Closed Bug 2767 Opened 26 years ago Closed 26 years ago

MSG_FolderInfo::GetFoldersWithFlag can crash

Categories

(MailNews Core :: Backend, defect, P1)

x86
Windows NT
defect

Tracking

(Not tracked)

VERIFIED INVALID

People

(Reporter: ricardob, Assigned: phil)

Details

(This bug imported from BugSplat, Netscape's internal bugsystem. It was known there as bug #330016 http://scopus.netscape.com/bugsplat/show_bug.cgi?id=330016 Imported into Bugzilla on 01/28/99 17:16) From talkback incident 846638, Tracking ID: JSK30LQI GetFoldersWithFlag can use a null m_subFolders and crash attempting to get its size. The fix is (in my tree) is to test m_subFolders before using it. int32 MSG_FolderInfo::GetFoldersWithFlag(uint32 f, MSG_FolderInfo** result, int32 resultsize) { int num = 0; if ((f & m_flags) == f) { if (result && num < resultsize) { result[num] = this; } num ; } MSG_FolderInfo *folder = NULL; if (m_subFolders) { for (int i=0; i < m_subFolders->GetSize(); i ) { folder = m_subFolders->GetAt(i); // CAREFUL! if NULL ise passed in for result then the caller // still wants the full count! Otherwise, the result should be at most the // number that the caller asked for. if (!result) num = folder->GetFoldersWithFlag(f, NULL, 0); else if (num < resultsize) num = folder->GetFoldersWithFlag(f, result num, resultsize - num); else break; } } return num; } Bienvenu may have an idea as to why this happened.
Assigning
Phil might have a clue. It's still evil to be in this situation, even if we can add bulletproofing.
I think we should understand why we're in this situation. m_subFolders should never be null. If the right fix for the problem is to check m_subFolders, that's ok, but I don't get the impression we know what the real problem is yet.
I think it's not that m_subFolders is NULL; it's that m_subFolders contains a NULL pointer - I remember that this can happen if notifications are handled or propagated right, or something...
Assigning to phil. I agree, I've seen in a few talkback reports similar situations, where the pointer is null so something happened before hitting this arrays.
adding myself to cc: list.
Doesn't meet marek's 4.51 criteria. TFV 5.0
I (or someone else) will be moving enhancements, etc, bugs targeted for 5.0 to bugzilla in the near future.
QA Contact: 4098
Setting all current Open/Normal to M4.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → INVALID
I don't think this is going to apply to 5.0. Marking invalid in bugzilla.
Status: RESOLVED → VERIFIED
marking verified since this no longer applies to 5.0 code.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.