Closed Bug 676882 Opened 10 years ago Closed 10 years ago

Crash in libmime following bug 674488 libmime passes badly encoded char* into JS land as AUTF8Strings landing

Categories

(MailNews Core :: MIME, defect)

defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird 8.0

People

(Reporter: standard8, Assigned: protz)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-354cb846-76eb-46e8-b2fb-f18cb2110804 .
============================================================= 

I noticed this in crash-stacks earlier today. Top of the stack is:

0 	mozcrt19.dll 	strlen 	strlen.asm:81
1 	xul.dll 	nsDependentCString::nsDependentCString 	objdir-tb/mozilla/dist/include/nsTDependentString.h:90
2 	xul.dll 	MimeMessage_close_headers 	mailnews/mime/src/mimemsg.cpp:296
3 	xul.dll 	MimeMessage_parse_line 	mailnews/mime/src/mimemsg.cpp:278
4 	xul.dll 	convert_and_send_buffer 	

The code at issue is here:

http://hg.mozilla.org/comm-central/annotate/6b22e35111fd/mailnews/mime/src/mimemsg.cpp#l296

nsDependentCString orig(obj->headers->munged_subject);

Unfortunately the code doesn't take account of the fact munged_subject is null - nsDependentCString doesn't allow for that, and hence you just get a crash.
Attached patch FixSplinter Review
Disclaimer: I haven't test it...
Attachment #551090 - Flags: review?(mbanner)
See my bug 677360 for similar issues.
Attachment #551090 - Flags: review?(mbanner) → review+
http://hg.mozilla.org/comm-central/rev/71b93e1bf96c
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Duplicate of this bug: 678604
Target Milestone: --- → Thunderbird 8.0
You need to log in before you can comment on or make changes to this bug.