Closed Bug 837643 Opened 12 years ago Closed 12 years ago

crash in nsMsgDatabase::ClearHdrCache

Categories

(MailNews Core :: Database, defect)

Product:
MailNews Core
Component:
Database
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 23.0

People

(Reporter: wsmwk, Assigned: mkmelin)

Details

(Keywords: crash, regression, Whiteboard: [regression:TB17?])

Crash Data

Attachments

(1 file)

proposed fix
1.10 KB, patch
Irving
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-888d8ea1-aff2-4afb-a247-f44b22130202 . ============================================================= 0 @0xba6adc7 1 xul.dll nsMsgDatabase::ClearHdrCache mailnews/db/msgdb/src/nsMsgDatabase.cpp:608 2 xul.dll nsMsgDatabase::AddHdrToCache mailnews/db/msgdb/src/nsMsgDatabase.cpp:465 3 xul.dll nsMsgDatabase::CreateMsgHdr mailnews/db/msgdb/src/nsMsgDatabase.cpp:788 4 xul.dll nsMsgDBEnumerator::PrefetchNext mailnews/db/msgdb/src/nsMsgDatabase.cpp:2834 5 xul.dll nsMsgDBEnumerator::HasMoreElements mailnews/db/msgdb/src/nsMsgDatabase.cpp:2860 6 xul.dll nsMsgDatabase::InitRefHash mailnews/db/msgdb/src/nsMsgDatabase.cpp:4245 7 xul.dll nsMsgDatabase::GetRefFromHash mailnews/db/msgdb/src/nsMsgDatabase.cpp:4113 8 xul.dll nsMsgDatabase::GetThreadForMessageId mailnews/db/msgdb/src/nsMsgDatabase.cpp:4431 9 xul.dll nsMsgDatabase::ThreadNewHdr mailnews/db/msgdb/src/nsMsgDatabase.cpp:4521 10 xul.dll nsMsgDatabase::AddNewHdrToDB mailnews/db/msgdb/src/nsMsgDatabase.cpp:3400 11 xul.dll nsImapMailDatabase::AddNewHdrToDB mailnews/db/msgdb/src/nsImapMailDatabase.cpp:104 crashes last line of mwu@9538 601nsresult nsMsgDatabase::ClearHdrCache(bool reInit) hg@0 602{ hg@0 603 if (m_cachedHeaders) hg@0 604 { hg@0 605 // save this away in case we renter this code. hg@0 606 PLDHashTable *saveCachedHeaders = m_cachedHeaders; mconley@13475 607 m_cachedHeaders = nullptr; mconley@13475 608 PL_DHashTableEnumerate(saveCachedHeaders, HeaderEnumerator, nullptr); where those lines changed with mconley's checking with Bug 776630 - Switch comm-central from using nsnull to nullptr. Prior to TB17 this crash sig was rare. OTOH, slightly different stack with signature 0x0 | nsMsgDatabase::ClearHdrCache(bool) is not so rare in TB16 example - bp-63c6d147-d3ea-4aef-8b3f-d9ea52121203 ditto PL_DHashTableEnumerate | nsMsgDatabase::ClearHdrCache(bool) bp-3a10ed8b-b377-44df-b1be-ae9612130131
one more story similar to DHashTableEnumerate | nsMsgDatabase::ClearHdrCache(bool) -- well established in TB16 nsMsgDatabase::HeaderEnumerator(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) bp-854efc23-9a80-47e5-88c0-0b5f82130204 0 xul.dll nsMsgDatabase::HeaderEnumerator mailnews/db/msgdb/src/nsMsgDatabase.cpp:486 1 xul.dll PL_DHashTableEnumerate objdir-tb/mozilla/xpcom/build/pldhash.cpp:715 2 xul.dll nsMsgDatabase::ClearHdrCache mailnews/db/msgdb/src/nsMsgDatabase.cpp:608 3 xul.dll nsMsgDatabase::AddHdrToCache mailnews/db/msgdb/src/nsMsgDatabase.cpp:465 4 xul.dll nsMsgDatabase::CreateMsgHdr mailnews/db/msgdb/src/nsMsgDatabase.cpp:788 5 xul.dll nsMsgDatabase::GetMsgHdrForGMMsgID mailnews/db/msgdb/src/nsMsgDatabase.cpp:4629 6 xul.dll nsImapMailFolder::GetOfflineMsgFolder mailnews/imap/src/nsImapMailFolder.cpp:9672 7 xul.dll nsImapMailFolder::HasMsgOffline mailnews/imap/src/nsImapMailFolder.cpp:9577 8 xul.dll nsImapProtocol::TryToRunUrlLocally mailnews/imap/src/nsImapProtocol.cpp:2026 perhaps there is more than one bug. and perhaps this is related to an even older crash? bug 625850?
Crash Signature: [@ nsMsgDatabase::ClearHdrCache(bool)] [@ @0x0 | nsMsgDatabase::ClearHdrCache(bool) ] [@ PL_DHashTableEnumerate | nsMsgDatabase::ClearHdrCache(bool)] → [@ nsMsgDatabase::ClearHdrCache(bool)] [@ @0x0 | nsMsgDatabase::ClearHdrCache(bool) ] [@ PL_DHashTableEnumerate | nsMsgDatabase::ClearHdrCache(bool)] [@ nsMsgDatabase::HeaderEnumerator(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*)]
OS: Windows NT → All
Attached patch proposed fixSplinter Review
ClearHeaderEnumerator a few lines down also protects against null.
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Attachment #731621 - Flags: review?(irving)
Comment on attachment 731621 [details] [diff] [review] proposed fix Review of attachment 731621 [details] [diff] [review]: ----------------------------------------------------------------- ::: mailnews/db/msgdb/src/nsMsgDatabase.cpp @@ +484,5 @@ > { > > MsgHdrHashElement* element = reinterpret_cast<MsgHdrHashElement*>(hdr); > + if (element) > + NS_IF_RELEASE(element->mHdr); This only gets called from http://mxr.mozilla.org/comm-central/source/mailnews/db/msgdb/src/nsMsgDatabase.cpp#603; any idea why m_cachedHeaders would contain a null entry? That said, the fix looks safe to me.
Attachment #731621 - Flags: review?(irving) → review+
(In reply to :Irving Reid from comment #3) > nsMsgDatabase.cpp#603; any idea why m_cachedHeaders would contain a null > entry? No idea, sorry.
http://hg.mozilla.org/comm-central/rev/125f9c2a7a67 -> FIXED
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 23.0
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: