Closed Bug 661319 Opened 13 years ago Closed 13 years ago

JSBool assertion failure causes crash when connecting to GMail IMAP

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 7.0

People

(Reporter: mconley, Assigned: mconley)

Details

(Keywords: crash)

Attachments

(2 files)

JSBool Assertion Stacktrace
5.36 KB, text/plain
Details
Patch v1
790 bytes, patch
Bienvenu
: review+
Details | Diff | Splinter Review 
I've got a GMail account that I connect to with TB for testing, and recent builds are crashing when syncing with GMail.

See attached stacktrace.
Keywords: crash
Attached patch Patch v1Splinter Review 
Bienvenu tracked down the problem to the way nsMsgDBFolder::OnFlagChange called NotifyBoolPropertyChanged.

This patch fixes the crash in my build.
Assignee: nobody → mconley
Status: NEW → ASSIGNED
Attachment #536691 - Flags: review?(dbienvenu)
Comment on attachment 536691 [details] [diff] [review]
Patch v1

looks good - I grepped through the code and couldn't find any other code abusing bools this way.
Attachment #536691 - Flags: review?(dbienvenu) → review+
Keywords: checkin-needed
Checked in: http://hg.mozilla.org/comm-central/rev/7b686a8fd57c

Should we be back porting this to aurora?
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 7.0
I don't see how it could hurt.
We initially made it fatal to pass malformed PRBools through XPConnect to the js engine. During the brief window where this was a fatal assert, quite a few bugs cropped up, such as this one. However, it caused too much fallout on the Firefox side of things so we had to make xpcconnect do the !! thing before passing a prbool into a jsbool. There's now a warning if xpcconnect has to do that, so please watch out in debug builds for a "Passing a malformed PRBool through XPConnect".

If any good souls want to keep running their mozilla/ subdirectory without the !! thing in xpcconvert.cpp, that would be a great way to catch any potential bad PRBools.

All the details are in https://bugzilla.mozilla.org/show_bug.cgi?id=661319
I could probably revive a quick prcheck tool to run on c-c code that actually ensures that PRBools receive only [0,1] values.
Firefox could use this as well, I think...
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: