Bug 167285 - reply segfaults on cursor move in high column
reply segfaults on cursor move in high column
Product: Fedora
Classification: Fedora
Component: thunderbird (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Christopher Aillon
Depends On:
  Show dependency treegraph
Reported: 2005-09-01 05:54 EDT by Jón Fairbairn
Modified: 2018-04-11 04:08 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-28 10:48:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jón Fairbairn 2005-09-01 05:54:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
On replying to a (particular?) message, adding text at the end of a long line of the original message past the 100th column, an attempt to use the arrow key to move left causes a segfault.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. reply to message
2. add text at end of quoted text until it's past column 100
3. press left arrow key (or shift left arrow or...)

Actual Results:  [Thread -1222284368 (LWP 6069) exited]
[Thread -1243612240 (LWP 6037) exited]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209103936 (LWP 6031)]
0x00713d66 in free () from /lib/libc.so.6

(when run with --debug, otherwise it just exits silently)

Expected Results:  the cursor should move left :-P

Additional info:

While the effect is 100% reproducible when replying to a particular type of message, I haven't been able to reproduce it otherwise.

I'm not sure what the relevant characteristics are, but they (a) have attachments and (b) contain long lines with tab characters in them.

(Actually the messages in question are from me, and the crash happened to the person who was replying to them. Since it lost everything typed before that, she was pretty annoyed. Personally I would never think of adding stuff to the end of a quoted line)
Comment 1 Jón Fairbairn 2005-09-01 11:08:13 EDT
Version of thunderbird: thunderbird-1.0.6-1.1.fc4

Further investigation reveals that the crash only (and always) happens when
typing into the attachment, ie the original message has an attachment, the
attachment is included in the reply and modifications are made to the end of a
long line in the included attachment, and then cursor movement is attempted.

This is with plain-text emails; I haven't managed to reproduce it with html emails.
Comment 2 Christian Iseli 2007-01-19 19:25:25 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Comment 3 Jón Fairbairn 2007-01-21 10:58:39 EST
I can't reproduce this in FC6. I'm not sure that I got the relevant settings
right when I tried, though, as the user who provoked this problem nolonger uses
my machines.
Comment 4 Matěj Cepl 2007-07-18 13:23:27 EDT
Distribution against which this bug was reported is no longer supported; could
you please reproduce this with the updated version of the currently supported
distribution (Fedora Core 6, or Fedora 7, or Rawhide)? If this issue turns out
to still be reproducible, please let us know in this bug report.  If after a
month's time we have not heard back from you, we will have to close this bug as

Setting status to NEEDINFO, and awaiting information from the reporter.

Thanks in advance.
Comment 5 Matěj Cepl 2007-08-28 10:48:41 EDT
We haven't got any reply to the last question about reproducability of the bug
with Fedora Core 6, Fedora 7, or Fedora devel. Mass closing this bug, so if you
have new information that would help us fix this bug, please reopen it with the
additional information.

Note You need to log in before you can comment on or make changes to this bug.