User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0b11) Gecko/20110209 Firefox/4.0b11 SeaMonkey/2.1b2 Build Identifier: Mozilla/5.0 (X11; Linux i686; rv:2.0b11) Gecko/20110209 Firefox/4.0b11 SeaMonkey/2.1b2 Build identifier: Mozilla/5.0 (X11; Linux i686; rv:2.0b11) Gecko/20110209 Firefox/4.0b11 SeaMonkey/2.1b2 Yesterday I forwarded a news.mozilla.support.seamonkey message to myself (Message-ID: <oO-dnSG81M5ZSwvQnZ2dnUVZ_vydnZ2d@mozilla.org> - Subject: view headers all option - 04/02/2011 12:57 AM, Stanimir Stamenkov) as an attachment. Opened the forwarded email and double-clicked the .eml attachment: Content-Type: message/rfc822; name="Re: view headers all option.eml" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Re: view headers all option.eml" Crashed SM. Send the crash report, reopened SM, repeated, crash. Both crashes are: <https://crash-stats.mozilla.com/report/index/bp-cd4fcdb1-fd1b-4430-9d36-91fe32110404> [SeaMonkey 2.1b2 Crash Report [@ nsHtml5TreeBuilder::currentNode ] ] <https://crash-stats.mozilla.com/report/index/bp-0d0fc3fe-8ec8-430d-bf7b-9c86b2110404> [SeaMonkey 2.1b2 Crash Report [@ nsHtml5TreeBuilder::isInForeign ]] Reproducible: Always Steps to Reproduce: 1. mozilla.support.seamonkey Open thread: view headers all option (03/29/2011 - Rick Merrill) Click on the last msg in that thread: 04/02/2011 12:57 AM, Stanimir Stamenkov - Message-ID: <oO-dnSG81M5ZSwvQnZ2dnUVZ_vydnZ2d@mozilla.org> 2. Forward Stanimir's message as an attachement (Forward|Attachment). 3. Open the forwarded email & click on the attachment icon (right side of Subject: header etc). You'll see: Attachments: Re: view header...on.eml (1.4 KB) double-click 'Re: view header...on.eml (1.4 KB)' Actual Results: Crashes. See the thread in mozilla.dev.apps.seamonkey Subject: SM 2.1 crashes - nsHtml5TreeBuilder Date: Tue, 05 Apr 2011 08:27:14 -0700 for additional details. Expected Results: Opened the .eml in a separate window (as does SeaMonkey 2.0.13). Additional crash reports: <https://crash-stats.mozilla.com/report/index/bp-6917e205-0640-49fb-8502-ed1742110405> <https://crash-stats.mozilla.com/report/index/d2ccab95-cf10-4f76-a181-24ee02110405> <https://crash-stats.mozilla.com/report/index/bp-efde20bb-df29-4764-a6c5-255d02110405> <https://crash-stats.mozilla.com/report/index/1a2931ca-3a3d-4795-80a0-9340f2110405> <https://crash-stats.mozilla.com/report/index/1a2931ca-3a3d-4795-80a0-9340f2110405>
Crash Report as per above, but instead of forwarding it out and back, I only saved the message to Drafts-folder and attempted to open draft-Attachment-eml: <https://crash-stats.mozilla.com/report/index/bp-9b6b990c-aac1-407b-a2f9-be5762110405> Mozilla/5.0 (X11; Linux x86_64; rv:2.2a1pre) Gecko/20110331 Firefox/4.2a1pre SeaMonkey/2.2a1pre ID:20110331193613
I can't find the message in Google group search by message id. Could you please attach the HTML markup in the crashing message here?
My money is on the EML-to-HTML converter doing something that the HTML5 parser doesn't expect, not on the HTML markup being anything particularly interested... NoOP, can you just attach the .eml file in question here?
Repeated by duplicating NoOp's test, and actually forwarded newsgroup-message with eml as Attachment, which also crashed instantly when opening eml-Attachment in SM-2.2a1pre, and got the same crash signatures:- <https://crash-stats.mozilla.com/report/index/bp-c9d7cbb5-bcf0-40ec-854d-1c7032110405> The faulty mechanism appears to be unique to the browser's capacity to display the eml-Attachment from within the message. This is not an insurmountable-problem for me personally, as image and eml Attachments are automatically displayed within the message-pane (below the message), but that ability does seem to prove that the messaging window/pane part of SeaMonkey is not having problems converting and correctly displaying the eml-attachment from within the message. Nor does SeaMonkey have a problem saving the eml-Attachment as an eml-local-file, and then correctly opening and displaying the file in SeaMonkey's browser-window. The problem is only when trying to open inside the browser-window, ~ the eml-attachment from within the actual-message. Then, it's an instant crash! Am I right off-track by suggesting that this does not sound like a eml>HTML conversion problem, but rather a faulty instruction or path that has gone astray, for this particular operation alone?
(In reply to comment #5) > The faulty mechanism appears to be unique to the browser's capacity to display > the eml-Attachment from within the message. Interesting. Could that code path manage to systematically corrupt the tree builder stack memory in the same way every time? Is there an easy way to dump the HTML that gets fed to the HTML parser when the .eml is converted to HTML? Does this crash happen in Thunderbird?
> Does this crash happen in Thunderbird? Thunderbird doesn't have a browser component like the SeaMonkey Suite does.
Still crashes SeaMonkey 2.2b2: <https://crash-stats.mozilla.com/report/index/bp-6e31a14e-440b-4d41-9ecc-7cac82110706>
Correction: SeaMonkey 2.2b3
(In reply to comment #8) > <https://crash-stats.mozilla.com/report/index/bp-6e31a14e-440b-4d41-9ecc-7cac82110706> Frame #1: libxul.so nsHtml5TreeBuilder::flushCharacters parser/html/nsHtml5TreeBuilder.cpp:3772 appears the same as Frame #0 of <https://crash-stats.mozilla.com/report/index/bp-cfbdec39-a138-4731-a6f9-2e4712110703> which I've reported for Bug 665310. It would be interesting if you would be able to reproduce with 2.2 final which will include a fix for Bug 665313 (it doesn't mean the crash is fixed, but this issue would need different case to reproduce).
Resolved in 2.2 final. Just installed & tested: http://www.seamonkey-project.org/releases/2.2 (linux), double-clicked the eml and it does not crash SM and does open the eml albeit as: HVlLCAyOSBNYXIgMjAxMSAxODowMjo1MCAtMDQwMCwgL1JpY2sgTWVycmlsbC86Cgo+IFdo ZW4geW91IFJFY2VpdmUgb25lIG9mIHRoZXNlIHNjYW1zIHlvdSBNQVkgZm9yd2FyZCAoc2Vu ZCkKPiBpdCB0byBwaGlzaGluZ0BpcnMuZ292IGJ1dCBpdCBpcyBvbmx5IHVzZWZ1bCBpZiB5 b3Ugc2VuZAo+IGZ1bGwgaGVhZGVycy4KPgo+IEluIG90aGVyIHdvcmRzIDotKSB3aGF0IEkg d2FzIGFza2luZyBpcyBhIG9uZS10aW1lLW9ubHkgImZ1bGwKPiBoZWFkZXJzIiBvcHRpb24g Zm9yIHN1Y2ggZm9yd2FyZHMuCgpXaGF0J3Mgd3Jvbmcgd2l0aCBGb3J3YXJkIEFzIC0+IEF0 dGFjaG1lbnQ/ICBUaGlzIHdheSB5b3UnbGwgaW5jbHVkZSAKZnVsbCBoZWFkZXJzIGFuZCBm dWxsIGNvbnRlbnQgaW4gYWRkaXRpb24uICBZb3UnbGwgYmFzaWNhbGx5IGZvcndhcmQgCnRo ZSBvcmlnaW5hbCBtZXNzYWdlIGludGFjdC4KCi0tIApTdGFuaW1pcgo= but no more crashes.
Mozilla/5.0 (X11; Linux x86_64; rv:7.0a2) Gecko/20110705 Firefox/7.0a2 SeaMonkey/2.4a2 ID:20110705104517 Many thanks Stan and Karsten. Confirmed works for me. forwarded the news.mozilla.support.seamonkey message to myself (Message-ID: <oO-dnSG81M5ZSwvQnZ2dnUVZ_vydnZ2d@mozilla.org> - Subject: view headers all option - 04/02/2011 12:57 AM, Stanimir Stamenkov) as an attachment. 1/ Opened the forwarded .eml attachment via double-clicking: Result = message body opened in new window perfectly. 2/ Opened the forwarded .eml attachment via right-click drop-down-menu: Result = message body opened in new window perfectly.