After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 613638 - Memory-eating loop in new_parse_body
Memory-eating loop in new_parse_body
Status: RESOLVED FIXED
Product: GtkHtml
Classification: Other
Component: Parsing
3.29.x
Other Linux
: Normal critical
: ---
Assigned To: Srinivasa Ragavan
Srinivasa Ragavan
Depends on:
Blocks:
 
 
Reported: 2010-03-22 21:22 UTC by Joachim Breitner
Modified: 2010-05-03 12:36 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Crash-producing e-mail (5.68 KB, text/plain)
2010-03-22 21:23 UTC, Joachim Breitner 		Details

Description Joachim Breitner 2010-03-22 21:22:01 UTC 
Hi,

I just observed this bug with 3.29.92.1 installed: upon opening some e-mail messages, evolution starts to aquire more and
more memory, putting my system to an halt until the OOM killer kicks in.

I managed to stop evolution within gdb while it is eating memory, and
this is the backtrace:

0x00007ffff252ac9f in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt

+ Trace 221046

  • #0 pthread_mutex_lock
    from /lib/libpthread.so.0
  • #1 g_type_instance_get_private
    from /usr/lib/libgobject-2.0.so.0
  • #2 searching_tokenizer_peek_token
    at e-searching-tokenizer.c line 981
  • #3 parse_object_params
    at htmlengine.c line 1523
  • #4 element_parse_object
    at htmlengine.c line 1616
  • #5 parse_one_token
    at htmlengine.c line 3974
  • #6 new_parse_body
    at htmlengine.c line 1428
  • #7 html_engine_timer_event
    at htmlengine.c line 4933
  • #8 html_engine_stream_end
    at htmlengine.c line 4996
  • #9 gtk_html_stream_close
    at gtkhtml-stream.c line 137
  • #10 emhs_sync_close
    at em-html-stream.c line 99
  • #11 emss_process_message
    at em-sync-stream.c line 87
  • #12 g_main_context_dispatch
    from /lib/libglib-2.0.so.0
  • #13 ??
    from /lib/libglib-2.0.so.0
  • #14 g_main_loop_run
    from /lib/libglib-2.0.so.0
  • #15 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #16 main
    at main.c line 607
  • #0 g_type_check_class_cast
    from /usr/lib/libgobject-2.0.so.0
  • #1 html_tokenizer_peek_token
    at htmltokenizer.c line 1519
  • #2 parse_object_params
    at htmlengine.c line 1523
  • #3 element_parse_object
    at htmlengine.c line 1616
  • #4 parse_one_token
    at htmlengine.c line 3974
  • #5 new_parse_body
    at htmlengine.c line 1428
  • #6 html_engine_timer_event
    at htmlengine.c line 4933
  • #7 html_engine_stream_end
    at htmlengine.c line 4996
  • #8 gtk_html_stream_close
    at gtkhtml-stream.c line 137
  • #9 emhs_sync_close
    at em-html-stream.c line 99
  • #10 emss_process_message
    at em-sync-stream.c line 87
  • #11 g_main_context_dispatch
    from /lib/libglib-2.0.so.0
  • #12 ??
    from /lib/libglib-2.0.so.0
  • #13 g_main_loop_run
    from /lib/libglib-2.0.so.0
  • #14 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #15 main
    at main.c line 607 

so it seems it has problems parsing the object tag. I have attached the mail in
question.

This is also reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575011
Comment 1 Joachim Breitner 2010-03-22 21:23:59 UTC 
Created attachment 156810 [details]
Crash-producing e-mail
Comment 2 Joachim Breitner 2010-03-31 08:54:18 UTC 
I just want to add that this is not occuring with just this particular mail, but almost every mail produced by feed2imap from the Holarse feed at http://www.holarse-linuxgaming.de/rss.xml.

It is also a regression over 2.28, where it worked fine.
Comment 3 Joachim Breitner 2010-05-03 12:36:40 UTC 
It seems that this is fixed with libgtkhtml 3.30.1-1. The embedded flash objects show up in a “File” box and no memory eating occurs.