Description of problem: Thunderbird on Fedora 11 crashes with a segfault when pasting code on the text pane while writing a mail, both with the middle mouse button or from the clipboard using standard menu copy and paste. The crash doesn't occur reliably, but it's easy to reproduce. The system is a 64 bit install, but I've not tested with a 32 bit one (nor with a 32 bit package). Also, the crash I've experienced only happens in the text area, not for example in the "subject" text field or in the various "to", "cc" etc text fields. Finally, I've only tried on the Gnome destktop. Version-Release number of selected component (if applicable): thunderbird-3.0-2.3.beta2.fc11.x86_64 How reproducible: Cut and paste code from other applications. Steps to Reproduce: 1. Write a new mail 2. Copy some text from another applicaiton, i.e. gedit 3. paste the text on the text pane in the mail window. Actual results: Text is pasted Expected results: Segfault. Additional info: The bug seems to be related to a call to strcmp with the first argument passed as NULL. I'm not sure if strcmp should survive a NULL argument, but I did some simple test on linux and I can indeed pass a NULL argument happily, but of course this doesn't prove much as the test were too simple. I say this because it may hide a glibc bug but honestly I didn't really checked deep enough. The code that fails is this in thunderbird-3.0/mozilla/widget/src/gtk2/nsClipboard.cpp: for (PRInt32 j = 0; j < n_targets; j++) { gchar *atom_name = gdk_atom_name(targets[j]); if (!strcmp(atom_name, aFlavorList[i])) *_retval = PR_TRUE; // X clipboard wants image/jpeg, not image/jpg if (!strcmp(aFlavorList[i], kJPEGImageMime) & ... (line 449) where the NULL argument is atom_name returned by gdk_atom_name. Attached is a patch bypass this problem, but there are other places where a NULL argument may be passed to strcmp in the same file.
Created attachment 350452 [details] Proposed Fix
I'm not sure if this is a general problem in thunderbird, the proposed patch may be sent upstream, but honestly I've not contacted upstream about the issue.
Hmm, cannot reproduce with thunderbird-3.0-2.4.b3pre.hg.6a6386c16e98.fc11.x86_64 (from http://koji.fedoraproject.org/koji/buildinfo?buildID=102079). Can I ask you for upgrade and retesting (backups of ~/.thunderbird are really good idea)? If you can reproduce it, could we get full backtrace from gdb attached to this bug report, please? Thank you very much for your cooperation.
Same crash. I forgot to install the debug package, but you can see that it crashed in the same place. Attached is the debugger output.
Created attachment 350468 [details] gdb output
I played with thunderbird-3.0-2.4.b3pre.hg.6a6386c16e98.fc11.x86_64 and I can still reproduce the problem, although is less frequent. I attach an, hopefully, more meaningful debugger output.
Created attachment 350485 [details] gdb session output
Taking, it's dupe of one my bug.
Already reported as https://bugzilla.mozilla.org/show_bug.cgi?id=495392
*** Bug 537564 has been marked as a duplicate of this bug. ***
*** Bug 538902 has been marked as a duplicate of this bug. ***
*** Bug 538899 has been marked as a duplicate of this bug. ***
*** Bug 543528 has been marked as a duplicate of this bug. ***
*** Bug 545800 has been marked as a duplicate of this bug. ***
*** Bug 544393 has been marked as a duplicate of this bug. ***
*** Bug 546937 has been marked as a duplicate of this bug. ***
*** Bug 571620 has been marked as a duplicate of this bug. ***