Closed Bug 81283 Opened 23 years ago Closed 23 years ago

crash deleting mail message

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 74883

People

(Reporter: blizzard, Assigned: jband_mozilla)

Details

I just crashed deleting a mail message.  Build is from May 16, 2001.

#5  NativeSetMap::Entry::Match (table=0x818cc10, entry=0x44652168, 
    key=0x4464f270) at xpcmaps.cpp:343
#6  0x40126bd0 in SearchTable (table=0x818cc10, key=0x4464f270, 
    keyHash=4287896124) at jsdhash.c:266
#7  0x40126d19 in ChangeTable (table=0x818cc10, deltaLog2=1, 
    findEntry=0xbfffe1f0) at jsdhash.c:328
#8  0x40126e88 in JS_DHashTableOperate (table=0x818cc10, key=0xbfffe238, 
    op=JS_DHASH_ADD) at jsdhash.c:418
#9  0x404d8540 in XPCNativeSet::GetNewOrUsed (ccx=@0xbfffe6f8, 
    otherSet=0x421102b8, newInterface=0x411d4a38, position=2) at xpcmaps.h:471
#10 0x404d4dbd in XPCWrappedNative::ExtendSet (this=0x42117470, 
    ccx=@0xbfffe6f8, aInterface=0x411d4a38) at xpcwrappednative.cpp:1143
#11 0x404d536a in XPCWrappedNative::InitTearOff (this=0x42117470, 
    ccx=@0xbfffe6f8, aTearOff=0x421d6598, aInterface=0x411d4a38, 
    needJSObject=0) at xpcinlines.h:465
#12 0x404d4f30 in XPCWrappedNative::FindTearOff (this=0x42117470, 
    ccx=@0xbfffe6f8, aInterface=0x411d4a38, needJSObject=0, pError=0xbfffe3c4)
    at xpcwrappednative.cpp:1207
#13 0x404d36d9 in XPCWrappedNative::GetNewOrUsed (ccx=@0xbfffe6f8, 
    Object=0x41138448, Scope=0x8461858, Interface=0x411d4a38, 
    resultWrapper=0xbfffe460) at xpcwrappednative.cpp:224
#14 0x404c5568 in XPCConvert::NativeInterface2JSObject (ccx=@0xbfffe6f8, 
    dest=0xbfffe4a8, src=0x41138448, iid=0x421d6580, scope=0x4219b180, 
    pErr=0xbfffe5d8) at xpcconvert.cpp:794
#15 0x404c4c56 in XPCConvert::NativeData2JS (ccx=@0xbfffe6f8, d=0xbfffe59c, 
    s=0xbfffe648, type=@0xbfffe5a6, iid=0x421d6580, scope=0x4219b180, 
    pErr=0xbfffe5d8) at ../../../../dist/include/nsCOMPtr.h:1131
#16 0x404d6705 in XPCWrappedNative::CallMethod (ccx=@0xbfffe6f8, 
    mode=CALL_METHOD) at xpcinlines.h:131
#17 0x404db469 in XPC_WN_CallMethod (cx=0x8248e68, obj=0x4219b180, argc=1, 
    argv=0x44679ac8, vp=0xbfffe818) at xpcwrappednativejsops.cpp:1241
#18 0x401369cf in js_Invoke (cx=0x8248e68, argc=1, flags=0) at jsinterp.c:813
#19 0x4013e093 in js_Interpret (cx=0x8248e68, result=0xbfffea54)
    at jsinterp.c:2708
#20 0x40136a27 in js_Invoke (cx=0x8248e68, argc=4, flags=2) at jsinterp.c:830
#21 0x404d1fbf in nsXPCWrappedJSClass::CallMethod (this=0x8685050, 
    wrapper=0x86856b8, methodIndex=6, info=0x8484a44, nativeParams=0xbfffefb8)
    at xpcwrappedjsclass.cpp:960
#22 0x404d0323 in nsXPCWrappedJS::CallMethod (this=0x86856b8, methodIndex=6, 
    info=0x8484a44, params=0xbfffefb8) at xpcwrappedjs.cpp:426
#23 0x400d74bb in PrepareAndDispatch (self=0x86856b8, methodIndex=6, 
    args=0xbffff074) at xptcstubs_unixish_x86.cpp:80
#24 0x400d75a2 in nsXPTCStubBase::Stub6 (this=0x86856b8)
    at ../../../../../../dist/include/xptcstubsdef.inc:8
#25 0x41a4b607 in nsMsgMailSession::OnItemIntPropertyChanged (this=0x8635b78, 
    item=0x41138448, property=0x41120158, oldValue=26924, newValue=26925)
    at nsMsgMailSession.cpp:172
#26 0x4204ce4b in nsMsgFolder::NotifyIntPropertyChanged (this=0x41138448, 
    property=0x41120158, oldValue=26924, newValue=26925)
    at ../../../dist/include/nsCOMPtr.h:649
#27 0x4204b2d4 in nsMsgFolder::ChangeNumPendingTotalMessages (this=0x41138448, 
    delta=1) at nsMsgFolder.cpp:1427
#28 0x41fedfa9 in nsImapMailFolder::UpdatePendingCounts (this=0x41138448, 
    countUnread=1, missingAreRead=0) at nsImapMailFolder.cpp:3924
#29 0x41fed7d7 in nsImapMailFolder::OnStopRunningUrl (this=0x41138448, 
    aUrl=0x42c521d4, aExitCode=0) at nsImapMailFolder.cpp:3772
#30 0x41a4b046 in nsUrlListenerManager::BroadcastChange (this=0x42324f20, 
    aUrl=0x42c521d4, notification=nsUrlNotifyStopRunning, aErrorCode=0)
    at ../../../dist/include/nsCOMPtr.h:649
#31 0x41a4b0d2 in nsUrlListenerManager::OnStopRunningUrl (this=0x42324f20, 
    aUrl=0x42c521d4, aErrorCode=0) at nsUrlListenerManager.cpp:110
#32 0x4205c6d8 in nsMsgMailNewsUrl::SetUrlState (this=0x42c521d4, 
    aRunningUrl=0, aExitCode=0) at ../../../dist/include/nsCOMPtr.h:649
#33 0x41fef58d in nsImapMailFolder::SetUrlState (this=0x41130a38, 
    aProtocol=0x44647400, aUrl=0x42c521d4, isRunning=0, statusCode=0)
    at nsImapMailFolder.cpp:4468
#34 0x42006f8f in SetUrlStateProxyEvent::HandleEvent (this=0x84351c8)
    at ../../../dist/include/nsCOMPtr.h:642
#35 0x4200470c in nsImapEvent::imap_event_handler (aEvent=0x84351c8)
    at nsImapProxyEvent.cpp:75
#36 0x400c2d6f in PL_HandleEvent (self=0x84351c8) at plevent.c:588
#37 0x400c2c7d in PL_ProcessPendingEvents (self=0x80b8140) at plevent.c:518
#38 0x400c3ddf in nsEventQueueImpl::ProcessPendingEvents (this=0x80b8118)
    at nsEventQueue.cpp:374
#39 0x40527a86 in event_processor_callback (data=0x80b8118, source=5, 
    condition=GDK_INPUT_READ) at nsAppShell.cpp:168
#40 0x405277d5 in our_gdk_io_invoke (source=0x816ce10, condition=G_IO_IN, 
    data=0x816cd80) at nsAppShell.cpp:61
#41 0x406d001e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#42 0x406d17f3 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#43 0x406d1dd9 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#44 0x406d1f8c in g_main_run () from /usr/lib/libglib-1.2.so.0
#45 0x405e9803 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#46 0x40527fb6 in nsAppShell::Run (this=0x8107588) at nsAppShell.cpp:360
#47 0x404fde8a in nsAppShellService::Run (this=0x80f2938)
    at ../../../dist/include/nsCOMPtr.h:649
#48 0x0804e517 in main1 (argc=1, argv=0xbffff99c, nativeApp=0x0)
    at ../../dist/include/nsCOMPtr.h:649
#49 0x0804edb7 in main (argc=1, argv=0xbffff99c) at nsAppRunner.cpp:1308
#50 0x401fb177 in __libc_start_main (main=0x804ec6c <main>, argc=1, 
    ubp_av=0xbffff99c, init=0x804af28 <_init>, fini=0x80508ac <_fini>, 
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff98c)
    at ../sysdeps/generic/libc-start.c:129
(gdb) k
Kill the program being debugged? (y or n) y
(gdb) quit
Yuk. 
Any chance something further up the stack is whacked?
Any reproducability?
I'm trying to trigger this on NT without any failure (so far).
Is it possible to look at locals in the crashing stack frame?
 Are either Set1 or Set2 garbage or null?

mscott: unless you have reason to suspect a problem in the mail code then please 
reassign to me. It sure looks like a bug in the new xpconnect code. But I can't 
pinpoint it yet.
Nope, just happened randomly and I already killed the process.  I can't keep the
browser running long enough because of other crashes to reproduce this.  :) 
I'll comment again if I see it, though.  Give me explicit instructions of what
you would like for me to do when I see it if you can.
thanks for jumping in John. The mail part of the stack trace looks correct to me
so I'll re-assign it to you.
Assignee: mscott → jband
bug 74883 *may* be the culprit here. The fact that we're getting called from 
ChangeTable (which is crashing elsewhere) is interesting.

blizzard: If the line numbers are correct then you are in 
NativeSetMap::Entry::Match and the local vars Set1 and Set2 are in use. An 
inlined method is getting called on Set2 and it is crashing. It seems likely 
that Set2 is either null or garbage. It should have a member named mMemberCount 
that should look like a reasonable (and smallish) PRUint16. If you could inspect 
Set2 and Set2->mMemberCount. At this point I'm betting that Set2 is messed up 
and I *hope* the fix for bug 74883 will just make this go away.
Status: NEW → ASSIGNED
On my system findEntry was null and not being tested and generated a fault 
right at the compare of the parameter in the SearchTable call. Brenden had put a 
patch up that I was going to try and see if it fixes that problem. Like you 
said, hopefully the fix will fix this bug as well.
My fix is in -- my hasty patch yesterday (done in anthonyd's cube under duress)
failed to check findEntry for null-ness.  All better now, sorry for the dup.

/be

*** This bug has been marked as a duplicate of 74883 ***
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
verified dup.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.