Closed Bug 32012 Opened 25 years ago Closed 24 years ago

illegal usage of nsString in nsMsgDatabase::YarnTonsString

Categories

(MailNews Core :: Internationalization, defect, P3)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ftang, Assigned: Bienvenu)

References

Details

When I turn on the nsString illegal usage detection code (see 28424) and open my mailbox (IMAP4), I hit the following problme. the nsMsgDatabase::YarnTonsString passing char* to nsString in a illegal way. The nsString can only handle ASCII value in char* but not other data from 0x80-0xFF without proper conversion. Here is the stack trace NTDLL! 77f662ac() nsDebug::Assertion(const char * 0x100a7160, const char * 0x100a7150, const char * 0x100a7128, int 0x0000010e) line 189 + 13 bytes CopyChars1To2(char * 0x00129c58, int 0x00000000, const char * 0x0661680c, unsigned int 0x00000000, unsigned int 0x0000003c) line 270 + 31 bytes nsStr::Append(nsStr & {...}, const nsStr & {...}, unsigned int 0x00000000, int 0x0000003c) line 171 + 50 bytes nsString::Append(const char * 0x0661680c, int 0x0000003c) line 1072 + 43 bytes nsString::Assign(const char * 0x0661680c, int 0x0000003c) line 944 nsMsgDatabase::YarnTonsString(mdbYarn * 0x00129acc, nsString * 0x00129c40) line 2573 nsMsgDatabase::RowCellColumnTonsString(nsIMdbRow * 0x066152f8, unsigned long 0x00000081, nsString & {...}) line 2345 + 13 bytes nsMsgDatabase::RowCellColumnToMime2DecodedString(nsIMdbRow * 0x066152f8, unsigned long 0x00000081, nsString & {...}) line 2375 + 26 bytes nsMsgHdr::GetMime2DecodedSubject(nsMsgHdr * const 0x06616b10, nsString * 0x00129dc0) line 595 nsMessage::GetMime2DecodedSubject(nsMessage * const 0x076146c4, nsString * 0x00129dc0) line 273 + 33 bytes nsMsgMessageDataSource::createMessageNameNode(nsIMessage * 0x076146c4, int 0x00000000, nsIRDFNode * * 0x00129f0c) line 912 + 22 bytes nsMsgMessageDataSource::createMessageNode(nsIMessage * 0x076146c4, nsIRDFResource * 0x03680080, nsIRDFNode * * 0x00129f0c) line 868 + 18 bytes nsMsgMessageDataSource::GetTarget(nsMsgMessageDataSource * const 0x03680100, nsIRDFResource * 0x076146b0, nsIRDFResource * 0x03680080, int 0x00000001, nsIRDFNode * * 0x00129f0c) line 291 + 25 bytes CompositeDataSourceImpl::GetTarget(CompositeDataSourceImpl * const 0x0353e490, nsIRDFResource * 0x076146b0, nsIRDFResource * 0x03680080, int 0x00000001, nsIRDFNode * * 0x00129f0c) line 708 + 28 bytes RDFGenericBuilderImpl::SubstituteText(nsIRDFResource * 0x076146b0, nsString & {...}) line 1686 + 65 bytes RDFGenericBuilderImpl::BuildContentFromTemplate(nsIContent * 0x034ec1e0, nsIContent * 0x076cd740, nsIContent * 0x076cd740, int 0x00000000, nsIRDFResource * 0x076146b0, int 0x00000000, nsIContent * * 0x00000000, int * 0x00000000) line 2065 + 22 bytes RDFGenericBuilderImpl::CreateTemplateContents(nsIContent * 0x076cd740, const nsString & {...}, nsIContent * * 0x00000000, int * 0x00000000) line 2638 + 46 bytes RDFGenericBuilderImpl::CreateTemplateAndContainerContents(nsIContent * 0x076cd740, nsIContent * * 0x00000000, int * 0x00000000) line 2448 + 30 bytes RDFGenericBuilderImpl::CreateContents(RDFGenericBuilderImpl * const 0x0353e4f0, nsIContent * 0x076cd740) line 738 + 16 bytes nsXULDocument::CreateContents(nsXULDocument * const 0x0327f7d4, nsIContent * 0x076cd740) line 2039 + 16 bytes nsXULElement::EnsureContentsGenerated() line 3480 + 27 bytes nsXULElement::ChildCount(const nsXULElement * const 0x076cd740, int & 0x03237690) line 2228 + 8 bytes nsCSSFrameConstructor::TableProcessChildren(nsIPresShell * 0x03237400, nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame * 0x05b8e75c, nsFrameItems & {...}, nsTableCreator & {...}) line 1926 nsCSSFrameConstructor::ConstructTableRowFrameOnly(nsIPresShell * 0x03237400, nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame * 0x05b8e6c8, nsIStyleContext * 0x07bcaaf0, int 0x00000001, nsIFrame * & 0x05b8e75c, nsTableCreator & {...}) line 1674 + 38 bytes nsCSSFrameConstructor::ConstructTableRowFrame(nsIPresShell * 0x03237400, nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame * 0x05b8e6c8, nsIStyleContext * 0x07bcaaf0, nsIFrame * & 0x00000000, nsIFrame * & 0x05b8e75c, nsTableCreator & {...}, nsTableList * 0x00000000) line 1612 + 49 bytes nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x03237400, nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame * 0x05b8e6c8, nsIAtom * 0x013f8350, nsIStyleContext * 0x07bcaaf0, nsFrameItems & {...}, int 0x00000000, int & 0x00000000) line 4515 + 49 bytes nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03237400, nsIPresContext * 0x03233750, nsFrameConstructorState & {...}, nsIContent * 0x076cd740, nsIFrame * 0x05b8e6c8, nsFrameItems & {...}) line 5804 + 56 bytes nsCSSFrameConstructor::CreateTreeWidgetContent(nsCSSFrameConstructor * const 0x03237690, nsIPresContext * 0x03233750, nsIFrame * 0x05b8e6c8, nsIFrame * 0x00000000, nsIContent * 0x076cd740, nsIFrame * * 0x05b8e714, int 0x00000001, int 0x00000000, nsILayoutHistoryState * 0x00000000) line 10172 + 37 bytes nsTreeRowGroupFrame::GetFirstFrameForReflow(nsIPresContext * 0x03233750) line 1215 nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const 0x05b8e6c8, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, RowGroupReflowState & {...}, unsigned int & 0x00000000, nsTableRowFrame * 0x00000000, nsReflowReason eReflowReason_Resize, int 0x00000001, int 0x00000000) line 372 + 18 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x05b8e6c8, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1088 + 38 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x05b8e6c8, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 646 + 31 bytes nsTableRowGroupFrame::ReflowMappedChildren(nsTableRowGroupFrame * const 0x0266d150, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, RowGroupReflowState & {...}, unsigned int & 0x00000000, nsTableRowFrame * 0x00000000, nsReflowReason eReflowReason_Resize, int 0x00000001, int 0x00000000) line 433 + 45 bytes nsTableRowGroupFrame::Reflow(nsTableRowGroupFrame * const 0x0266d150, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1088 + 38 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x0266d150, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x000000f0, unsigned int 0x00000000, unsigned int & 0x00000000) line 646 + 31 bytes nsTableFrame::ReflowMappedChildren(nsTableFrame * const 0x025ef3dc, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, InnerTableReflowState & {...}, unsigned int & 0x00000000) line 2934 + 41 bytes nsTableFrame::ResizeReflowPass2(nsTableFrame * const 0x025ef3dc, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1945 + 31 bytes nsTableFrame::Reflow(nsTableFrame * const 0x025ef3dc, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1589 + 34 bytes nsTreeFrame::Reflow(nsTreeFrame * const 0x025ef3dc, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 416 + 25 bytes nsContainerFrame::ReflowChild(nsIFrame * 0x025ef3dc, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000003, unsigned int & 0x00000000) line 646 + 31 bytes nsTableOuterFrame::IR_InnerTableReflow(nsTableOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState & {...}, unsigned int & 0x00000000) line 724 + 40 bytes nsTableOuterFrame::IR_TargetIsInnerTableFrame(nsTableOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState & {...}, unsigned int & 0x00000000) line 498 + 31 bytes nsTableOuterFrame::IR_TargetIsChild(nsTableOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState & {...}, unsigned int & 0x00000000, nsIFrame * 0x025ef3dc) line 465 + 31 bytes nsTableOuterFrame::IncrementalReflow(nsTableOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, OuterTableReflowState & {...}, unsigned int & 0x00000000) line 445 + 35 bytes nsTableOuterFrame::Reflow(nsTableOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 957 + 31 bytes nsTreeOuterFrame::Reflow(nsTreeOuterFrame * const 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 136 + 25 bytes nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000000, int 0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...}) line 2262 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef37c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000000, int 0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...}) line 2086 + 62 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 0x000000ef) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x025ef314, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1206 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ef314, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000a14, int 0x00000000, int 0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...}) line 2289 nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 0x00002fdf) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x025ee280, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1206 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ee280, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000438, int 0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...}) line 2289 nsBoxFrameInner::FlowChildAt(nsIFrame * 0x025ee280, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsCalculatedBoxInfo & {...}, int 0x00000000, int 0x00000438, int 0x00000001, nsIFrame * & 0x00000000, int & 0x00000000, const nsString & {...}) line 2068 + 62 bytes nsBoxFrameInner::FlowChildren(nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000, nsIFrame * & 0x00000000, nsRect & {...}, nsSize & {...}, int & 0x00002fdf) line 1479 nsBoxFrame::Reflow(nsBoxFrame * const 0x025f8098, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 1206 nsContainerFrame::ReflowChild(nsIFrame * 0x025f8098, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 646 + 31 bytes RootFrame::Reflow(RootFrame * const 0x025f805c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 331 nsContainerFrame::ReflowChild(nsIFrame * 0x025f805c, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0x00000000, int 0x00000000, unsigned int 0x00000000, unsigned int & 0x00000000) line 646 + 31 bytes ViewportFrame::Reflow(ViewportFrame * const 0x025f8020, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0x00000000) line 531 nsHTMLReflowCommand::Dispatch(nsHTMLReflowCommand * const 0x07bc9810, nsIPresContext * 0x03233750, nsHTMLReflowMetrics & {...}, const nsSize & {...}, nsIRenderingContext & {...}) line 145 PresShell::ProcessReflowCommands(PresShell * const 0x03237400, int 0x00000000) line 2054 PresShell::FlushPendingNotifications(PresShell * const 0x03237400) line 2518 nsXULDocument::FlushPendingNotifications(nsXULDocument * const 0x0327f7d0) line 1746 nsTreeRowGroupFrame::EnsureRowIsVisible(int 0x0000000f) line 1844 nsTreeFrame::EnsureRowIsVisible(nsTreeFrame * const 0x025ef448, int 0x0000000f) line 618 nsXULTreeElement::EnsureElementIsVisible(nsXULTreeElement * const 0x0374e4f8, nsIDOMXULElement * 0x066ff464) line 693 XULTreeElementEnsureElementIsVisible(JSContext * 0x02f1dc20, JSObject * 0x026384f8, unsigned int 0x00000001, long * 0x0255abb0, long * 0x0012e5e4) line 870 + 24 bytes js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000001, unsigned int 0x00000000) line 665 + 26 bytes js_Interpret(JSContext * 0x02f1dc20, long * 0x0012eee4) line 2292 + 15 bytes js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000000, unsigned int 0x00000000) line 681 + 13 bytes js_Interpret(JSContext * 0x02f1dc20, long * 0x0012f7a0) line 2292 + 15 bytes js_Invoke(JSContext * 0x02f1dc20, unsigned int 0x00000001, unsigned int 0x00000002) line 681 + 13 bytes nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJSClass * const 0x037728f0, nsXPCWrappedJS * 0x03772830, unsigned short 0x000a, const nsXPTMethodInfo * 0x00ff721c, nsXPTCMiniVariant * 0x0012fa64) line 737 + 22 bytes nsXPCWrappedJS::CallMethod(nsXPCWrappedJS * const 0x03772830, unsigned short 0x000a, const nsXPTMethodInfo * 0x00ff721c, nsXPTCMiniVariant * 0x0012fa64) line 310 PrepareAndDispatch(nsXPTCStubBase * 0x03772830, unsigned int 0x0000000a, unsigned int * 0x0012fb18, unsigned int * 0x0012fb04) line 100 + 31 bytes SharedStub() line 125 you can see this method simply assign non ASCII (possible non ASCII) data to nsString by using the Assign method while mYarn_Buf may have non ASCII data in different charset. /* static */void nsMsgDatabase::YarnTonsString(struct mdbYarn *yarn, nsString *str) { str->Assign((const char *) yarn->mYarn_Buf, yarn->mYarn_Fill); } - yarn 0x00129acc mYarn_Buf 0x0661680c mYarn_Fill 0x0000003c mYarn_Size 0x0000003c mYarn_More 0x00000000 mYarn_Form 0x00000000 mYarn_Grow 0x00129af8 0661680C B3 6F B8 CC AA BA A4 F9 A4 6C ?o??????l 06616816 C0 B3 A6 B3 BE A8 A6 B3 B3 E1 ?????????. 06616820 2C B6 69 A8 D3 AC DD AC DD 2C ,?i??????, 0661682A A5 5D A7 41 BA A1 B7 4E 2C A4 ?]?A???N,? 06616834 40 AD D3 A5 CE A4 DF B8 67 C0 @???????g? 0661683E E7 AA BA BA F4 AF B8 5E 5F 5E ?????^_^ 06616848 00 CD CD CD FD FD FD FD DD DD .????????? To turn on the illegal nsString detection assertion, uncomment the following two lines. touch nsStr.cpp and remake form xpcom . It will only take you 1-4 minutes to do that. Z:\mozilla\xpcom\ds>cvs diff buf*.h Index: bufferRoutines.h =================================================================== RCS file: /m/pub/mozilla/xpcom/ds/bufferRoutines.h,v retrieving revision 1.40 diff -r1.40 bufferRoutines.h 49,50c49,50 < //#define DEBUG_ILLEGAL_CAST_UP < //#define DEBUG_ILLEGAL_CAST_DOWN --- > #define DEBUG_ILLEGAL_CAST_UP > #define DEBUG_ILLEGAL_CAST_DOWN I am not sure the priority of this. Please understand this is currently not a data lostage issue but ineffectient memory usage issue.
Blocks: 28424
If the Yarn string is stored as MIME encoded form then the data needs to be stored as nsCString instead of nsString until the string is MIME decoded. I see there is also YarnTonsCString so callers can use it instead. There is other bug about MIME decoder (32013). Probably that should be fixed first so nsCString can be passed to MIME decoder (so put as depend). I am not familiar with the code, reassign to bienvenu.
Assignee: nhotta → bienvenu
Depends on: 32013
accepting.
Status: NEW → ASSIGNED
Target Milestone: M16
Not M16 stopper. Marking M17.
Target Milestone: M16 → M17
The relavant line now reads str->AssignWithConversion((const char *) yarn->mYarn_Buf, yarn->mYarn_Fill); Is this better?
David, is this something that needs to be fixed for beta3?
assign with conversion fixes the problem, as far as I know (I didn't make that change). Bob or Frank could say for sure, since Frank filed the bug, I'll leave it up to him.
It's been a couple of weeks, so I'm going to mark fixed and let ftang reopen if it's not.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
I'm sending this over to ftang who should be able to verify this resolution.
QA Contact: momoi → ftang
changing qa this appears to be for the international qa
QA Contact: ftang → marina
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.