Thunderbird 17.0.7 crashes with SIGSEGV on attachment insert

RESOLVED WORKSFORME

Status

Thunderbird
Untriaged
--
critical
RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: dyle, Unassigned)

Tracking

({crash, stackwanted})

17 Branch
x86_64
Linux
crash, stackwanted

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.89 Safari/537.36

Steps to reproduce:

I create an email and insert attachments. Thunderbird crashes in 1 out of 2 cases.


Actual results:

SIGSEGV

Run a gdb print with it:


$ gdb thunderbird       
GNU gdb (Gentoo 7.6 p1) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".                                                                                           
For bug reporting instructions, please see:                                                                                                 
<http://bugs.gentoo.org/>...                                                                                                                
Reading symbols from /usr/lib64/thunderbird/thunderbird...done.                                                                             
(gdb) run                                                                                                                                   
Starting program: /usr/lib64/thunderbird/thunderbird                                                                                        
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000                                              
warning: Could not load shared library symbols for linux-vdso.so.1.                                                                         
Do you need "set solib-search-path" or "set sysroot"?                                                                                       
[Thread debugging using libthread_db enabled]                                                                                               
Using host libthread_db library "/lib64/libthread_db.so.1".                                                                                 
[New Thread 0x7fffe3519700 (LWP 9249)]                                                                                                      
[New Thread 0x7fffe23df700 (LWP 9250)]                                                                                                      
[New Thread 0x7fffe17ff700 (LWP 9251)]                                                                                                      
[New Thread 0x7fffe0959700 (LWP 9252)]                                                                                                      
[New Thread 0x7fffde4d5700 (LWP 9255)]                                                                                                      
[New Thread 0x7fffdda80700 (LWP 9256)]                                                                                                      
[New Thread 0x7fffdd0ff700 (LWP 9257)]                                                                                                      
[New Thread 0x7fffdc4fe700 (LWP 9258)]                                                                                                      
[New Thread 0x7fffdbaff700 (LWP 9259)]                                                                                                      
[New Thread 0x7fffd9cff700 (LWP 9260)]                                                                                                      
[New Thread 0x7fffaa5ff700 (LWP 9261)]                                                                                                      
enigmail.js: Registered components                                                                                                          
[New Thread 0x7fffa99ff700 (LWP 9262)]                                                                                                      
[New Thread 0x7fffa8eff700 (LWP 9263)]                                                                                                      
[New Thread 0x7fffa7bff700 (LWP 9264)]                                                                                                      
[New Thread 0x7fffa68ff700 (LWP 9265)]                                                                                                      
[New Thread 0x7fffa59ff700 (LWP 9266)]                                                                                                      
[New Thread 0x7fffa4aff700 (LWP 9267)]                                                                                                      
mimeVerify.jsm: module initialized                                                                                                          
[New Thread 0x7fffa3dff700 (LWP 9268)]                                                                                                      
[New Thread 0x7fffa31ff700 (LWP 9269)]                                                                                                      
[New Thread 0x7fffa27ff700 (LWP 9270)]                                                                                                      
[Thread 0x7fffa8eff700 (LWP 9263) exited]                                                                                                   
[Thread 0x7fffaa5ff700 (LWP 9261) exited]                                                                                                   
[Thread 0x7fffa68ff700 (LWP 9265) exited]
[Thread 0x7fffa3dff700 (LWP 9268) exited]
[New Thread 0x7fffa1ffe700 (LWP 9271)]
[Thread 0x7fffa31ff700 (LWP 9269) exited]
[Thread 0x7fffa59ff700 (LWP 9266) exited]
[New Thread 0x7fffa12ff700 (LWP 9272)]
[Thread 0x7fffa27ff700 (LWP 9270) exited]
[Thread 0x7fffa1ffe700 (LWP 9271) exited]
[New Thread 0x7fffa8eff700 (LWP 9273)]
[New Thread 0x7fffaa5ff700 (LWP 9274)]
[New Thread 0x7fffa68ff700 (LWP 9275)]
[New Thread 0x7fffa3dff700 (LWP 9276)]
[New Thread 0x7fff9e1ff700 (LWP 9277)]
[New Thread 0x7fff9d9fe700 (LWP 9278)]
[New Thread 0x7fff9ccff700 (LWP 9279)]
[New Thread 0x7fff9c2ff700 (LWP 9280)]
[New Thread 0x7fff9b4ff700 (LWP 9281)]
[New Thread 0x7fff9a4ff700 (LWP 9282)]
[New Thread 0x7fff99aff700 (LWP 9283)]
[New Thread 0x7fff98fff700 (LWP 9284)]
[New Thread 0x7fff98dfe700 (LWP 9285)]
[New Thread 0x7fff981fd700 (LWP 9286)]
[New Thread 0x7fff972fd700 (LWP 9288)]
[New Thread 0x7fff970fc700 (LWP 9289)]
[New Thread 0x7fff964fb700 (LWP 9290)]
[Thread 0x7fff964fb700 (LWP 9290) exited]
[Thread 0x7fff970fc700 (LWP 9289) exited]
[New Thread 0x7fff970fc700 (LWP 9291)]
[New Thread 0x7fff964fb700 (LWP 9292)]
[Thread 0x7fffdda80700 (LWP 9256) exited]
[Thread 0x7fff970fc700 (LWP 9291) exited]
[New Thread 0x7fff970fc700 (LWP 9293)]

(thunderbird:9244): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed
[New Thread 0x7fffdda80700 (LWP 9294)]
[New Thread 0x7fff955ff700 (LWP 9295)]
[Thread 0x7fff955ff700 (LWP 9295) exited]
[Thread 0x7fffdda80700 (LWP 9294) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00007fffee742b78 in gdk_window_add_update_window (window=window@entry=0x7fff9a6e5740) at gdkwindow.c:5253
5253    gdkwindow.c: No such file or directory.
(gdb) bt
#0  0x00007fffee742b78 in gdk_window_add_update_window (window=window@entry=0x7fff9a6e5740) at gdkwindow.c:5253
#1  0x00007fffee747722 in IA__gdk_window_process_all_updates () at gdkwindow.c:5700
#2  0x00007fffeefec3e1 in gtk_container_idle_sizer (data=<optimized out>) at gtkcontainer.c:1360
#3  0x00007fffee725a77 in gdk_threads_dispatch (data=0x7fff9b6e3a00) at gdk.c:512
#4  0x00007ffff00f1db5 in g_main_dispatch (context=0x7ffff6b26e00) at gmain.c:2715
#5  g_main_context_dispatch (context=context@entry=0x7ffff6b26e00) at gmain.c:3219
#6  0x00007ffff00f20e8 in g_main_context_iterate (context=context@entry=0x7ffff6b26e00, block=block@entry=0, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3290
#7  0x00007ffff00f21a4 in g_main_context_iteration (context=0x7ffff6b26e00, may_block=0) at gmain.c:3351
#8  0x00007ffff47f6670 in nsAppShell::ProcessNextNativeEvent (this=<optimized out>, mayWait=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/widget/gtk2/nsAppShell.cpp:131
#9  0x00007ffff480c013 in nsBaseAppShell::DoProcessNextNativeEvent (this=this@entry=0x7fffdf8b30f0, mayWait=mayWait@entry=false, 
    recursionDepth=recursionDepth@entry=0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:139
#10 0x00007ffff480c0da in nsBaseAppShell::OnProcessNextEvent (this=0x7fffdf8b30f0, thr=0x7ffff6b29ce0, mayWait=false, recursionDepth=0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:280
#11 0x00007ffff4b7fb31 in nsThread::ProcessNextEvent (this=0x7ffff6b29ce0, mayWait=false, result=0x7fffffffc16f)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/xpcom/threads/nsThread.cpp:586
#12 0x00007ffff4b56a5e in NS_ProcessNextEvent_P (thread=<optimized out>, mayWait=mayWait@entry=false)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/tbird/mozilla/xpcom/build/nsThreadUtils.cpp:220
#13 0x00007ffff4aa12ec in mozilla::ipc::MessagePump::Run (this=0x7fffe9439480, aDelegate=0x7ffff6b70fc0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/ipc/glue/MessagePump.cpp:82
#14 0x00007ffff4b9baed in RunHandler (this=0x7ffff6b70fc0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/ipc/chromium/src/base/message_loop.cc:201
#15 MessageLoop::Run (this=0x7ffff6b70fc0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/ipc/chromium/src/base/message_loop.cc:175
#16 0x00007ffff480b9fb in nsBaseAppShell::Run (this=0x7fffdf8b30f0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:163
#17 0x00007ffff46ee869 in nsAppStartup::Run (this=0x7fffdf8986f0)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/toolkit/components/startup/nsAppStartup.cpp:273
#18 0x00007ffff3f32910 in XREMain::XRE_mainRun (this=this@entry=0x7fffffffc388)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/toolkit/xre/nsAppRunner.cpp:3812
#19 0x00007ffff3f34786 in XREMain::XRE_main (this=this@entry=0x7fffffffc388, argc=argc@entry=1, argv=argv@entry=0x7fffffffd758, 
    aAppData=aAppData@entry=0x7ffff6b33600)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/toolkit/xre/nsAppRunner.cpp:3889
#20 0x00007ffff3f3498c in XRE_main (argc=1, argv=0x7fffffffd758, aAppData=0x7ffff6b33600, aFlags=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mozilla/toolkit/xre/nsAppRunner.cpp:3965
#21 0x0000000000402c5c in do_main (argv=0x7fffffffd758, argc=1, exePath=0x7fffffffc640 "/usr/lib64/thunderbird/")
    at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mail/app/nsMailApp.cpp:111
#22 main (argc=1, argv=0x7fffffffd758) at /var/tmp/portage/mail-client/thunderbird-17.0.7-r1/work/comm-esr17/mail/app/nsMailApp.cpp:200


Expected results:

Well, no crash. It

Comment 1

4 years ago
Stack unfortunately lacks thunderbird symbols
Severity: normal → critical
Keywords: crash, stackwanted
(Reporter)

Comment 2

4 years ago
Hm, I do compile with debug symbols - it's a Gentoo machine.

$ grep FLAGS /etc/portage/make.conf
CFLAGS="-march=native -g -O2 -pipe -fomit-frame-pointer -ggdb"
CXXFLAGS="${CFLAGS}"

I'm open for suggestions. What should I do? There's the "debug" USE flag of the Gentoo Thunderbird ebuild but AFAIK this does not induce more debug information than already stated above.

I'm open for suggestions. What should I do?

Should I add some 'fprintf(stderr, "Blah");' in gdkwindow.c:5253?

Comment 3

4 years ago
Jory, can you advise?
Flags: needinfo?(anarchy)

Comment 4

4 years ago
This needs to be closed and sent back downstream. I see no reason why downstream was passed. This is most likely an issue of downstream bug.

https://bugs.gentoo.org/show_bug.cgi?id=489900

With no downstream bug, I have no way to duplicate the enviroment in order to reproduce.
(Reporter)

Comment 5

4 years ago
At a first glance https://bugs.gentoo.org/show_bug.cgi?id=489900 does not seem to be related to this bug. Also I do not see why this should be a downstream bug either. Clearly this problem occurs right in the guts of the thunderbird codebase (gdk_window_add_update_window) and causes it to crash.

But actually I'm on TB 24.2.0 and don't have this problem any longer. TB does not crash when inserting attachments ... even with gconf unchanged as conversely mentioned in the Gentoo's bugzilla.

See this is a 5 month old bug report and in the meantime a lot of things changed in TB and Gentoo. And obviously for the better. I can't reproduce the bug myself on the very same system with the very same account data.

So, yes: close.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME

Updated

4 years ago
Flags: needinfo?(anarchy)
You need to log in before you can comment on or make changes to this bug.