Last Comment Bug 750080 - Segmentation fault (crash) when writing email with no account created nsMsgDBService::GetOpenDBs
: Segmentation fault (crash) when writing email with no account created nsMsgDB...
Status: RESOLVED FIXED
: crash
Product: Thunderbird
Classification: Client Software
Component: Account Manager (show other bugs)
: Trunk
: x86_64 Linux
: -- critical (vote)
: Thunderbird 15.0
Assigned To: David :Bienvenu
:
Mentors:
: 751308 (view as bug list)
Depends on:
Blocks: 723248
  Show dependency treegraph
 
Reported: 2012-04-29 08:54 PDT by Ian Neal
Modified: 2012-05-03 07:40 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
proposed fix (823 bytes, patch)
2012-04-30 16:47 PDT, David :Bienvenu
standard8: review+
Details | Diff | Splinter Review

Description Ian Neal 2012-04-29 08:54:47 PDT
Steps to reproduce
1/ Start TB with a new profile (use -ProfileManager)
2/ Cancel account creation (I'll configure email later)
3/ Click on Write button
4/ Click Exit on AccountWizard

Expected result
1/ Back to Account Central page

Actual result
1/ Segmentation fault
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4b392c8 in nsMsgDBService::GetOpenDBs (this=0x0, aOpenDBs=
    0x7fffffffaa00) at ../../../../mozilla/dist/include/nsTArray.h:224
224	    return mHdr->mLength;

Backtrace:
#0  0x00007ffff4b392c8 in nsMsgDBService::GetOpenDBs (this=0x0, aOpenDBs=
    0x7fffffffaa00) at ../../../../mozilla/dist/include/nsTArray.h:224
#1  0x00007ffff4de2cd8 in NS_InvokeByIndex_P (that=0x0, methodIndex=0, 
    paramCount=4294943964, params=0x42)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:195
#2  0x00007ffff466a75b in XPCWrappedNative::CallMethod (ccx=..., mode=
    CALL_GETTER)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:3114
#3  0x00007ffff4670df3 in XPC_WN_GetterSetter (cx=0x7ffff7dcd630, argc=0, vp=
    0x7fffe8bff188)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/xpcprivate.h:2674
#4  0x00007ffff512426a in js::InvokeKernel (cx=0x7ffff7dcd630, args=..., 
    construct=NO_CONSTRUCT)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jscntxtinlines.h:314
#5  0x00007ffff51248ce in js::Invoke (cx=0x7ffff7dcd630, thisv=..., fval=..., 
    argc=0, argv=0x0, rval=0x7fffffffb740)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.h:172
#6  0x00007ffff512496b in js::InvokeGetterOrSetter (cx=0x0, obj=0x0, fval=..., 
    argc=66, argv=0x7fffffffa498, rval=0x636d)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:641
#7  0x00007ffff5139cd4 in js::GetPropertyHelper (cx=0x7ffff7dcd630, obj=..., 
    id=..., getHow=32767, vp=0x7fffffffb9c0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsscopeinlines.h:286
#8  0x00007ffff5120ade in js::Interpret (cx=0x7ffff7dcd630, entryFrame=
    0x7fffdaec1820, interpMode=JSINTERP_NORMAL)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterpinlines.h:266
#9  0x00007ffff5123c8f in js::RunScript (cx=0x7ffff7dcd630, script=0x0, fp=
    0x7fffe8bff048)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:475
#10 0x00007ffff512432d in js::InvokeKernel (cx=0x7ffff7dcd630, args=..., 
    construct=3673961808)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:535
#11 0x00007ffff51248ce in js::Invoke (cx=0x7ffff7dcd630, thisv=..., fval=..., 
    argc=1, argv=0x7fffffffc1e0, rval=0x7fffffffc370)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.h:172
#12 0x00007ffff50ad70c in JS_CallFunctionValue (cx=0x0, obj=0x0, fval=..., 
    argc=66, argv=0x7fffffffa498, rval=0x636d)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsapi.cpp:5419
#13 0x00007ffff46612e6 in nsXPCWrappedJSClass::CallMethod (this=
    0x7fffe71bf840, wrapper=0x1, methodIndex=8256, info=0x7fffec4f6478, 
    nativeParams=0x7fffffffc490)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedJSClass.cpp:1509
#14 0x00007ffff465ba67 in nsXPCWrappedJS::CallMethod (this=0x7fffd7f7af80, 
    methodIndex=3, info=0x7fffec4f6478, params=0x7fffffffc490)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedJS.cpp:617
#15 0x00007ffff4de38b6 in PrepareAndDispatch (self=0x7fffd7fc2aa0, methodIndex=
    0, args=0x7fffffffc5f0, gpregs=0x7fffffffc570, fpregs=0x7fffffffc5a0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:153
#16 0x00007ffff4de2dfb in SharedStub ()
   from /home/gizmo/mozdev/central/tb-opt/mozilla/dist/bin/libxul.so
#17 0x00007ffff4dd3b89 in nsTimerImpl::Fire (this=0x7fffdb4798d0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsTimerImpl.cpp:511
#18 0x00007ffff4dd3dd0 in nsTimerEvent::Run (this=0x0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsTimerImpl.cpp:591
#19 0x00007ffff4dd02b4 in nsThread::ProcessNextEvent (this=0x7fffec421ac0, 
    mayWait=false, result=0x7fffffffc6cf)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsThread.cpp:656
#20 0x00007ffff4d9775a in NS_ProcessNextEvent_P (thread=0x0, mayWait=true)
    at /home/gizmo/mozdev/central/tb-opt/mozilla/xpcom/build/nsThreadUtils.cpp:245
#21 0x00007ffff4cd8dd6 in mozilla::ipc::MessagePump::Run (this=0x7fffec44c900, 
    aDelegate=0x7ffff7dccff0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/ipc/glue/MessagePump.cpp:134
#22 0x00007ffff4dfaac2 in MessageLoop::Run (this=0x0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/ipc/chromium/src/base/message_loop.cc:208
#23 0x00007ffff4948210 in nsBaseAppShell::Run (this=0x7fffeaf6c740)
    at /home/gizmo/mozdev/central/comm-central/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:189
#24 0x00007ffff47b167e in nsAppStartup::Run (this=0x7fffeaf84880)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/components/startup/nsAppStartup.cpp:295
#25 0x00007ffff3d15d99 in XREMain::XRE_mainRun (this=0x7fffffffca10)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3780
#26 0x00007ffff3d17cb7 in XREMain::XRE_main (this=0x7fffffffca10, argc=
    -137227600, argv=0x0, aAppData=0x7ffff7d21240)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3857
#27 0x00007ffff3d17fea in XRE_main (argc=2, argv=0x7fffffffde08, aAppData=
    0x7ffff7d21240)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3933
#28 0x0000000000402284 in main (argc=2, argv=0x7fffffffde08)
    at /home/gizmo/mozdev/central/comm-central/mail/app/nsMailApp.cpp:144
Comment 1 Ian Neal 2012-04-29 09:10:18 PDT
This also happens, by starting with a new profile and then just not doing anything with setting up an account (just leave the "Welcome to Daily" screen open).
Comment 2 Marco Zehe (:MarcoZ) on PTO until August 15 2012-04-30 11:27:15 PDT
Confirming. Report:
bp-a7431c4a-82b7-4aa2-be60-0a2df2120430
Comment 3 Marco Zehe (:MarcoZ) on PTO until August 15 2012-04-30 11:28:36 PDT
And also: bp-b15aa01d-4e61-4812-9a68-7caa32120430
Comment 4 David :Bienvenu 2012-04-30 16:47:45 PDT
Created attachment 619761 [details] [diff] [review]
proposed fix

this is the open db purging caching code triggering this crash, so it's new on the trunk. Basically, you have to wait for TB to go idle to see this crash.
Comment 5 :aceman 2012-05-02 06:03:43 PDT
I have done this many times and it never crashed.
So it must be very new as David says.
Comment 6 David :Bienvenu 2012-05-02 13:58:24 PDT
*** Bug 751308 has been marked as a duplicate of this bug. ***
Comment 7 David :Bienvenu 2012-05-03 07:30:06 PDT
fixed on trunk - http://hg.mozilla.org/comm-central/rev/edb125fb244c

Note You need to log in before you can comment on or make changes to this bug.