Last Comment Bug 783886 - crash in nsParseMailMessageState::GetAggregateHeader
: crash in nsParseMailMessageState::GetAggregateHeader
Status: VERIFIED FIXED
: crash
Product: MailNews Core
Classification: Components
Component: Backend (show other bugs)
: unspecified
: x86 Windows NT
: -- critical (vote)
: Thunderbird 24.0
Assigned To: Hiroyuki Ikezoe (:hiro)
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-19 08:16 PDT by Wayne Mery (:wsmwk, NI for questions)
Modified: 2013-09-21 08:27 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Fix (969 bytes, patch)
2012-08-20 00:07 PDT, Hiroyuki Ikezoe (:hiro)
no flags Details | Diff | Review
Revised fix (1.31 KB, patch)
2013-06-05 23:14 PDT, Hiroyuki Ikezoe (:hiro)
standard8: review+
Details | Diff | Review

Description Wayne Mery (:wsmwk, NI for questions) 2012-08-19 08:16:47 PDT
This bug was filed from the Socorro interface and is 
report bp-bbb8d766-abff-4ed7-be2e-959742120703 .
============================================================= 
0	plc4.dll	PL_strcat	nsprpub/lib/libc/src/strcat.c:47
1	xul.dll	nsParseMailMessageState::GetAggregateHeader	mailnews/local/src/nsParseMailbox.cpp:925
2	xul.dll	nsParseMailMessageState::FinalizeHeaders	mailnews/local/src/nsParseMailbox.cpp:1310
3	xul.dll	nsParseMailMessageState::ParseFolderLine	mailnews/local/src/nsParseMailbox.cpp:711
4	xul.dll	nsParseMailMessageState::ParseAFolderLine	mailnews/local/src/nsParseMailbox.cpp:693
5	xul.dll	nsMsgLocalMailFolder::EndMessage	mailnews/local/src/nsLocalMailFolder.cpp:2611
6	xul.dll	nsCopyMessageStreamListener::EndMessage	mailnews/base/src/nsCopyMessageStreamListener.cpp:117
7	xul.dll	nsImapMailFolder::EndMessage	mailnews/imap/src/nsImapMailFolder.cpp:5674 

Reporter writes "It happened when I tied to change the name of a local folder (Sheila)".  Compare to "I wanted to make a new folder in Local Directories. I had to delete a sub folder with the same name first. When I tried to create the directory the programme crashed." in d4d2ac38-ab9a-421d-92b6-7c8302120613

906        PL_strcat (value, header->value);
...
1291  GetAggregateHeader (m_toList, &to);

other crashes with email addresses:
bp-27deecf3-8320-4c22-9da2-012162120730
bp-08f37f6e-8a55-40c5-bc94-4fc972120512
Comment 1 Hiroyuki Ikezoe (:hiro) 2012-08-19 20:31:17 PDT
I guess this crash has been fixed by the fix for bug 707078.
Comment 2 Hiroyuki Ikezoe (:hiro) 2012-08-20 00:07:51 PDT
Created attachment 653272 [details] [diff] [review]
Fix

Gosh! I was totally wrong!
PL_strncat should be used there.
Comment 3 Hiroyuki Ikezoe (:hiro) 2012-08-20 14:46:18 PDT
Comment on attachment 653272 [details] [diff] [review]
Fix

clearing review flag.

I was still wrong. This patch causes another crash. I am investigating it.
Comment 4 Wayne Mery (:wsmwk, NI for questions) 2013-01-14 21:32:20 PST
(In reply to Hiroyuki Ikezoe (:hiro) from comment #3)
> Comment on attachment 653272 [details] [diff] [review]
> Fix
> 
> clearing review flag.
> 
> I was still wrong. This patch causes another crash. I am investigating it.
Comment 5 Wayne Mery (:wsmwk, NI for questions) 2013-01-15 03:17:56 PST
(In reply to Hiroyuki Ikezoe (:hiro) from comment #3)
> Comment on attachment 653272 [details] [diff] [review]
> Fix
> 
> clearing review flag.
> 
> I was still wrong. This patch causes another crash. I am investigating it.

I meant to raise hiro
Comment 6 Hiroyuki Ikezoe (:hiro) 2013-06-05 22:25:39 PDT
attachment 653272 [details] [diff] [review] causes test_searchAddressInAb.js failure. I am investigating it.
Comment 7 Hiroyuki Ikezoe (:hiro) 2013-06-05 23:14:15 PDT
Created attachment 758995 [details] [diff] [review]
Revised fix

The reason of the failure of  test_searchAddressInAb.js with attachment 653272 [details] [diff] [review] is that the allocated memory is not null-terminated. 
This patch ueses PR_CALLOC for the allocated memory.
Comment 8 Hiroyuki Ikezoe (:hiro) 2013-06-05 23:16:06 PDT
I could confirm all xpcshell tests passed on my local linux box, but please someone push this patch to try server if you have time.
Comment 9 Frank Wein [:mcsmurf] 2013-06-18 14:51:13 PDT
I pushed this to try earlier, results are here: https://tbpl.mozilla.org/?tree=Thunderbird-Try&rev=58cc1bab41a5
But it looks like xpcshell tests are currently broken on thunderbird trunk?
Comment 10 Hiroyuki Ikezoe (:hiro) 2013-06-18 15:15:04 PDT
Bug 837983?
Comment 11 Mark Banner (:standard8) 2013-06-24 06:14:23 PDT
https://hg.mozilla.org/comm-central/rev/54e80c889446

Note You need to log in before you can comment on or make changes to this bug.