Segmentation fault (crash) when writing email with no account created nsMsgDBService::GetOpenDBs

RESOLVED FIXED in Thunderbird 15.0

Status

Thunderbird
Account Manager
--
critical
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: Ian Neal, Assigned: Bienvenu)

Tracking

({crash})

Trunk
Thunderbird 15.0
x86_64
Linux
crash

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Steps to reproduce
1/ Start TB with a new profile (use -ProfileManager)
2/ Cancel account creation (I'll configure email later)
3/ Click on Write button
4/ Click Exit on AccountWizard

Expected result
1/ Back to Account Central page

Actual result
1/ Segmentation fault
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4b392c8 in nsMsgDBService::GetOpenDBs (this=0x0, aOpenDBs=
    0x7fffffffaa00) at ../../../../mozilla/dist/include/nsTArray.h:224
224	    return mHdr->mLength;

Backtrace:
#0  0x00007ffff4b392c8 in nsMsgDBService::GetOpenDBs (this=0x0, aOpenDBs=
    0x7fffffffaa00) at ../../../../mozilla/dist/include/nsTArray.h:224
#1  0x00007ffff4de2cd8 in NS_InvokeByIndex_P (that=0x0, methodIndex=0, 
    paramCount=4294943964, params=0x42)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:195
#2  0x00007ffff466a75b in XPCWrappedNative::CallMethod (ccx=..., mode=
    CALL_GETTER)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:3114
#3  0x00007ffff4670df3 in XPC_WN_GetterSetter (cx=0x7ffff7dcd630, argc=0, vp=
    0x7fffe8bff188)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/xpcprivate.h:2674
#4  0x00007ffff512426a in js::InvokeKernel (cx=0x7ffff7dcd630, args=..., 
    construct=NO_CONSTRUCT)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jscntxtinlines.h:314
#5  0x00007ffff51248ce in js::Invoke (cx=0x7ffff7dcd630, thisv=..., fval=..., 
    argc=0, argv=0x0, rval=0x7fffffffb740)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.h:172
#6  0x00007ffff512496b in js::InvokeGetterOrSetter (cx=0x0, obj=0x0, fval=..., 
    argc=66, argv=0x7fffffffa498, rval=0x636d)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:641
#7  0x00007ffff5139cd4 in js::GetPropertyHelper (cx=0x7ffff7dcd630, obj=..., 
    id=..., getHow=32767, vp=0x7fffffffb9c0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsscopeinlines.h:286
#8  0x00007ffff5120ade in js::Interpret (cx=0x7ffff7dcd630, entryFrame=
    0x7fffdaec1820, interpMode=JSINTERP_NORMAL)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterpinlines.h:266
#9  0x00007ffff5123c8f in js::RunScript (cx=0x7ffff7dcd630, script=0x0, fp=
    0x7fffe8bff048)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:475
#10 0x00007ffff512432d in js::InvokeKernel (cx=0x7ffff7dcd630, args=..., 
    construct=3673961808)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.cpp:535
#11 0x00007ffff51248ce in js::Invoke (cx=0x7ffff7dcd630, thisv=..., fval=..., 
    argc=1, argv=0x7fffffffc1e0, rval=0x7fffffffc370)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsinterp.h:172
#12 0x00007ffff50ad70c in JS_CallFunctionValue (cx=0x0, obj=0x0, fval=..., 
    argc=66, argv=0x7fffffffa498, rval=0x636d)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/src/jsapi.cpp:5419
#13 0x00007ffff46612e6 in nsXPCWrappedJSClass::CallMethod (this=
    0x7fffe71bf840, wrapper=0x1, methodIndex=8256, info=0x7fffec4f6478, 
    nativeParams=0x7fffffffc490)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedJSClass.cpp:1509
#14 0x00007ffff465ba67 in nsXPCWrappedJS::CallMethod (this=0x7fffd7f7af80, 
    methodIndex=3, info=0x7fffec4f6478, params=0x7fffffffc490)
    at /home/gizmo/mozdev/central/comm-central/mozilla/js/xpconnect/src/XPCWrappedJS.cpp:617
#15 0x00007ffff4de38b6 in PrepareAndDispatch (self=0x7fffd7fc2aa0, methodIndex=
    0, args=0x7fffffffc5f0, gpregs=0x7fffffffc570, fpregs=0x7fffffffc5a0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:153
#16 0x00007ffff4de2dfb in SharedStub ()
   from /home/gizmo/mozdev/central/tb-opt/mozilla/dist/bin/libxul.so
#17 0x00007ffff4dd3b89 in nsTimerImpl::Fire (this=0x7fffdb4798d0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsTimerImpl.cpp:511
#18 0x00007ffff4dd3dd0 in nsTimerEvent::Run (this=0x0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsTimerImpl.cpp:591
#19 0x00007ffff4dd02b4 in nsThread::ProcessNextEvent (this=0x7fffec421ac0, 
    mayWait=false, result=0x7fffffffc6cf)
    at /home/gizmo/mozdev/central/comm-central/mozilla/xpcom/threads/nsThread.cpp:656
#20 0x00007ffff4d9775a in NS_ProcessNextEvent_P (thread=0x0, mayWait=true)
    at /home/gizmo/mozdev/central/tb-opt/mozilla/xpcom/build/nsThreadUtils.cpp:245
#21 0x00007ffff4cd8dd6 in mozilla::ipc::MessagePump::Run (this=0x7fffec44c900, 
    aDelegate=0x7ffff7dccff0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/ipc/glue/MessagePump.cpp:134
#22 0x00007ffff4dfaac2 in MessageLoop::Run (this=0x0)
    at /home/gizmo/mozdev/central/comm-central/mozilla/ipc/chromium/src/base/message_loop.cc:208
#23 0x00007ffff4948210 in nsBaseAppShell::Run (this=0x7fffeaf6c740)
    at /home/gizmo/mozdev/central/comm-central/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:189
#24 0x00007ffff47b167e in nsAppStartup::Run (this=0x7fffeaf84880)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/components/startup/nsAppStartup.cpp:295
#25 0x00007ffff3d15d99 in XREMain::XRE_mainRun (this=0x7fffffffca10)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3780
#26 0x00007ffff3d17cb7 in XREMain::XRE_main (this=0x7fffffffca10, argc=
    -137227600, argv=0x0, aAppData=0x7ffff7d21240)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3857
#27 0x00007ffff3d17fea in XRE_main (argc=2, argv=0x7fffffffde08, aAppData=
    0x7ffff7d21240)
    at /home/gizmo/mozdev/central/comm-central/mozilla/toolkit/xre/nsAppRunner.cpp:3933
#28 0x0000000000402284 in main (argc=2, argv=0x7fffffffde08)
    at /home/gizmo/mozdev/central/comm-central/mail/app/nsMailApp.cpp:144
(Reporter)

Comment 1

5 years ago
This also happens, by starting with a new profile and then just not doing anything with setting up an account (just leave the "Welcome to Daily" screen open).
Version: unspecified → Trunk
Crash Signature: [@ nsMsgDBService::GetOpenDBs(nsIArray**)] [@ nsMsgDBService::GetOpenDBs]
Summary: Segmentation fault when writing email with no account created → Segmentation fault (crash) when writing email with no account created nsMsgDBService::GetOpenDBs

Comment 2

5 years ago
Confirming. Report:
bp-a7431c4a-82b7-4aa2-be60-0a2df2120430

Comment 3

5 years ago
And also: bp-b15aa01d-4e61-4812-9a68-7caa32120430
(Assignee)

Comment 4

5 years ago
Created attachment 619761 [details] [diff] [review]
proposed fix

this is the open db purging caching code triggering this crash, so it's new on the trunk. Basically, you have to wait for TB to go idle to see this crash.
Assignee: nobody → dbienvenu
Attachment #619761 - Flags: review?(mbanner)

Comment 5

5 years ago
I have done this many times and it never crashed.
So it must be very new as David says.
(Assignee)

Updated

5 years ago
Duplicate of this bug: 751308
Attachment #619761 - Flags: review?(mbanner) → review+
(Assignee)

Comment 7

5 years ago
fixed on trunk - http://hg.mozilla.org/comm-central/rev/edb125fb244c
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 15.0
(Assignee)

Updated

5 years ago
Blocks: 723248
You need to log in before you can comment on or make changes to this bug.