GNOME Bugzilla – Bug 678150
[abrt] [itip-formatter] Crash in cal_opened_cb()
Last modified: 2015-03-10 17:02:31 UTC
Moving this from a downstream bug report: https://bugzilla.redhat.com/show_bug.cgi?id=832236 [abrt] evolution-3.4.2-1.fc17: g_type_check_instance_cast: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV) libreport version: 2.0.10 abrt_version: 2.0.10 backtrace_rating: 4 cmdline: evolution crash_function: g_type_check_instance_cast executable: /usr/bin/evolution kernel: 3.4.0-1.fc17.x86_64 time: Thu 14 Jun 2012 05:13:47 PM EDT 534 } else if (error != NULL) { 535 g_warn_if_fail (client == NULL); 536 add_failed_to_load_msg ( 537 ITIP_VIEW (pitip->view), source, error); 538 g_error_free (error); 539 return; 540 }
+ Trace 230373
Thread 1 (Thread 0x7f88c714b9c0 (LWP 12153))
The same crash from 3.8.1: https://bugzilla.redhat.com/show_bug.cgi?id=956911 Core was generated by `evolution'. Program terminated with signal 11, Segmentation fault.
+ Trace 231858
Thread 1 (Thread 0x7faca01bba40 (LWP 2639))
In the second stacktrack pitip is NULL hence the derefence on line 3569 segvs - so a simple check for pitip != NULL would avoid this - I guess the real question is why is it NULL in the first place?
(In reply to comment #2) > In the second stacktrack pitip is NULL hence the derefence on line 3569 segvs - > so a simple check for pitip != NULL would avoid this - I guess the real > question is why is it NULL in the first place? Right, the question is why it is NULL, because I suspect that the structure being used in the behind is freed, thus the NULL in the second backtrace is just a matter of luck, which (from my point of view) explains why the backtraces are not the same (1:1).
Got an apparently very similar crash (bugzilla pointed me to this as a dupe). Opening a mail with an attached invitation first causes a bunch of warnings: ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed ** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed ** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed (evolution:2821): evolution-module-itip-formatter-CRITICAL **: itip_view_get_mail_part: assertion `ITIP_IS_VIEW (view)' failed [1] 2821 segmentation fault (core dumped) /tmp/e/bin/evolution traceback is the following: (gdb) bt
+ Trace 231955
$29 = (ItipView *) 0x1bc4620 (gdb) p *(ItipView *)user_data $30 = {parent = {g_type_instance = {g_class = 0x1bc4750}, ref_count = 0, qdata = 0x0}, priv = 0x1bc4640} Looks like a reference counting issue
No duplicate for a long time, I'm closing this.