Closed
Bug 2767
Opened 26 years ago
Closed 26 years ago
MSG_FolderInfo::GetFoldersWithFlag can crash
Categories
(MailNews Core :: Backend, defect, P1)
Tracking
(Not tracked)
VERIFIED
INVALID
M4
People
(Reporter: ricardob, Assigned: phil)
Details
(This bug imported from BugSplat, Netscape's internal bugsystem. It
was known there as bug #330016
http://scopus.netscape.com/bugsplat/show_bug.cgi?id=330016
Imported into Bugzilla on 01/28/99 17:16)
From talkback incident 846638, Tracking ID: JSK30LQI GetFoldersWithFlag can use
a null m_subFolders and crash attempting to get its size.
The fix is (in my tree) is to test m_subFolders before using it.
int32 MSG_FolderInfo::GetFoldersWithFlag(uint32 f, MSG_FolderInfo** result,
int32 resultsize)
{
int num = 0;
if ((f & m_flags) == f) {
if (result && num < resultsize) {
result[num] = this;
}
num ;
}
MSG_FolderInfo *folder = NULL;
if (m_subFolders) {
for (int i=0; i < m_subFolders->GetSize(); i ) {
folder = m_subFolders->GetAt(i);
// CAREFUL! if NULL ise passed in for result then the
caller
// still wants the full count! Otherwise, the result
should be at most the
// number that the caller asked for.
if (!result)
num = folder->GetFoldersWithFlag(f, NULL, 0);
else if (num < resultsize)
num = folder->GetFoldersWithFlag(f, result
num, resultsize - num);
else
break;
}
}
return num;
}
Bienvenu may have an idea as to why this happened.
Comment 2•26 years ago
|
||
Phil might have a clue. It's still evil to be in this situation, even if we can
add bulletproofing.
Assignee | ||
Comment 3•26 years ago
|
||
I think we should understand why we're in this situation. m_subFolders should
never be null. If the right fix for the problem is to check m_subFolders, that's
ok, but I don't get the impression we know what the real problem is yet.
Comment 4•26 years ago
|
||
I think it's not that m_subFolders is NULL; it's that m_subFolders contains a
NULL pointer - I remember that this can happen if notifications are handled or
propagated right, or something...
Assigning to phil. I agree, I've seen in a few talkback reports similar
situations, where the pointer is null so something happened before hitting this
arrays.
Assignee | ||
Comment 7•26 years ago
|
||
Doesn't meet marek's 4.51 criteria. TFV 5.0
I (or someone else) will be moving enhancements, etc, bugs targeted for 5.0 to
bugzilla in the near future.
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 10•26 years ago
|
||
I don't think this is going to apply to 5.0. Marking invalid in bugzilla.
Comment 11•26 years ago
|
||
marking verified since this no longer applies to 5.0 code.
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•