After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 530716 - Evolution crashed : just after opening an error message window from status bar log
Evolution crashed : just after opening an error message window from status ba...
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
2.24.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: Milan Crha
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2008-04-30 11:15 UTC by Akhil Laddha
Modified: 2008-09-29 10:08 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
proposed evo patch (3.65 KB, patch)
2008-09-19 19:36 UTC, Milan Crha 		committed Details | Review

Description Akhil Laddha 2008-04-30 11:15:16 UTC 
Evolution 2.23.1

Gdb traces of evolution process

0xffffe410 in __kernel_vsyscall ()
(gdb) bt

+ Trace 196516

Thread 1 (Thread 0xb64b18d0 (LWP 17280))

  • #0 __kernel_vsyscall
  • #1 waitpid
    from /lib/libpthread.so.0
  • #2 g_spawn_sync
    at gspawn.c line 374
  • #3 g_spawn_command_line_sync
    at gspawn.c line 682
  • #4 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #5 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #6 google_breakpad::ExceptionHandler::InternalWriteMinidump
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #7 google_breakpad::ExceptionHandler::HandleException
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #8 <signal handler called>
  • #9 e_flag_set
    at e-flag.c line 83
  • #10 user_message_response
    at mail-session.c line 298
  • #11 g_cclosure_marshal_VOID__INT
    at gmarshal.c line 216
  • #12 g_closure_invoke
    at gclosure.c line 490
  • #13 signal_emit_unlocked_R
    at gsignal.c line 2440
  • #14 g_signal_emit_valist
    at gsignal.c line 2199
  • #15 g_signal_emit
    at gsignal.c line 2243
  • #16 gtk_dialog_response
    at gtkdialog.c line 905
  • #17 action_widget_activated
    at gtkdialog.c line 604
  • #18 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 77
  • #19 g_closure_invoke
    at gclosure.c line 490
  • #20 signal_emit_unlocked_R
    at gsignal.c line 2440
  • #21 g_signal_emit_valist
    at gsignal.c line 2199
  • #22 g_signal_emit
    at gsignal.c line 2243
  • #23 gtk_button_clicked
    at gtkbutton.c line 889
  • #24 gtk_real_button_released
    at gtkbutton.c line 1484
  • #25 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 77
  • #26 g_type_class_meta_marshal
    at gclosure.c line 567
  • #27 g_closure_invoke
    at gclosure.c line 490
  • #28 signal_emit_unlocked_R
    at gsignal.c line 2370
  • #29 g_signal_emit_valist
    at gsignal.c line 2199
  • #30 g_signal_emit
    at gsignal.c line 2243
  • #31 gtk_button_released
    at gtkbutton.c line 881
  • #32 gtk_button_button_release
    at gtkbutton.c line 1377
  • #33 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 84
  • #34 g_type_class_meta_marshal
    at gclosure.c line 567
  • #35 g_closure_invoke
    at gclosure.c line 490
  • #36 signal_emit_unlocked_R
    at gsignal.c line 2478
  • #37 g_signal_emit_valist
    at gsignal.c line 2209
  • #38 g_signal_emit
    at gsignal.c line 2243
  • #39 gtk_widget_event_internal
    at gtkwidget.c line 4676
  • #40 gtk_propagate_event
    at gtkmain.c line 2334
  • #41 gtk_main_do_event
    at gtkmain.c line 1554
  • #42 gdk_event_dispatch
    at gdkevents-x11.c line 2365
  • #43 g_main_context_dispatch
    at gmain.c line 2009
  • #44 g_main_context_iterate
    at gmain.c line 2642
  • #45 g_main_loop_run
    at gmain.c line 2850
  • #46 bonobo_main
    at bonobo-main.c line 311
  • #47 main
    at main.c line 782
  • #0 __kernel_vsyscall 






Comment 1


Akhil Laddha





          2008-04-30 11:15:54 UTC
        



(gdb) bt full




+
Trace
    196517






    

  • 
#0
__kernel_vsyscall

    • 

  • 
#1
waitpid

    
                from
                /lib/libpthread.so.0

    

    • 

  • 
#2
g_spawn_sync

    
                at gspawn.c
                  line
                  374

    

    • 

  • 
#3
g_spawn_command_line_sync

    
                at gspawn.c
                  line
                  682

    

    • 

  • 
#4
??

    
                from
                /usr/lib/gtk-2.0/modules/libgnomebreakpad.so

    

    • 

  • 
#5
??

    
                from
                /usr/lib/gtk-2.0/modules/libgnomebreakpad.so

    

    • 

  • 
#6
google_breakpad::ExceptionHandler::InternalWriteMinidump

    
                from
                /usr/lib/gtk-2.0/modules/libgnomebreakpad.so

    

    • 

  • 
#7
google_breakpad::ExceptionHandler::HandleException

    
                from
                /usr/lib/gtk-2.0/modules/libgnomebreakpad.so

    

    • 

  • 
#8
<signal handler called>

    • 

  • 
#9
e_flag_set

    
                at e-flag.c
                  line
                  83

    

    • 

  • 
#10
user_message_response

    
                at mail-session.c
                  line
                  298

    

    • 

  • 
#11
g_cclosure_marshal_VOID__INT

    
                at gmarshal.c
                  line
                  216

    

    • 

  • 
#12
g_closure_invoke

    
                at gclosure.c
                  line
                  490

    

    • 

  • 
#13
signal_emit_unlocked_R

    
                at gsignal.c
                  line
                  2440

    

    • 

  • 
#14
g_signal_emit_valist

    
                at gsignal.c
                  line
                  2199

    

    • 

  • 
#15
g_signal_emit

    
                at gsignal.c
                  line
                  2243

    

    • 

  • 
#16
gtk_dialog_response

    
                at gtkdialog.c
                  line
                  905

    

    • 

  • 
#17
action_widget_activated

    
                at gtkdialog.c
                  line
                  604

    

    • 

  • 
#18
g_cclosure_marshal_VOID__VOID

    
                at gmarshal.c
                  line
                  77

    

    • 

  • 
#19
g_closure_invoke

    
                at gclosure.c
                  line
                  490

    

    • 

  • 
#20
signal_emit_unlocked_R

    
                at gsignal.c
                  line
                  2440

    

    • 

  • 
#21
g_signal_emit_valist

    
                at gsignal.c
                  line
                  2199

    

    • 

  • 
#22
g_signal_emit

    
                at gsignal.c
                  line
                  2243

    

    • 

  • 
#23
gtk_button_clicked

    
                at gtkbutton.c
                  line
                  889

    

    • 

  • 
#24
gtk_real_button_released

    
                at gtkbutton.c
                  line
                  1484

    

    • 

  • 
#25
g_cclosure_marshal_VOID__VOID

    
                at gmarshal.c
                  line
                  77

    

    • 

  • 
#26
g_type_class_meta_marshal

    
                at gclosure.c
                  line
                  567

    

    • 

  • 
#27
g_closure_invoke

    
                at gclosure.c
                  line
                  490

    

    • 

  • 
#28
signal_emit_unlocked_R

    
                at gsignal.c
                  line
                  2370

    

    • 

  • 
#29
g_signal_emit_valist

    
                at gsignal.c
                  line
                  2199

    

    • 

  • 
#30
g_signal_emit

    
                at gsignal.c
                  line
                  2243

    

    • 

  • 
#31
gtk_button_released

    
                at gtkbutton.c
                  line
                  881

    

    • 

  • 
#32
gtk_button_button_release

    
                at gtkbutton.c
                  line
                  1377

    

    • 

  • 
#33
_gtk_marshal_BOOLEAN__BOXED

    
                at gtkmarshalers.c
                  line
                  84

    

    • 

  • 
#34
g_type_class_meta_marshal

    
                at gclosure.c
                  line
                  567

    

    • 

  • 
#35
g_closure_invoke

    
                at gclosure.c
                  line
                  490

    

    • 

  • 
#36
signal_emit_unlocked_R

    
                at gsignal.c
                  line
                  2478

    

    • 

  • 
#37
g_signal_emit_valist

    
                at gsignal.c
                  line
                  2209

    

    • 

  • 
#38
g_signal_emit

    
                at gsignal.c
                  line
                  2243

    

    • 

  • 
#39
gtk_widget_event_internal

    
                at gtkwidget.c
                  line
                  4676

    

    • 

  • 
#40
gtk_propagate_event

    
                at gtkmain.c
                  line
                  2334

    

    • 

  • 
#41
gtk_main_do_event

    
                at gtkmain.c
                  line
                  1554

    

    • 

  • 
#42
gdk_event_dispatch

    
                at gdkevents-x11.c
                  line
                  2365

    

    • 

  • 
#43
g_main_context_dispatch

    
                at gmain.c
                  line
                  2009

    

    • 

  • 
#44
g_main_context_iterate

    
                at gmain.c
                  line
                  2642

    

    • 

  • 
#45
g_main_loop_run

    
                at gmain.c
                  line
                  2850

    

    • 

  • 
#46
bonobo_main

    
                at bonobo-main.c
                  line
                  311

    

    • 

  • 
#47
main

    
                at main.c
                  line
                  782

    

    • 







        master_client = (GnomeClient *) 0x8074c10
        context = (GOptionContext *) 0x806a0c0







Comment 2


Matthew Barnes





          2008-08-28 02:24:01 UTC
        



Crash came from the mailer.






Comment 3


Milan Crha





          2008-09-19 17:22:25 UTC
        



I wrote some info in bug #481306 comment #4 where I thought it's only 2.10 issue, but now I see I'm wrong.






Comment 4


Milan Crha





          2008-09-19 19:36:08 UTC
        



Created attachment 119011 [details] [review]
proposed evo patch

for evolution;

OK, I think I found it. Two issues:

1) activity handler destroys non-responded errors with gtk_widget_destroy instead of through response signal, but in mailer we are waiting for response handler, to show other pending messages, thus you see only first alert from the provider, not the others which comes in life time of the previous one.

2) if the error wasn't cancel-able, then it was put to the activity handler and the associated message immediately freed, thus in a response handler the message pointer is invalid, and we are accessing some possibly overwritten, but definitely freed memory.






Comment 5


Srinivasa Ragavan





          2008-09-29 05:18:50 UTC
        



Commit to stable/trunk






Comment 6


Milan Crha





          2008-09-29 10:08:26 UTC
        



Committed to trunk. Committed revision 36473.
Committed to gnome-2-24. Committed revision 36474.