Last Comment Bug 617073 - crash [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]
: crash [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]
Status: NEW
[rare]
: crash
Product: MailNews Core
Classification: Components
Component: Database (show other bugs)
: 1.9.2 Branch
: x86 Windows Vista
: -- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-06 11:33 PST by Wayne Mery (:wsmwk, NI for questions)
Modified: 2016-11-13 04:57 PST (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Wayne Mery (:wsmwk, NI for questions) 2010-12-06 11:33:28 PST
crash [@ nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)]

bp-ac1d0554-92da-4ae5-91ba-2c4652101105
EXCEPTION_ACCESS_VIOLATION_READ
0x730063
trying to download a message from trmotr server
0	thunderbird.exe	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:530
1	thunderbird.exe	nsMsgDBEnumerator::PrefetchNext	mailnews/db/msgdb/src/nsMsgDatabase.cpp:2720
2	thunderbird.exe	nsMsgDBEnumerator::HasMoreElements	mailnews/db/msgdb/src/nsMsgDatabase.cpp:2750
3	thunderbird.exe	nsPop3Sink::FindPartialMessages	mailnews/local/src/nsPop3Sink.cpp:237
4	thunderbird.exe	nsPop3Sink::BeginMailDelivery	mailnews/local/src/nsPop3Sink.cpp:395
5	thunderbird.exe	nsPop3Protocol::GetStat	mailnews/local/src/nsPop3Protocol.cpp:2344
6	thunderbird.exe	nsPop3Protocol::ProcessProtocolState	mailnews/local/src/nsPop3Protocol.cpp:3902
7	thunderbird.exe	nsMsgProtocol::OnDataAvailable	mailnews/base/util/nsMsgProtocol.cpp:359
8	thunderbird.exe	nsInputStreamPump::OnStateTransfer	netwerk/base/src/nsInputStreamPump.cpp:510 


different stack
bp-0d826e68-4ad3-421f-b16e-800fe2101123
0	thunderbird.exe	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:530
1	thunderbird.exe	nsMsgDatabase::GetMsgHdrForKey	mailnews/db/msgdb/src/nsMsgDatabase.cpp:1680
2	thunderbird.exe	nsMsgDBView::GetMsgHdrForViewIndex	mailnews/base/src/nsMsgDBView.cpp:1535
3	thunderbird.exe	nsMsgDBView::GetRowProperties	mailnews/base/src/nsMsgDBView.cpp:1216
4	thunderbird.exe	nsMsgGroupView::GetRowProperties	mailnews/base/src/nsMsgGroupView.cpp:759
5	thunderbird.exe	nsTreeBodyFrame::PaintRow	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2952
6	thunderbird.exe	nsTreeBodyFrame::PaintTreeBody	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2883
7	thunderbird.exe	PaintTreeBody	layout/xul/base/src/tree/src/nsTreeBodyFrame.cpp:2811
Comment 1 Wayne Mery (:wsmwk, NI for questions) 2012-02-13 17:53:56 PST
still going strong - bp-ff65165d-9029-4de2-9297-105832120212 version 10
Comment 2 Wayne Mery (:wsmwk, NI for questions) 2013-02-03 17:15:17 PST
bp-21b83813-b488-4f42-bb0a-07ffb2130131
0	xul.dll	nsMsgDatabase::GetHdrFromUseCache	mailnews/db/msgdb/src/nsMsgDatabase.cpp:664
1	xul.dll	nsMsgDatabase::GetMsgHdrForKey	mailnews/db/msgdb/src/nsMsgDatabase.cpp:1812
2	xul.dll	nsMsgDBFolder::GetMessageHeader	mailnews/base/util/nsMsgDBFolder.cpp:5080
3	xul.dll	nsMsgDBView::GetInsertIndexHelper	mailnews/base/src/nsMsgDBView.cpp:5289
4	xul.dll	nsMsgDBView::GetInsertIndex	mailnews/base/src/nsMsgDBView.cpp:5339
5	xul.dll	nsMsgDBView::AddHdr	mailnews/base/src/nsMsgDBView.cpp:5379
6	xul.dll	nsMsgThreadedDBView::OnNewHeader	mailnews/base/src/nsMsgThreadedDBView.cpp:581
7	xul.dll	nsMsgDBView::OnHdrAdded	mailnews/base/src/nsMsgDBView.cpp:6008
8	xul.dll	nsMsgDatabase::NotifyHdrAddedAll	mailnews/db/msgdb/src/nsMsgDatabase.cpp:870
9	xul.dll	nsMsgDatabase::AddNewHdrToDB	mailnews/db/msgdb/src/nsMsgDatabase.cpp:3437 

at last line of the following
mconley@13475 651 *result = nullptr;
hg@0 652
hg@0 653 if (m_headersInUse)
hg@0 654 {
hg@0 655 PLDHashEntryHdr *entry;
hg@0 656 entry = PL_DHashTableOperate(m_headersInUse, (const void *) key, PL_DHASH_LOOKUP);
hg@0 657 if (PL_DHASH_ENTRY_IS_BUSY(entry))
hg@0 658 {
hg@0 659 MsgHdrHashElement* element = reinterpret_cast<MsgHdrHashElement*>(entry);
hg@0 660 *result = element->mHdr;
hg@0 661 }
hg@0 662 if (*result)
hg@0 663 {
hg@0 664 NS_ADDREF(*result);
Comment 3 Wayne Mery (:wsmwk, NI for questions) 2014-09-07 19:03:59 PDT
hiro, any thoughts on this one?

bp-dc437246-9713-4d57-be38-1bd092140807
has same crash line numbers as previous citation
 0 	xul.dll	nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**)	mailnews/db/msgdb/src/nsMsgDatabase.cpp
1 	xul.dll	nsMsgDatabase::GetMsgHdrForKey(unsigned int, nsIMsgDBHdr**)	mailnews/db/msgdb/src/nsMsgDatabase.cpp
2 	xul.dll	nsMsgDBView::GetMsgHdrForViewIndex(unsigned int, nsIMsgDBHdr**)	mailnews/base/src/nsMsgDBView.cpp
3 	xul.dll	nsMsgDBView::GetRowProperties(int, nsAString_internal&)	mailnews/base/src/nsMsgDBView.cpp
4 	xul.dll	nsMsgGroupView::GetRowProperties(int, nsAString_internal&)	mailnews/base/src/nsMsgGroupView.cpp 


Unclear to me whether PL_DHashTableOperate | nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) is related  (different line number)
bp-e84ee4b4-9fde-4084-812d-748df2140801

http://hg.mozilla.org/releases/comm-esr24/annotate/a908efbe7f74/mailnews/db/msgdb/src/nsMsgDatabase.cpp#l661 
hg@0 658 if (m_headersInUse)
hg@0 659 {
hg@0 660   PLDHashEntryHdr *entry;
hg@0 661   entry = PL_DHashTableOperate(m_headersInUse, (const void *) key, PL_DHASH_LOOKUP);
Comment 4 Hiroyuki Ikezoe (:hiro) 2014-09-07 20:25:35 PDT
(In reply to Wayne Mery (:wsmwk) from comment #3)

> bp-dc437246-9713-4d57-be38-1bd092140807
> has same crash line numbers as previous citation

I can't see the previous crash data (bp-21b83813-b488-4f42-bb0a-07ffb2130131 in comment #2) now, but I think those two crashes were caused by the same reason, null pointer access.

> Unclear to me whether PL_DHashTableOperate |
> nsMsgDatabase::GetHdrFromUseCache(unsigned int, nsIMsgDBHdr**) is related 
> (different line number)
> bp-e84ee4b4-9fde-4084-812d-748df2140801
> 
> http://hg.mozilla.org/releases/comm-esr24/annotate/a908efbe7f74/mailnews/db/
> msgdb/src/nsMsgDatabase.cpp#l661 
> hg@0 658 if (m_headersInUse)
> hg@0 659 {
> hg@0 660   PLDHashEntryHdr *entry;
> hg@0 661   entry = PL_DHashTableOperate(m_headersInUse, (const void *) key,
> PL_DHASH_LOOKUP);

This one might be the same of bp-ac1d0554-92da-4ae5-91ba-2c4652101105 in comment #0.
I am suspecting those two crashes were caused by memory corruption because the byte code of the crash address 0x2e736f65 means "eos." in ascii codes. It looks some text data to me.γ€€The address 0x730063 in comment #0 also looks a boundary of text data or something similar structure.
Comment 5 Ludovic Hirlimann [:Usul] 2015-09-25 05:49:37 PDT
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
Comment 6 Wayne Mery (:wsmwk, NI for questions) 2016-11-13 04:57:15 PST
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #1)
> still going strong - bp-ff65165d-9029-4de2-9297-105832120212 version 10

not going strong any more

Note You need to log in before you can comment on or make changes to this bug.