Bug#768001: Icedove crashes on mime_decode_qp_buffer()
Hi, I had attached the respective mail in my second comment, base64-encoded so the bugtracker does not convert it in any kind: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768001#12 - Roland -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768001: Icedove crashes on mime_decode_qp_buffer()
Hello Roland, can you please attach this email that produces the segfault? If we can reproduce the segfault it's much easier to catch the real issue. Regards Carsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768001: Icedove crashes on mime_decode_qp_buffer()
Control: found 768001 icedove/3.0.11-1+squeeze15 On 04.11.2014 07:10, Carsten Schoenert wrote: as you tagged this issue is found in the current version in testing and experimental, what about this bug in earlier versions? I could reproduce it on a squeeze VM running icedove-3.0.11-1+squeeze15. The GDB output is attached below, and it looks similar. The backtrace even contains more information (see stack #3, the line contains an \n and is strangely off characters...) And can you please open up or search a similiar bug in the Mozilla bugtracker and give us the forward address? I found one related bug entry in the bugtracker there. https://bugzilla.mozilla.org/show_bug.cgi?id=469087 I didn't find anything reated in the upstream tracker, besides that. But the bug isn't activatly worked on. And the reporter was reporting a windows version before TB3. There are no crash reports for such a errors. https://crash-stats.mozilla.com/report/list?product=Thunderbirdquery_search=signaturequery_type=exactquery=mime_decode_qp_bufferdate=12%2F30%2F2010%2006%3A14%3A17range_value=4range_unit=weekshang_type=anyprocess_type=allplugin_field=plugin_query_type=plugin_query=do_query=1admin=signature=mime_decode_qp_buffer#tab-correlations This makes it hard to reproduce the issue for any developer. OK, so what do I need to do to get a crash report for this kind of behaviour? - Roland Program received signal SIGSEGV, Segmentation fault. mime_decode_qp_buffer (data=0x7fffd9d07f80, buffer=0x7fffef853fcf \n, size=0) at mimeenc.cpp:189 189 mimeenc.cpp: No such file or directory. in mimeenc.cpp (gdb) bt #0 mime_decode_qp_buffer (data=0x7fffd9d07f80, buffer=0x7fffef853fcf \n, size=0) at mimeenc.cpp:189 #1 MimeDecoderWrite (data=0x7fffd9d07f80, buffer=0x7fffef853fcf \n, size=0) at mimeenc.cpp:840 #2 0x7fffef83348e in mime_decompose_file_output_fn ( buf=value optimized out, size=1, stream_closure=value optimized out) at mimedrft.cpp:1964 #3 0x7fffef821d7d in MimeMessage_parse_line ( aLine=0x7fffd9c51400 y\n(Sva, zeltophil, Martin, gnrp, Jen and Cbas, aLength=45, obj=0x7fffd9c22aa0) at mimemsg.cpp:222 #4 0x7fffef824517 in MimeObject_parse_eof (obj=0x7fffd9c22aa0, abort_p=value optimized out) at mimeobj.cpp:299 #5 0x7fffef818d54 in MimeContainer_parse_eof (object=0x0, abort_p=2) at mimecont.cpp:129 #6 0x7fffef8225b3 in MimeMessage_parse_eof (obj=0x7fffd9c22aa0, abort_p=0) at mimemsg.cpp:542 #7 0x7fffef8352dc in mime_parse_stream_complete ( stream=value optimized out) at mimedrft.cpp:1203 #8 0x7fffef831481 in nsStreamConverter::OnStopRequest ( this=0x7fffdc28c6c0, request=0x7fffd9c3bd98, ctxt=0x7fffd9d3c140, status=0) at nsStreamConverter.cpp:1068 #9 0x7fffef676204 in nsMsgProtocol::OnStopRequest (this=0x7fffd9c3bd90, request=value optimized out, ctxt=0x7fffd9d3c140, aStatus=0) at nsMsgProtocol.cpp:401 #10 0x7fffef7002c3 in nsMailboxProtocol::OnStopRequest ( this=0x7fffd9c3bd90, request=0x7fffd9dc7390, ctxt=0x7fffd9d3c140, aStatus=0) at nsMailboxProtocol.cpp:381 #11 0x7fffeeec0b8b in nsInputStreamPump::OnStateStop (this=0x7fffd9dc7390) at nsInputStreamPump.cpp:576 #12 0x7fffeeec0df5 in nsInputStreamPump::OnInputStreamReady ( this=0x7fffd9dc7390, stream=0x2) at nsInputStreamPump.cpp:401 #13 0x779547c4 in nsInputStreamReadyEvent::Run (this=0x7fffd9c05a30) at nsStreamUtils.cpp:111 #14 0x779669d3 in nsThread::ProcessNextEvent (this=0x70840620, mayWait=1, result=0x7fffdc2c) at nsThread.cpp:521 #15 0x7793c740 in NS_ProcessNextEvent_P (thread=0x0, mayWait=2) at nsThreadUtils.cpp:247 #16 0x7fffecadd375 in nsBaseAppShell::Run (this=0x7fffefbdbb20) at nsBaseAppShell.cpp:170 #17 0x7fffeabd9bc4 in nsAppStartup::Run (this=0x7fffeb05bc40) at nsAppStartup.cpp:193 #18 0x77bcbdda in XRE_main (argc=value optimized out, argv=value optimized out, aAppData=value optimized out) at nsAppRunner.cpp:3321 #19 0x00401846 in main (argc=1, argv=0x7fffe418) at nsMailApp.cpp:103 (gdb) q
Bug#768001: Icedove crashes on mime_decode_qp_buffer()
Hello Roland, On Thu, Jan 15, 2015 at 04:04:23AM +0100, Roland Hieber wrote: I could reproduce it on a squeeze VM running icedove-3.0.11-1+squeeze15. The GDB output is attached below, and it looks similar. The backtrace even contains more information (see stack #3, the line contains an \n and is strangely off characters...) It's strange and interessing that you see this issue backt to this old version of Icedove, so possible it's a real old bug that happen not very often. But we from the Debian packaging side haven't enough man power to fix such bugs explicitly in such old versions. [...] I didn't find anything reated in the upstream tracker, besides that. O.k. then I missed the real point and picked up a wrong upstream bug. [...] OK, so what do I need to do to get a crash report for this kind of behaviour? The right place for fixing such issues is the bugtracker at Mozilla, as ist's a problem within the upstream source and not related to the Debian packaging. So I suggest to open up a new bug entry in the Mozilla bugtracker. But the developers request mostly a reproducable way to catch the issue, so please provide as much as possible the informations you can give. Append your GDB sessions. But please expand before your GDB command to 'thread apply all bt' Icedove is a multithreaded application so you want propably see all informations from all threads. Please see https://wiki.debian.org/Icedove#Starting_Debugging for more informations. If you open up the entry on Mozilla please give back the forwarding adress and append this to this bug here. It's easiest to do with the 'bts' command. Also set a tag 'upstream'. $ bts forwarded 768001 http:/bugzilla.mozilla.org/foo/... $ bts tag 768001 upstream Regards Carsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768001: Icedove crashes on mime_decode_qp_buffer()
Hello Roland, On Tue, Nov 04, 2014 at 03:22:44AM +0100, Roland Hieber wrote: There seems to be some magic going on between reportbug and the Debian bugtracker, which caused the offending message to be re-encoded so Icedove no longer shows the described behaviour. Please see *this* attachment instead, which is the offending message again, but explicitly piped through base64(1) by me to (hopefully) prevent any re-encoding. as you tagged this issue is found in the current version in testing and experimental, what about this bug in earlier versions? And can you please open up or search a similiar bug in the Mozilla bugtracker and give us the forward address? I found one related bug entry in the bugtracker there. https://bugzilla.mozilla.org/show_bug.cgi?id=469087 But the bug isn't activatly worked on. And the reporter was reporting a windows version before TB3. There are no crash reports for such a errors. https://crash-stats.mozilla.com/report/list?product=Thunderbirdquery_search=signaturequery_type=exactquery=mime_decode_qp_bufferdate=12%2F30%2F2010%2006%3A14%3A17range_value=4range_unit=weekshang_type=anyprocess_type=allplugin_field=plugin_query_type=plugin_query=do_query=1admin=signature=mime_decode_qp_buffer#tab-correlations This makes it hard to reproduce the issue for any developer. Regards Carsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
