crash in nsParseMailMessageState::GetAggregateHeader

VERIFIED FIXED in Thunderbird 24.0

Status

MailNews Core
Backend
--
critical
VERIFIED FIXED
5 years ago
4 years ago

People

(Reporter: wsmwk, Assigned: hiro)

Tracking

({crash})

unspecified
Thunderbird 24.0
x86
Windows NT
crash

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment, 1 obsolete attachment)

This bug was filed from the Socorro interface and is 
report bp-bbb8d766-abff-4ed7-be2e-959742120703 .
============================================================= 
0	plc4.dll	PL_strcat	nsprpub/lib/libc/src/strcat.c:47
1	xul.dll	nsParseMailMessageState::GetAggregateHeader	mailnews/local/src/nsParseMailbox.cpp:925
2	xul.dll	nsParseMailMessageState::FinalizeHeaders	mailnews/local/src/nsParseMailbox.cpp:1310
3	xul.dll	nsParseMailMessageState::ParseFolderLine	mailnews/local/src/nsParseMailbox.cpp:711
4	xul.dll	nsParseMailMessageState::ParseAFolderLine	mailnews/local/src/nsParseMailbox.cpp:693
5	xul.dll	nsMsgLocalMailFolder::EndMessage	mailnews/local/src/nsLocalMailFolder.cpp:2611
6	xul.dll	nsCopyMessageStreamListener::EndMessage	mailnews/base/src/nsCopyMessageStreamListener.cpp:117
7	xul.dll	nsImapMailFolder::EndMessage	mailnews/imap/src/nsImapMailFolder.cpp:5674 

Reporter writes "It happened when I tied to change the name of a local folder (Sheila)".  Compare to "I wanted to make a new folder in Local Directories. I had to delete a sub folder with the same name first. When I tried to create the directory the programme crashed." in d4d2ac38-ab9a-421d-92b6-7c8302120613

906        PL_strcat (value, header->value);
...
1291  GetAggregateHeader (m_toList, &to);

other crashes with email addresses:
bp-27deecf3-8320-4c22-9da2-012162120730
bp-08f37f6e-8a55-40c5-bc94-4fc972120512
(Assignee)

Comment 1

5 years ago
I guess this crash has been fixed by the fix for bug 707078.
(Assignee)

Comment 2

5 years ago
Created attachment 653272 [details] [diff] [review]
Fix

Gosh! I was totally wrong!
PL_strncat should be used there.
Assignee: nobody → hiikezoe
Status: NEW → ASSIGNED
Attachment #653272 - Flags: review?(mbanner)
(Assignee)

Comment 3

5 years ago
Comment on attachment 653272 [details] [diff] [review]
Fix

clearing review flag.

I was still wrong. This patch causes another crash. I am investigating it.
Attachment #653272 - Flags: review?(mbanner)
(In reply to Hiroyuki Ikezoe (:hiro) from comment #3)
> Comment on attachment 653272 [details] [diff] [review]
> Fix
> 
> clearing review flag.
> 
> I was still wrong. This patch causes another crash. I am investigating it.
Flags: needinfo?(vseerror)
(In reply to Hiroyuki Ikezoe (:hiro) from comment #3)
> Comment on attachment 653272 [details] [diff] [review]
> Fix
> 
> clearing review flag.
> 
> I was still wrong. This patch causes another crash. I am investigating it.

I meant to raise hiro
Flags: needinfo?(vseerror) → needinfo?(hiikezoe)
(Assignee)

Comment 6

4 years ago
attachment 653272 [details] [diff] [review] causes test_searchAddressInAb.js failure. I am investigating it.
Flags: needinfo?(hiikezoe)
(Assignee)

Comment 7

4 years ago
Created attachment 758995 [details] [diff] [review]
Revised fix

The reason of the failure of  test_searchAddressInAb.js with attachment 653272 [details] [diff] [review] is that the allocated memory is not null-terminated. 
This patch ueses PR_CALLOC for the allocated memory.
Attachment #653272 - Attachment is obsolete: true
Attachment #758995 - Flags: review?(mbanner)
(Assignee)

Comment 8

4 years ago
I could confirm all xpcshell tests passed on my local linux box, but please someone push this patch to try server if you have time.
I pushed this to try earlier, results are here: https://tbpl.mozilla.org/?tree=Thunderbird-Try&rev=58cc1bab41a5
But it looks like xpcshell tests are currently broken on thunderbird trunk?
(Assignee)

Comment 10

4 years ago
Bug 837983?
Attachment #758995 - Flags: review?(mbanner) → review+
https://hg.mozilla.org/comm-central/rev/54e80c889446
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 24.0
signature gone for TB24 and newer
https://crash-stats.mozilla.com/query/?product=Thunderbird&version=Thunderbird%3A27.0a1&version=Thunderbird%3A26.0a2&version=Thunderbird%3A26.0a1&version=Thunderbird%3A25.0a2&version=Thunderbird%3A24.0b3&version=Thunderbird%3A24.0b2&version=Thunderbird%3A24.0b1&range_value=4&range_unit=weeks&date=09%2F21%2F2013+15%3A00%3A00&query_search=signature&query_type=is_exactly&query=PL_strcat+|+nsParseMailMessageState%3A%3AGetAggregateHeader%28nsVoidArray%26%2C+message_header*%29&reason=&release_channels=&build_id=&process_type=any&hang_type=any
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.