After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 678150 - [abrt] [itip-formatter] Crash in cal_opened_cb()
[abrt] [itip-formatter] Crash in cal_opened_cb()
Status: RESOLVED OBSOLETE
Product: evolution
Classification: Applications
Component: Plugins
3.8.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-plugin-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2012-06-15 09:52 UTC by Milan Crha
Modified: 2015-03-10 17:02 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Milan Crha 2012-06-15 09:52:04 UTC
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=832236

[abrt] evolution-3.4.2-1.fc17: g_type_check_instance_cast: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)

libreport version: 2.0.10
abrt_version:   2.0.10
backtrace_rating: 4
cmdline:        evolution
crash_function: g_type_check_instance_cast
executable:     /usr/bin/evolution
kernel:         3.4.0-1.fc17.x86_64
time:           Thu 14 Jun 2012 05:13:47 PM EDT

534	} else if (error != NULL) {
535		g_warn_if_fail (client == NULL);
536		add_failed_to_load_msg (
537			ITIP_VIEW (pitip->view), source, error);
538		g_error_free (error);
539		return;
540	}

Thread 1 (Thread 0x7f88c714b9c0 (LWP 12153))

  • #0 g_type_check_instance_cast
    at gtype.c line 3994
  • #1 cal_opened_cb
    at itip-formatter.c line 537
  • #2 g_simple_async_result_complete
    at gsimpleasyncresult.c line 767
  • #3 complete_async_op_in_idle_cb
    at e-client-utils.c line 349
  • #4 g_main_dispatch
    at gmain.c line 2539
  • #5 g_main_context_dispatch
    at gmain.c line 3075
  • #6 g_main_context_iterate
    at gmain.c line 3146
  • #7 g_main_loop_run
    at gmain.c line 3340
  • #8 gtk_main
    at gtkmain.c line 1161
  • #9 main
    at main.c line 681

Comment 1 Milan Crha 2013-04-26 05:57:34 UTC
The same crash from 3.8.1:
https://bugzilla.redhat.com/show_bug.cgi?id=956911

Core was generated by `evolution'.
Program terminated with signal 11, Segmentation fault.

Thread 1 (Thread 0x7faca01bba40 (LWP 2639))

  • #0 cal_opened_cb
    at itip-view.c line 3578
  • #1 g_simple_async_result_complete
    at gsimpleasyncresult.c line 777
  • #2 complete_in_idle_cb
    at gsimpleasyncresult.c line 789
  • #3 g_main_dispatch
    at gmain.c line 3054
  • #4 g_main_context_dispatch
    at gmain.c line 3630
  • #5 g_main_context_iterate
    at gmain.c line 3701
  • #6 g_main_loop_run
    at gmain.c line 3895
  • #7 gtk_main
    at gtkmain.c line 1156
  • #8 main
    at main.c line 707

Comment 2 Alex Murray 2013-04-26 13:15:15 UTC
In the second stacktrack pitip is NULL hence the derefence on line 3569 segvs - so a simple check for pitip != NULL would avoid this - I guess the real question is why is it NULL in the first place?
Comment 3 Milan Crha 2013-04-26 14:49:54 UTC
(In reply to comment #2)
> In the second stacktrack pitip is NULL hence the derefence on line 3569 segvs -
> so a simple check for pitip != NULL would avoid this - I guess the real
> question is why is it NULL in the first place?

Right, the question is why it is NULL, because I suspect that the structure being used in the behind is freed, thus the NULL in the second backtrace is just a matter of luck, which (from my point of view) explains why the backtraces are not the same (1:1).
Comment 4 Sjoerd Simons 2013-05-16 21:24:28 UTC
Got an apparently very similar  crash (bugzilla pointed me to this as a dupe). Opening a mail with an attached invitation first causes a bunch of warnings:

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMNode* webkit_dom_node_append_child(WebKitDOMNode*, WebKitDOMNode*, GError**): assertion `WEBKIT_DOM_IS_NODE(self)' failed

** (evolution:2821): CRITICAL **: WebKitDOMHTMLElement* webkit_dom_html_table_row_element_insert_cell(WebKitDOMHTMLTableRowElement*, glong, GError**): assertion `WEBKIT_DOM_IS_HTML_TABLE_ROW_ELEMENT(self)' failed

** (evolution:2821): CRITICAL **: void webkit_dom_html_element_set_inner_html(WebKitDOMHTMLElement*, const gchar*, GError**): assertion `WEBKIT_DOM_IS_HTML_ELEMENT(self)' failed

(evolution:2821): evolution-module-itip-formatter-CRITICAL **: itip_view_get_mail_part: assertion `ITIP_IS_VIEW (view)' failed
[1]    2821 segmentation fault (core dumped)  /tmp/e/bin/evolution


traceback is the following:
(gdb) bt
  • #0 cal_opened_cb
    at itip-view.c line 3538
  • #1 g_simple_async_result_complete
    at /tmp/buildd/glib2.0-2.36.1/./gio/gsimpleasyncresult.c line 777
  • #2 complete_in_idle_cb
    at /tmp/buildd/glib2.0-2.36.1/./gio/gsimpleasyncresult.c line 789
  • #3 g_main_dispatch
    at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c line 3054
  • #4 g_main_context_dispatch
    at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c line 3630
  • #5 g_main_context_iterate
    at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c line 3701
  • #6 g_main_loop_run
    at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c line 3895
  • #7 gtk_main
    at /build/buildd-gtk+3.0_3.8.0-1-amd64-grmSSt/gtk+3.0-3.8.0/./gtk/gtkmain.c line 1156
  • #8 main
    at main.c line 707
$29 = (ItipView *) 0x1bc4620
(gdb) p *(ItipView *)user_data 
$30 = {parent = {g_type_instance = {g_class = 0x1bc4750}, ref_count = 0, qdata = 0x0}, priv = 0x1bc4640}


Looks like a reference counting issue
Comment 5 Milan Crha 2015-03-10 17:02:31 UTC
No duplicate for a long time, I'm closing this.