GNOME Bugzilla – Bug 469259
evolution crashes expanding email list "To:"
Last modified: 2014-12-02 01:07:43 UTC
The bug has been described on https://bugs.launchpad.net/bugs/121116 "Binary package hint: evolution If you receive an email with many contacts and you try to click "+" on "To:" evolution will crash...(did I explain myself) ..." The valgrind log attached to the bug has this error, not sure if that's the one creating the crash though "==12910== Invalid write of size 4 ==12910== at 0x440D2F3: cleanup_images (htmlimage.c:1270) ==12910== by 0x50992E9: (within /usr/lib/libglib-2.0.so.0.1306.0) ==12910== by 0x440D256: html_image_factory_free (htmlimage.c:1289) ==12910== by 0x440528A: html_engine_finalize (htmlengine.c:3901) ==12910== by 0x5046A9B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x43D61DE: destroy (gtkhtml.c:769) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5042F58: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x504482B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5056E3E: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057AF2: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057D98: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F561D: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A127A0: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5046ECF: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F4E81: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A11E44: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x47D12F4: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4938F25: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x481F6AA: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4821826: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x493AFA8: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5042F58: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x504482B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5056E3E: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057AF2: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057D98: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F561D: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A127A0: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5046ECF: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F4E81: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A11E44: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x47D532F: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x481F6AA: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4821826: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5042F58: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x504482B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5056E3E: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== Address 0x7F86B28 is 24 bytes inside a block of size 40 free'd ==12910== at 0x402237F: free (vg_replace_malloc.c:233) ==12910== by 0x50AD8E0: g_free (in /usr/lib/libglib-2.0.so.0.1306.0) ==12910== by 0x440C539: html_image_pointer_unref (htmlimage.c:1398) ==12910== by 0x440D2ED: cleanup_images (htmlimage.c:1269) ==12910== by 0x50992E9: (within /usr/lib/libglib-2.0.so.0.1306.0) ==12910== by 0x440D256: html_image_factory_free (htmlimage.c:1289) ==12910== by 0x440528A: html_engine_finalize (htmlengine.c:3901) ==12910== by 0x5046A9B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x43D61DE: destroy (gtkhtml.c:769) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5042F58: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x504482B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5056E3E: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057AF2: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057D98: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F561D: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A127A0: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5046ECF: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F4E81: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A11E44: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x47D12F4: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4938F25: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x481F6AA: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4821826: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x493AFA8: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5042F58: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x504482B: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5056E3E: (within /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057AF2: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x5057D98: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F561D: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A127A0: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5046ECF: g_object_run_dispose (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== by 0x48F4E81: gtk_object_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4A11E44: gtk_widget_destroy (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x47D532F: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x481F6AA: gtk_container_foreach (in /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x4821826: (within /usr/lib/libgtk-x11-2.0.so.0.1105.0) ==12910== by 0x5052178: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.1306.0) ==12910== "
Bumping version to a stable release.
Since version 3.6, Evolution uses WebKit instead of GtkHtml for displaying messages. (And for completeness, Evolution 3.14 is planned to use WebKit also for composing and editing messages so GtkHtml will not receive any fixes anymore.) Hence I am closing this GtkHtml rendering bug report. We are sorry that your request was not handled in time when it was reported but unfortunately manpower is very limited (and does not allow testing every single reported issue separately again either). Please feel free to reopen this report (and move it to the "Evolution" product and the "Mail" component) if the problem described in this bug report still happens in a recent supported Evolution version which uses WebKit (the current stable Evolution version is 3.12).