Closed
Bug 32012
Opened 25 years ago
Closed 24 years ago
illegal usage of nsString in nsMsgDatabase::YarnTonsString
Categories
(MailNews Core :: Internationalization, defect, P3)
MailNews Core
Internationalization
Tracking
(Not tracked)
RESOLVED
FIXED
M17
People
(Reporter: ftang, Assigned: Bienvenu)
References
Details
When I turn on the nsString illegal usage detection code (see 28424) and open my
mailbox (IMAP4), I hit the following problme. the nsMsgDatabase::YarnTonsString
passing char* to nsString in a illegal way. The nsString can only handle ASCII
value in char* but not other data from 0x80-0xFF without proper conversion.
Here is the stack trace
NTDLL! 77f662ac()
nsDebug::Assertion(const char * 0x100a7160, const char * 0x100a7150, const char
* 0x100a7128, int 0x0000010e) line 189 + 13 bytes
CopyChars1To2(char * 0x00129c58, int 0x00000000, const char * 0x0661680c,
unsigned int 0x00000000, unsigned int 0x0000003c) line 270 + 31 bytes
nsStr::Append(nsStr & {...}, const nsStr & {...}, unsigned int 0x00000000, int
0x0000003c) line 171 + 50 bytes
nsString::Append(const char * 0x0661680c, int 0x0000003c) line 1072 + 43 bytes
nsString::Assign(const char * 0x0661680c, int 0x0000003c) line 944
nsMsgDatabase::YarnTonsString(mdbYarn * 0x00129acc, nsString * 0x00129c40) line 2573
nsMsgDatabase::RowCellColumnTonsString(nsIMdbRow * 0x066152f8, unsigned long
0x00000081, nsString & {...}) line 2345 + 13 bytes
nsMsgDatabase::RowCellColumnToMime2DecodedString(nsIMdbRow * 0x066152f8,
unsigned long 0x00000081, nsString & {...}) line 2375 + 26 bytes
nsMsgHdr::GetMime2DecodedSubject(nsMsgHdr * const 0x06616b10, nsString *
0x00129dc0) line 595
nsMessage::GetMime2DecodedSubject(nsMessage * const 0x076146c4, nsString *
0x00129dc0) line 273 + 33 bytes
nsMsgMessageDataSource::createMessageNameNode(nsIMessage * 0x076146c4, int
0x00000000, nsIRDFNode * * 0x00129f0c) line 912 + 22 bytes
nsMsgMessageDataSource::createMessageNode(nsIMessage * 0x076146c4,
nsIRDFResource * 0x03680080, nsIRDFNode * * 0x00129f0c) line 868 + 18 bytes
nsMsgMessageDataSource::GetTarget(nsMsgMessageDataSource * const 0x03680100,
nsIRDFResource * 0x076146b0, nsIRDFResource * 0x03680080, int 0x00000001,
nsIRDFNode * * 0x00129f0c) line 291 + 25 bytes
CompositeDataSourceImpl::GetTarget(CompositeDataSourceImpl * const 0x0353e490,
nsIRDFResource * 0x076146b0, nsIRDFResource * 0x03680080, int 0x00000001,
nsIRDFNode * * 0x00129f0c) line 708 + 28 bytes
RDFGenericBuilderImpl::SubstituteText(nsIRDFResource * 0x076146b0, nsString &
{...}) line 1686 + 65 bytes
RDFGenericBuilderImpl::BuildContentFromTemplate(nsIContent * 0x034ec1e0,
nsIContent * 0x076cd740, nsIContent * 0x076cd740, int 0x00000000, nsIRDFResource
* 0x076146b0, int 0x00000000, nsIContent * * 0x00000000, int * 0x00000000) line
2065 + 22 bytes
RDFGenericBuilderImpl::CreateTemplateContents(nsIContent * 0x076cd740, const
nsString & {...}, nsIContent * * 0x00000000, int * 0x00000000) line 2638 + 46 bytes
RDFGenericBuilderImpl::CreateTemplateAndContainerContents(nsIContent *
0x076cd740, nsIContent * * 0x00000000, int * 0x00000000) line 2448 + 30 bytes
RDFGenericBuilderImpl::CreateContents(RDFGenericBuilderImpl * const 0x0353e4f0,
nsIContent * 0x076cd740) line 738 + 16 bytes
nsXULDocument::CreateContents(nsXULDocument * const 0x0327f7d4, nsIContent *
0x076cd740) line 2039 + 16 bytes
nsXULElement::EnsureContentsGenerated() line 3480 + 27 bytes
nsXULElement::ChildCount(const nsXULElement * const 0x076cd740, int &
0x03237690) line 2228 + 8 bytes
nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x03237400,
nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent *
0x076cd740, nsIFrame * 0x05b8e75c, nsFrameItems & {...}, nsTableCreator & {...})
line 1926
nsCSSFrameConstructor::ConstructTableRowFrameOnly(nsIPresShell * 0x03237400,
nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent *
0x076cd740, nsIFrame * 0x05b8e6c8, nsIStyleContext * 0x07bcaaf0, int 0x00000001,
nsIFrame * & 0x05b8e75c, nsTableCreator & {...}) line 1674 + 38 bytes
nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x03237400,
nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent *
0x076cd740, nsIFrame * 0x05b8e6c8, nsIStyleContext * 0x07bcaaf0, nsIFrame * &
0x00000000, nsIFrame * & 0x05b8e75c, nsTableCreator & {...}, nsTableList *
0x00000000) line 1612 + 49 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x03237400,
nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent *
0x076cd740, nsIFrame * 0x05b8e6c8, nsIAtom * 0x013f8350, nsIStyleContext *
0x07bcaaf0, nsFrameItems & {...}, int 0x00000000, int & 0x00000000) line 4515 +
49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03237400, nsIPresContext
* 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame
* 0x05b8e6c8, nsFrameItems & {...}) line 5804 + 56 bytes
nsCSSFrameConstructor::CreateTreeWidgetContent(nsCSSFrameConstructor * const
0x03237690, nsIPresContext * 0x03233750, nsIFrame * 0x05b8e6c8, nsIFrame *
0x00000000, nsIContent * 0x076cd740, nsIFrame * * 0x05b8e714, int 0x00000001,
int 0x00000000, nsILayoutHistoryState * 0x00000000) line 10172 + 37 bytes
nsTreeRowGroupFrame::GetFirstFrameForReflow(nsIPresContext * 0x03233750) line 1215
nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const
0x05b8e6c8, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...},
RowGroupReflowState & {...}, unsigned int & 0x00000000, nsTableRowFrame *
0x00000000, nsReflowReason eReflowReason_Resize, int 0x00000001, int 0x00000000)
line 372 + 18 bytes
nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x05b8e6c8,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const
nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1088 + 38 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x05b8e6c8, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000)
line 646 + 31 bytes
nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const
0x0266d150, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...},
RowGroupReflowState & {...}, unsigned int & 0x00000000, nsTableRowFrame *
0x00000000, nsReflowReason eReflowReason_Resize, int 0x00000001, int 0x00000000)
line 433 + 45 bytes
nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x0266d150,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const
nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1088 + 38 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x0266d150, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x000000f0, unsigned int 0x00000000, unsigned int & 0x00000000)
line 646 + 31 bytes
nsTableFrame::ReflowMappedChildren(nsTableFrame * const 0x025ef3dc,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, InnerTableReflowState
& {...}, unsigned int & 0x00000000) line 2934 + 41 bytes
nsTableFrame::ResizeReflowPass2(nsTableFrame * const 0x025ef3dc, nsIPresContext
* 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 1945 + 31 bytes
nsTableFrame::Reflow(nsTableFrame * const 0x025ef3dc, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 1589 + 34 bytes
nsTreeFrame::Reflow(nsTreeFrame * const 0x025ef3dc, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 416 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x025ef3dc, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000003, unsigned int & 0x00000000)
line 646 + 31 bytes
nsTableOuterFrame::IR_InnerTableReflow(nsTableOuterFrame * const 0x025ef37c,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState
& {...}, unsigned int & 0x00000000) line 724 + 40 bytes
nsTableOuterFrame::IR_TargetIsInnerTableFrame(nsTableOuterFrame * const
0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...},
OuterTableReflowState & {...}, unsigned int & 0x00000000) line 498 + 31 bytes
nsTableOuterFrame::IR_TargetIsChild(nsTableOuterFrame * const 0x025ef37c,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState
& {...}, unsigned int & 0x00000000, nsIFrame * 0x025ef3dc) line 465 + 31 bytes
nsTableOuterFrame::IncrementalReflow(nsTableOuterFrame * const 0x025ef37c,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState
& {...}, unsigned int & 0x00000000) line 445 + 35 bytes
nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x025ef37c, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 957 + 31 bytes
nsTreeOuterFrame::Reflow(nsTreeOuterFrame * const 0x025ef37c, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 136 + 25 bytes
nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef37c, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000000, int
0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...})
line 2262
nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef37c, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000000, int
0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...})
line 2086 + 62 bytes
nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics &
{...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * &
0x00000000, nsRect & {...}, nsSize & {...}, int & 0x000000ef) line 1479
nsBoxFrame::Reflow(nsBoxFrame * const 0x025ef314, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1206
nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef314, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000a14, int 0x00000000, int
0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...})
line 2289
nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics &
{...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * &
0x00000000, nsRect & {...}, nsSize & {...}, int & 0x00002fdf) line 1479
nsBoxFrame::Reflow(nsBoxFrame * const 0x025ee280, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1206
nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ee280, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000438, int
0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...})
line 2289
nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ee280, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000438, int
0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...})
line 2068 + 62 bytes
nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics &
{...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * &
0x00000000, nsRect & {...}, nsSize & {...}, int & 0x00002fdf) line 1479
nsBoxFrame::Reflow(nsBoxFrame * const 0x025f8098, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 1206
nsContainerFrame::ReflowChild(nsIFrame * 0x025f8098, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000)
line 646 + 31 bytes
RootFrame::Reflow(RootFrame * const 0x025f805c, nsIPresContext * 0x03233750,
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int &
0x00000000) line 331
nsContainerFrame::ReflowChild(nsIFrame * 0x025f805c, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int
0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000)
line 646 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x025f8020, nsIPresContext *
0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...},
unsigned int & 0x00000000) line 531
nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x07bc9810,
nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsSize & {...},
nsIRenderingContext & {...}) line 145
PresShell::ProcessReflowCommands(PresShell * const 0x03237400, int 0x00000000)
line 2054
PresShell::FlushPendingNotifications(PresShell * const 0x03237400) line 2518
nsXULDocument::FlushPendingNotifications(nsXULDocument * const 0x0327f7d0) line 1746
nsTreeRowGroupFrame::EnsureRowIsVisible(int 0x0000000f) line 1844
nsTreeFrame::EnsureRowIsVisible(nsTreeFrame * const 0x025ef448, int 0x0000000f)
line 618
nsXULTreeElement::EnsureElementIsVisible(nsXULTreeElement * const 0x0374e4f8,
nsIDOMXULElement * 0x066ff464) line 693
XULTreeElementEnsureElementIsVisible(JSContext * 0x02f1dc20, JSObject *
0x026384f8, unsigned int 0x00000001, long * 0x0255abb0, long * 0x0012e5e4) line
870 + 24 bytes
js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000001, unsigned int
0x00000000) line 665 + 26 bytes
js_Interpret(JSContext * 0x02f1dc20, long * 0x0012eee4) line 2292 + 15 bytes
js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000000, unsigned int
0x00000000) line 681 + 13 bytes
js_Interpret(JSContext * 0x02f1dc20, long * 0x0012f7a0) line 2292 + 15 bytes
js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000001, unsigned int
0x00000002) line 681 + 13 bytes
nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJSClass * const 0x037728f0,
nsXPCWrappedJS * 0x03772830, unsigned short 0x000a, const nsXPTMethodInfo *
0x00ff721c, nsXPTCMiniVariant * 0x0012fa64) line 737 + 22 bytes
nsXPCWrappedJS::CallMethod(nsXPCWrappedJS * const 0x03772830, unsigned short
0x000a, const nsXPTMethodInfo * 0x00ff721c, nsXPTCMiniVariant * 0x0012fa64) line 310
PrepareAndDispatch(nsXPTCStubBase * 0x03772830, unsigned int 0x0000000a,
unsigned int * 0x0012fb18, unsigned int * 0x0012fb04) line 100 + 31 bytes
SharedStub() line 125
you can see this method simply assign non ASCII (possible non ASCII) data to
nsString by using the Assign method while mYarn_Buf may have non ASCII data in
different charset.
/* static */void nsMsgDatabase::YarnTonsString(struct mdbYarn *yarn, nsString *str)
{
str->Assign((const char *) yarn->mYarn_Buf, yarn->mYarn_Fill);
}
- yarn 0x00129acc
mYarn_Buf 0x0661680c
mYarn_Fill 0x0000003c
mYarn_Size 0x0000003c
mYarn_More 0x00000000
mYarn_Form 0x00000000
mYarn_Grow 0x00129af8
0661680C B3 6F B8 CC AA BA A4 F9 A4 6C ?o??????l
06616816 C0 B3 A6 B3 BE A8 A6 B3 B3 E1 ?????????.
06616820 2C B6 69 A8 D3 AC DD AC DD 2C ,?i??????,
0661682A A5 5D A7 41 BA A1 B7 4E 2C A4 ?]?A???N,?
06616834 40 AD D3 A5 CE A4 DF B8 67 C0 @???????g?
0661683E E7 AA BA BA F4 AF B8 5E 5F 5E ?????^_^
06616848 00 CD CD CD FD FD FD FD DD DD .?????????
To turn on the illegal nsString detection assertion, uncomment the following two
lines. touch nsStr.cpp and remake form xpcom . It will only take you 1-4 minutes
to do that.
Z:\mozilla\xpcom\ds>cvs diff buf*.h
Index: bufferRoutines.h
===================================================================
RCS file: /m/pub/mozilla/xpcom/ds/bufferRoutines.h,v
retrieving revision 1.40
diff -r1.40 bufferRoutines.h
49,50c49,50
< //#define DEBUG_ILLEGAL_CAST_UP
< //#define DEBUG_ILLEGAL_CAST_DOWN
---
> #define DEBUG_ILLEGAL_CAST_UP
> #define DEBUG_ILLEGAL_CAST_DOWN
I am not sure the priority of this. Please understand this is currently not a
data lostage issue but ineffectient memory usage issue.
Comment 1•25 years ago
|
||
If the Yarn string is stored as MIME encoded form then the data needs to be
stored as nsCString instead of nsString until the string is MIME decoded. I see
there is also YarnTonsCString so callers can use it instead. There is other bug
about MIME decoder (32013). Probably that should be fixed first so nsCString can
be passed to MIME decoder (so put as depend).
I am not familiar with the code, reassign to bienvenu.
Assignee: nhotta → bienvenu
Depends on: 32013
Comment 4•25 years ago
|
||
The relavant line now reads
str->AssignWithConversion((const char *) yarn->mYarn_Buf, yarn->mYarn_Fill);
Is this better?
Comment 5•25 years ago
|
||
David, is this something that needs to be fixed for beta3?
Assignee | ||
Comment 6•25 years ago
|
||
assign with conversion fixes the problem, as far as I know (I didn't make that
change). Bob or Frank could say for sure, since Frank filed the bug, I'll leave
it up to him.
Comment 7•24 years ago
|
||
It's been a couple of weeks, so I'm going to mark fixed and let ftang reopen if
it's not.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 8•24 years ago
|
||
I'm sending this over to ftang who should be able to verify this resolution.
QA Contact: momoi → ftang
changing qa this appears to be for the international qa
QA Contact: ftang → marina
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
Comment 10•8 years ago
|
||
Comment 11•8 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•