Bug 509582 - Thunderbird crashes on cut and paste
Thunderbird crashes on cut and paste
Product: Fedora
Classification: Fedora
Component: thunderbird (Show other bugs)
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Martin Stransky
Fedora Extras Quality Assurance
: Patch
: 537564 538899 538902 543528 544393 545800 546937 571620 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2009-07-03 14:39 EDT by Mario Torre
Modified: 2018-04-11 10:56 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-15 09:44:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed Fix (841 bytes, patch)
2009-07-03 14:40 EDT, Mario Torre
no flags Details | Diff
gdb output (8.42 KB, text/plain)
2009-07-03 21:09 EDT, Mario Torre
no flags Details
gdb session output (12.08 KB, text/plain)
2009-07-04 05:50 EDT, Mario Torre
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 495392 None None None Never

  None (edit)
Description Mario Torre 2009-07-03 14:39:21 EDT
Description of problem:

Thunderbird on Fedora 11 crashes with a segfault when pasting code on the text pane while writing a mail, both with the middle mouse button or from the clipboard using standard menu copy and paste. The crash doesn't occur reliably, but it's easy to reproduce. The system is a 64 bit install, but I've not tested with a 32 bit one (nor with a 32 bit package). Also, the crash I've experienced only happens in the text area, not for example in the "subject" text field or in the various "to", "cc" etc text fields. Finally, I've only tried on the Gnome destktop.

Version-Release number of selected component (if applicable):


How reproducible:

Cut and paste code from other applications.

Steps to Reproduce:
1. Write a new mail
2. Copy some text from another applicaiton, i.e. gedit
3. paste the text on the text pane in the mail window.
Actual results:

Text is pasted

Expected results:


Additional info:

The bug seems to be related to a call to strcmp with the first argument passed as NULL. I'm not sure if strcmp should survive a NULL argument, but I did some simple test on linux and I can indeed pass a NULL argument happily, but of course this doesn't prove much as the test were too simple. I say this because it may hide a glibc bug but honestly I didn't really checked deep enough.

The code that fails is this in


for (PRInt32 j = 0; j < n_targets; j++) {
   gchar *atom_name = gdk_atom_name(targets[j]);
   if (!strcmp(atom_name, aFlavorList[i]))
     *_retval = PR_TRUE;

   // X clipboard wants image/jpeg, not image/jpg
   if (!strcmp(aFlavorList[i], kJPEGImageMime) &

(line 449)

where the NULL argument is atom_name returned by gdk_atom_name.

Attached is a patch bypass this problem, but there are other places where a NULL argument may be passed to strcmp in the same file.
Comment 1 Mario Torre 2009-07-03 14:40:38 EDT
Created attachment 350452 [details]
Proposed Fix
Comment 2 Mario Torre 2009-07-03 14:42:02 EDT
I'm not sure if this is a general problem in thunderbird, the proposed patch may be sent upstream, but honestly I've not contacted upstream about the issue.
Comment 3 Matěj Cepl 2009-07-03 18:13:52 EDT
Hmm, cannot reproduce with
thunderbird-3.0-2.4.b3pre.hg.6a6386c16e98.fc11.x86_64 (from http://koji.fedoraproject.org/koji/buildinfo?buildID=102079). Can I ask you for upgrade and retesting (backups of ~/.thunderbird are really good idea)?

If you can reproduce it, could we get full backtrace from gdb attached to this bug report, please?

Thank you very much for your cooperation.
Comment 4 Mario Torre 2009-07-03 21:08:41 EDT
Same crash. I forgot to install the debug package, but you can see that it crashed in the same place. Attached is the debugger output.
Comment 5 Mario Torre 2009-07-03 21:09:27 EDT
Created attachment 350468 [details]
gdb output
Comment 6 Mario Torre 2009-07-04 05:49:38 EDT
I played with thunderbird-3.0-2.4.b3pre.hg.6a6386c16e98.fc11.x86_64 and I can still reproduce the problem, although is less frequent. I attach an, hopefully, more meaningful debugger output.
Comment 7 Mario Torre 2009-07-04 05:50:24 EDT
Created attachment 350485 [details]
gdb session output
Comment 8 Martin Stransky 2009-07-07 06:11:29 EDT
Taking, it's dupe of one my bug.
Comment 9 Martin Stransky 2009-07-15 09:44:14 EDT
Already reported as https://bugzilla.mozilla.org/show_bug.cgi?id=495392
Comment 10 Matěj Cepl 2009-11-15 09:45:28 EST
*** Bug 537564 has been marked as a duplicate of this bug. ***
Comment 11 Matěj Cepl 2009-11-19 16:57:34 EST
*** Bug 538902 has been marked as a duplicate of this bug. ***
Comment 12 Matěj Cepl 2009-11-19 17:00:21 EST
*** Bug 538899 has been marked as a duplicate of this bug. ***
Comment 13 Matěj Cepl 2009-12-07 20:50:16 EST
*** Bug 543528 has been marked as a duplicate of this bug. ***
Comment 14 Matěj Cepl 2009-12-14 19:07:37 EST
*** Bug 545800 has been marked as a duplicate of this bug. ***
Comment 15 Matěj Cepl 2009-12-14 19:07:37 EST
*** Bug 544393 has been marked as a duplicate of this bug. ***
Comment 16 Matěj Cepl 2009-12-21 20:34:04 EST
*** Bug 546937 has been marked as a duplicate of this bug. ***
Comment 17 Chris Campbell 2010-03-13 09:53:38 EST
*** Bug 571620 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.