr_UTF8.js looks like the it should do.

Comment 6

[David :Bienvenu]

Comment on attachment 423773 [details] [diff] [review]
Patch

thx, yes, that test definitely exercises this code.

Comment 7

[David :Bienvenu]

fixed on trunk, thx, Zane.

Comment 8

[David :Bienvenu]

Comment on attachment 423773 [details] [diff] [review]
Patch

nominating for 3.02 - it's by no means a certainty, though, since this is a somewhat speculative fix and we don't have enough nightly users to have any clue if this is really fixed.

Comment 9

[Mark Banner (:standard8)]

Comment on attachment 423773 [details] [diff] [review]
Patch

Accepting as I think its obvious that the logic isn't changed and hence even if it doesn't fix it, we should still be fine.

Comment 10

[Mark Banner (:standard8)]

Checked in: http://hg.mozilla.org/releases/comm-1.9.1/rev/ba5f48e0c45f