Note: There are a few cases of duplicates in user autocompletion which are being worked on.

crash [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]

NEW
Unassigned

Status

MailNews Core
Database
--
critical
7 years ago
8 months ago

People

(Reporter: wsmwk, Unassigned)

Tracking

({crash})

1.9.2 Branch
x86
Windows Vista
crash

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [rare], crash signature)

crash [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]

bp-ac1d0554-92da-4ae5-91ba-2c4652101105
EXCEPTION_ACCESS_VIOLATION_READ
0x730063
trying to download a message from trmotr server
0	thunderbird.exe	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:530
1	thunderbird.exe	nsMsgDBEnumerator::PrefetchNext	mailnews/db/msgdb/src/nsMsgDatabase.cpp:2720
2	thunderbird.exe	nsMsgDBEnumerator::HasMoreElements	mailnews/db/msgdb/src/nsMsgDatabase.cpp:2750
3	thunderbird.exe	nsPop3Sink::FindPartialMessages	mailnews/local/src/nsPop3Sink.cpp:237
4	thunderbird.exe	nsPop3Sink::BeginMailDelivery	mailnews/local/src/nsPop3Sink.cpp:395
5	thunderbird.exe	nsPop3Protocol::GetStat	mailnews/local/src/nsPop3Protocol.cpp:2344
6	thunderbird.exe	nsPop3Protocol::ProcessProtocolState	mailnews/local/src/nsPop3Protocol.cpp:3902
7	thunderbird.exe	nsMsgProtocol::OnDataAvailable	mailnews/base/util/nsMsgProtocol.cpp:359
8	thunderbird.exe	nsInputStreamPump::OnStateTransfer	netwerk/base/src/nsInputStreamPump.cpp:510 


different stack
bp-0d826e68-4ad3-421f-b16e-800fe2101123
0	thunderbird.exe	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:530
1	thunderbird.exe	nsMsgDatabase::GetMsgHdrForKey	mailnews/db/msgdb/src/nsMsgDatabase.cpp:1680
2	thunderbird.exe	nsMsgDBView::GetMsgHdrForViewIndex	mailnews/base/src/nsMsgDBView.cpp:1535
3	thunderbird.exe	nsMsgDBView::GetRowProperties	mailnews/base/src/nsMsgDBView.cpp:1216
4	thunderbird.exe	nsMsgGroupView::GetRowProperties	mailnews/base/src/nsMsgGroupView.cpp:759
5	thunderbird.exe	nsTreeBodyFrame::PaintRow	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2952
6	thunderbird.exe	nsTreeBodyFrame::PaintTreeBody	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2883
7	thunderbird.exe	PaintTreeBody	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2811
(Assignee)

Updated

6 years ago
Crash Signature: [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]
still going strong - bp-ff65165d-9029-4de2-9297-105832120212 version 10
bp-21b83813-b488-4f42-bb0a-07ffb2130131
0	xul.dll	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:664
1	xul.dll	nsMsgDatabase::GetMsgHdrForKey	mailnews/db/msgdb/src/nsMsgDatabase.cpp:1812
2	xul.dll	nsMsgDBFolder::GetMessageHeader	mailnews/base/util/nsMsgDBFolder.cpp:5080
3	xul.dll	nsMsgDBView::GetInsertIndexHelper	mailnews/base/src/nsMsgDBView.cpp:5289
4	xul.dll	nsMsgDBView::GetInsertIndex	mailnews/base/src/nsMsgDBView.cpp:5339
5	xul.dll	nsMsgDBView::AddHdr	mailnews/base/src/nsMsgDBView.cpp:5379
6	xul.dll	nsMsgThreadedDBView::OnNewHeader	mailnews/base/src/nsMsgThreadedDBView.cpp:581
7	xul.dll	nsMsgDBView::OnHdrAdded	mailnews/base/src/nsMsgDBView.cpp:6008
8	xul.dll	nsMsgDatabase::NotifyHdrAddedAll	mailnews/db/msgdb/src/nsMsgDatabase.cpp:870
9	xul.dll	nsMsgDatabase::AddNewHdrToDB	mailnews/db/msgdb/src/nsMsgDatabase.cpp:3437 

at last line of the following
mconley@13475 651 *result = nullptr;
hg@0 652
hg@0 653 if (m_headersInUse)
hg@0 654 {
hg@0 655 PLDHashEntryHdr *entry;
hg@0 656 entry = PL_DHashTableOperate(m_headersInUse, (const void *) key, PL_DHASH_LOOKUP);
hg@0 657 if (PL_DHASH_ENTRY_IS_BUSY(entry))
hg@0 658 {
hg@0 659 MsgHdrHashElement* element = reinterpret_cast<MsgHdrHashElement*>(entry);
hg@0 660 *result = element->mHdr;
hg@0 661 }
hg@0 662 if (*result)
hg@0 663 {
hg@0 664 NS_ADDREF(*result);
Crash Signature: [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)] → [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)] [@ nsMsgDatabase::GetHdrFromUseCache ] [@ @ PL_DHashTableOperate | nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) ]
hiro, any thoughts on this one?

bp-dc437246-9713-4d57-be38-1bd092140807
has same crash line numbers as previous citation
 0 	xul.dll	nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)	mailnews/db/msgdb/src/nsMsgDatabase.cpp
1 	xul.dll	nsMsgDatabase::GetMsgHdrForKey(unsigned int, nsIMsgDBHdr**)	mailnews/db/msgdb/src/nsMsgDatabase.cpp
2 	xul.dll	nsMsgDBView::GetMsgHdrForViewIndex(unsigned int, nsIMsgDBHdr**)	mailnews/base/src/nsMsgDBView.cpp
3 	xul.dll	nsMsgDBView::GetRowProperties(int, nsAString_internal&)	mailnews/base/src/nsMsgDBView.cpp
4 	xul.dll	nsMsgGroupView::GetRowProperties(int, nsAString_internal&)	mailnews/base/src/nsMsgGroupView.cpp 


Unclear to me whether PL_DHashTableOperate | nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) is related  (different line number)
bp-e84ee4b4-9fde-4084-812d-748df2140801

http://hg.mozilla.org/releases/comm-esr24/annotate/a908efbe7f74/mailnews/db/msgdb/src/nsMsgDatabase.cpp#l661 
hg@0 658 if (m_headersInUse)
hg@0 659 {
hg@0 660   PLDHashEntryHdr *entry;
hg@0 661   entry = PL_DHashTableOperate(m_headersInUse, (const void *) key, PL_DHASH_LOOKUP);
Crash Signature: [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)] [@ nsMsgDatabase::GetHdrFromUseCache ] [@ @ PL_DHashTableOperate | nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) ] → [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)] [@ nsMsgDatabase::GetHdrFromUseCache ]
Flags: needinfo?(hiikezoe)
(In reply to Wayne Mery (:wsmwk) from comment #3)

> bp-dc437246-9713-4d57-be38-1bd092140807
> has same crash line numbers as previous citation

I can't see the previous crash data (bp-21b83813-b488-4f42-bb0a-07ffb2130131 in comment #2) now, but I think those two crashes were caused by the same reason, null pointer access.

> Unclear to me whether PL_DHashTableOperate |
> nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) is related 
> (different line number)
> bp-e84ee4b4-9fde-4084-812d-748df2140801
> 
> http://hg.mozilla.org/releases/comm-esr24/annotate/a908efbe7f74/mailnews/db/
> msgdb/src/nsMsgDatabase.cpp#l661 
> hg@0 658 if (m_headersInUse)
> hg@0 659 {
> hg@0 660   PLDHashEntryHdr *entry;
> hg@0 661   entry = PL_DHashTableOperate(m_headersInUse, (const void *) key,
> PL_DHASH_LOOKUP);

This one might be the same of bp-ac1d0554-92da-4ae5-91ba-2c4652101105 in comment #0.
I am suspecting those two crashes were caused by memory corruption because the byte code of the crash address 0x2e736f65 means "eos." in ascii codes. It looks some text data to me. The address 0x730063 in comment #0 also looks a boundary of text data or something similar structure.
Flags: needinfo?(hiikezoe)
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
(Reporter)

Updated

9 months ago
See Also: → bug 1311672
(Reporter)

Comment 6

8 months ago
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #1)
> still going strong - bp-ff65165d-9029-4de2-9297-105832120212 version 10

not going strong any more
Whiteboard: [rare]
You need to log in before you can comment on or make changes to this bug.