Closed Bug 684481 Opened 14 years ago Closed 14 years ago

crash in nsImapService::OpenAttachment fails to check to check for a null string before trying to use nsDependentCString

Categories

(MailNews Core :: Networking: IMAP, defect)

Product:
MailNews Core
Component:
Networking: IMAP
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(thunderbird7+ fixed, thunderbird8+ fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 9.0
Tracking Flags:
Tracking Status
thunderbird7 + fixed
thunderbird8 + fixed

People

(Reporter: wsmwk, Assigned: standard8)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file, 2 obsolete files)

Branch patch v2
714 bytes, patch
Bienvenu
: review+
standard8
: approval-comm-aurora+
Details | Diff | Splinter Review
per IRC w/ standard8 ... crash nsImapService::OpenAttachment fails to check to check for a null string before trying to use nsDependentCString not a regression afaict - https://crash-stats.mozilla.com/report/list?product=Thunderbird&query_search=signature&query_type=exact&query=strlen%20%7C%20nsDependentCString%3A%3AnsDependentCString%28char%20const%2A%29&reason_type=contains&date=09%2F02%2F2011%2021%3A48%3A13&range_value=4&range_unit=weeks&hang_type=any&process_type=all&do_query=1&signature=strlen%20%7C%20nsDependentCString%3A%3AnsDependentCString%28char%20const%2A%29 standard8 thinks this may be a regression in v7. based on spot checking of crash-stats I'm inclined to agree (but I could be incorrect). looks to be at least 5 individuals crashing with v7 bp-63c0a42f-b29e-43aa-a83d-8839b2110901 EXCEPTION_ACCESS_VIOLATION_READ 0x0 0 mozcrt19.dll strlen strlen.asm:81 1 xul.dll nsDependentCString::nsDependentCString objdir-tb/mozilla/dist/include/nsTDependentString.h:90 2 xul.dll nsImapService::OpenAttachment mailnews/imap/src/nsImapService.cpp:399 3 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
And not a duplicate of bug 676882. Filed two more bugs, although it is unclear if these still exist on trunk. nsMessenger::SaveAllAttachments nsComponentManagerImpl::RegisterContractID nsAbCardProperty::SetPropertyAsAString We will be able to tell better a) after patch this bug is lands for v7 :) b) after v7 ships
Summary: crash [@ ] nsImapService::OpenAttachment fails to check to check for a null string before trying to use nsDependentCString → crash in nsImapService::OpenAttachment fails to check to check for a null string before trying to use nsDependentCString
Attached patch Branch patch (obsolete) — Splinter Review
Not exactly sure why this comes out as null, but this should stop the crash at least.
Assignee: nobody → mbanner
Status: NEW → ASSIGNED
Attachment #560460 - Flags: review?(dbienvenu)
don't you mean: + if (aFileName) + mailUrl->SetFileName(nsDependentCString(aFileName));
Attached patch Branch patch v2Splinter Review
I blame it on lack of sleep and/or lack of coding recently.
Attachment #560460 - Attachment is obsolete: true
Attachment #560460 - Flags: review?(dbienvenu)
Attachment #560464 - Flags: review?(dbienvenu)
Comment on attachment 560464 [details] [diff] [review] Branch patch v2 :-)
Attachment #560464 - Flags: review?(dbienvenu) → review+
Comment on attachment 560464 [details] [diff] [review] Branch patch v2 Checked into aurora and beta: http://hg.mozilla.org/releases/comm-aurora/rev/983882cfe7c4 http://hg.mozilla.org/releases/comm-beta/rev/e06e69c69a0d
Attachment #560464 - Flags: approval-comm-beta+
Attachment #560464 - Flags: approval-comm-aurora+
Attached patch Trunk fix (obsolete) — Splinter Review
A bit later than planned. If I can get reviews on this today, then I can land before the branch and avoid some interesting flag tweaks.
Attachment #562425 - Flags: superreview?(neil)
Attachment #562425 - Flags: review?(dbienvenu)
Comment on attachment 562425 [details] [diff] [review] Trunk fix >+ void openAttachment(in ACString aContentType, >+ in AUTF8String aFileName, >+ in AUTF8String aUrl, >+ in AUTF8String aMessageUri, The message service function to which this delegates describes these parameters all as ACString rather than AUTF8String. They can't both be correct ;-) >+ in nsISupports aDisplayConsumer, Nit: some trailing spaces crept in, here is one example. >+ PRInt32 partStart = nsCString(aUrl).Find("part="); PromiseFlatCString >+ uri += Substring(aUrl, partStart, aUrl.FindChar('&', partStart + 5)); I think FindChar returns the offset from the start of the string, rather than the start of the search, so you'll need to subtract partStart. >-NS_IMETHODIMP nsMailboxService::OpenAttachment(const char *aContentType, >- const char *aFileName, >- const char *aUrl, >- const char *aMessageUri, >+NS_IMETHODIMP nsMailboxService::OpenAttachment(const nsACString &aContentType, >+ const nsACString &aFileName, >+ const nsACString &aUrl, >+ const nsACString &aMessageUri, That's convenient :-)
I'm going to wait for Neil's comments to be addressed before I review this, especially because of this part: >+ uri += Substring(aUrl, partStart, aUrl.FindChar('&', partStart + 5)); I think FindChar returns the offset from the start of the string, rather than the start of the search, so you'll need to subtract partStart.
Ok, my plan at the moment is to land the branch patch on trunk, and then I'll branch out the API improvements to another bug. That way we'll get everything covered right before the merge.
Landed the branch patch onto trunk: http://hg.mozilla.org/comm-central/rev/ea4ec56a9b02
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
tracking-thunderbird9: + → ---
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 9.0
Comment on attachment 562425 [details] [diff] [review] Trunk fix Filed bug 689544 to get this patch landed.
Attachment #562425 - Attachment is obsolete: true
Attachment #562425 - Flags: superreview?(neil)
Attachment #562425 - Flags: review?(dbienvenu)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: