After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 329344 - *** glibc detected *** evolution: free(): invalid pointer: 0x0a30aac8 ***
*** glibc detected *** evolution: free(): invalid pointer: 0x0a30aac8 ***
Status: RESOLVED FIXED
Product: GtkHtml
Classification: Other
Component: Rendering
3.9.x
Other All
: Normal critical
: ---
Assigned To: gtkhtml-maintainers
Evolution QA team
: 329365 329519 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-01-31 12:38 UTC by sangu
Modified: 2006-02-03 13:03 UTC
See Also:
GNOME target: ---
GNOME version: 2.13/2.14

Attachments
Readling the mail, evolution crashs (4.49 KB, text/plain)
2006-01-31 12:45 UTC, sangu 		  Details
this patch should fix it (992 bytes, patch)
2006-01-31 14:50 UTC, Matthias Clasen 		committed Details | Review

Description sangu 2006-01-31 12:38:08 UTC 
Please describe the problem:
no problem in pango-1.11.2 but reading a mail, evolution crashs in pango-1.11.3

*** glibc detected *** evolution: free(): invalid pointer: 0x09d93010 ***
======= Backtrace: =========
/lib/libc.so.6[0x131b948]
/lib/libc.so.6(__libc_free+0x79)[0x131ee4d]
/usr/lib/libglib-2.0.so.0(g_free+0x2d)[0x2bc9c04]
/usr/lib/libgtkhtml-3.8.so.15(html_text_slave_get_glyph_items+0x12f)[0x450078]
/usr/lib/libgtkhtml-3.8.so.15[0x450fec]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x409245]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x40d246]
/usr/lib/libgtkhtml-3.8.so.15[0x44841b]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x4458e5]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x409245]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x40d246]
/usr/lib/libgtkhtml-3.8.so.15[0x44841b]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x4458e5]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x409245]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x405efa]
/usr/lib/libgtkhtml-3.8.so.15[0x40d246]
/usr/lib/libgtkhtml-3.8.so.15(html_object_draw+0x42)[0x435bb4]
/usr/lib/libgtkhtml-3.8.so.15[0x424d75]
/usr/lib/libgtkhtml-3.8.so.15(html_engine_expose+0x7c)[0x425628]
/usr/lib/libgtkhtml-3.8.so.15[0x3fe789]
/usr/lib/libgtk-x11-2.0.so.0[0x10c4673]
/usr/lib/libgobject-2.0.so.0[0xef46a5]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x11c)[0xef5dbd]
/usr/lib/libgobject-2.0.so.0[0xf075c1]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x6d1)[0xf082b3]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0xf086a5]
/usr/lib/libgtk-x11-2.0.so.0[0x11a19b0]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x4fc)[0x10bfe82]
/usr/lib/libgdk-x11-2.0.so.0[0xac5bbf]
/usr/lib/libgdk-x11-2.0.so.0(gdk_window_process_all_updates+0x95)[0xac5d66]
/usr/lib/libgtk-x11-2.0.so.0[0x1038b46]
/usr/lib/libglib-2.0.so.0[0x2bc142e]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x16e)[0x2bc2c33]
/usr/lib/libglib-2.0.so.0[0x2bc5c73]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a7)[0x2bc601c]
/usr/lib/libbonobo-2.so.0(bonobo_main+0x63)[0x690649]
evolution[0x805d69f]
/lib/libc.so.6(__libc_start_main+0xdc)[0x12cd6b4]
evolution[0x804fe31]
======= Memory map: ========
00111000-00115000 r-xp 00000000 03:08 328933     /usr/lib/libnotify.so.0.0.0
00115000-00116000 rwxp 00004000 03:08 328933     /usr/lib/libnotify.so.0.0.0
00116000-0011e000 r-xp 00000000 03:08 931731    
/usr/lib/evolution/2.6/libevolution-widgets-a11y.so.0.0.0
0011e000-0011f000 rwxp 00007000 03:08 931731    
/usr/lib/evolution/2.6/libevolution-widgets-a11y.so.0.0.0
0011f000-00123000 r-xp 00000000 03:08 343069     /usr/lib/libplc4.so
00123000-00124000 rwxp 00003000 03:08 343069     /usr/lib/libplc4.so
00124000-00136000 r-xp 00000000 03:08 342348    
/usr/lib/libbonobo-activation.so.4.0.0
00136000-00138000 rwxp 00012000 03:08 342348    
/usr/lib/libbonobo-activation.so.4.0.0
00138000-00140000 r-xp 00000000 03:08 327687    
/usr/lib/libpangocairo-1.0.so.0.1101.2
00140000-00141000 rwxp 00007000 03:08 327687    
/usr/lib/libpangocairo-1.0.so.0.1101.2
00141000-00143000 r-xp 00000000 03:08 895830     /lib/libdl-2.3.90.so
00143000-00144000 r-xp 00001000 03:08 895830     /lib/libdl-2.3.90.so
00144000-00145000 rwxp 00002000 03:08 895830     /lib/libdl-2.3.90.so
00145000-00146000 r-xp 00000000 03:08 963512    
/usr/lib/evolution/2.6/plugins/liborg-gnome-default-mailer.so
00146000-00147000 rwxp 00000000 03:08 963512    
/usr/lib/evolution/2.6/plugins/liborg-gnome-default-mailer.so
00147000-00177000 r-xp 00000000 03:08 346921     /usr/lib/libebook-1.2.so.5.2.0
00177000-0017b000 rwxp 00030000 03:08 346921     /usr/lib/libebook-1.2.so.5.2.0
0017b000-001ad000 r-xp 00000000 03:08 343787     /usr/lib/libgconf-2.so.4.1.0
001ad000-001b0000 rwxp 00031000 03:08 343787     /usr/lib/libgconf-2.so.4.1.0
001b0000-001c6000 r-xp 00000000 03:08 342022     /usr/lib/libart_lgpl_2.so.2.3.17
001c6000-001c7000 rwxp 00015000 03:08 342022     /usr/lib/libart_lgpl_2.so.2.3.17
001c7000-001cb000 r-xp 0


Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
`shared object read from target memory' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1208949072 (LWP 10496)]
[New Thread -1292338272 (LWP 10503)]
[New Thread -1244103776 (LWP 10501)]
[New Thread -1233613920 (LWP 10500)]
[New Thread -1222607968 (LWP 10499)]
0x00f74402 in __kernel_vsyscall ()

+ Trace 65785

Thread 1 (Thread -1208949072 (LWP 10496))

  • #0 __kernel_vsyscall
  • #1 __waitpid_nocancel
    from /lib/libpthread.so.0
  • #2 libgnomeui_segv_handle
    at gnome-ui-init.c line 792 
Steps to reproduce:
1. 
2. 
3. 


Actual results:


Expected results:


Does this happen every time?
always

Other information:
fedora rawhide
pango-1.11.3-1
evolution-2.5.90-1
gtkhtml3-3.9.90-1
Comment 1 sangu 2006-01-31 12:45:04 UTC 
Created attachment 58465 [details]
Readling the mail, evolution crashs

The Mail : https://www.redhat.com/archives/fedora-test-list/2006-January/msg02298.html
Comment 2 Matthias Clasen 2006-01-31 14:50:03 UTC 
This is a problem in gtkhtml poking around in the internals of PangoGlyphItem,
which was uncovered by the recent pango change to use the slice allocator.
Comment 3 Matthias Clasen 2006-01-31 14:50:50 UTC 
Created attachment 58470 [details] [review]
this patch should fix it
Comment 4 Matthias Clasen 2006-01-31 19:30:11 UTC 
I think we need a new gtkhtml tarball for the 2.13.90 release of Gnome with
this fix, otherwise evolution is unusable.
Comment 5 Elijah Newren 2006-01-31 20:46:44 UTC 
Well, technically the pango-1.11.3 release was made too late so this doesn't actually affect the 2.13.90 release of Gnome.  However, it would still be good to get a fixed release for those who will likely test with newer tarballs before beta2 (e.g. the distros, who are almost certainly responsible for most of the testing anyway).
Comment 6 Rohini 2006-02-01 10:08:18 UTC 
Tested Patch with pango 1.11.3. 

Works fine
Comment 7 Rohini 2006-02-01 11:34:04 UTC 
*** Bug 329365 has been marked as a duplicate of this bug. ***
Comment 8 Harish Krishnaswamy 2006-02-02 12:05:02 UTC 
Fix committed. Rolled out gtkhtml 3.9.90.1 for anyone who wishes to use Evolution 2.5.90 with Pango 1.11.3. Thanks all for the patch and the testing love.
Comment 9 Eloi Primaux 2006-02-03 13:03:46 UTC 
*** Bug 329519 has been marked as a duplicate of this bug. ***