After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 695754 - Use-after-free in source_registry_source_notify_enabled_idle_cb()
Use-after-free in source_registry_source_notify_enabled_idle_cb()
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: general
3.10.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: Evolution Shell Maintainers Team
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2013-03-13 09:53 UTC by Milan Crha
Modified: 2014-12-12 10:36 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Milan Crha 2013-03-13 09:53:45 UTC
I just got this crash after a password prompt for an EWS account which I only not enabled. My steps:
0) no password for the account saved in keyring
a) Edit->Preferences->Mail Accounts->select the account->Edit
   - got a password prompt, filled in password, left [x] save to keyring
b) cancel the account editor
c) enable the account

---- Critical and fatal warnings logged during execution ----

** Gtk **: gtk_entry_set_text: assertion `text != NULL' failed 
** Gtk **: gtk_entry_set_text: assertion `text != NULL' failed 
** Gtk **: gtk_entry_set_text: assertion `text != NULL' failed 
** Gtk **: gtk_entry_set_text: assertion `text != NULL' failed 
** Gtk **: gtk_entry_set_text: assertion `text != NULL' failed 
** GLib-GObject **: g_object_ref: assertion `G_IS_OBJECT (object)' failed 
** GLib-GObject **: g_signal_emit_valist: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed 
** GLib-GObject **: g_object_unref: assertion `G_IS_OBJECT (object)' failed 


Thread 4 (Thread 0x7f79777fe700 (LWP 16928))

  • #0 waitpid
    from /lib64/libpthread.so.0
  • #1 g_spawn_sync
    from /lib64/libglib-2.0.so.0
  • #2 g_spawn_command_line_sync
    from /lib64/libglib-2.0.so.0
  • #3 run_bug_buddy
    at gnome-segvhanlder.c line 240
  • #4 bugbuddy_segv_handle
    at gnome-segvhanlder.c line 191
  • #5 <signal handler called>
  • #6 raise
    from /lib64/libc.so.6
  • #7 abort
    from /lib64/libc.so.6
  • #8 g_assertion_message
    from /lib64/libglib-2.0.so.0
  • #9 g_assertion_message_expr
    from /lib64/libglib-2.0.so.0
  • #10 g_weak_ref_set
    from /lib64/libgobject-2.0.so.0
  • #11 source_closure_free
    at e-source-registry.c line 262
  • #12 g_source_callback_unref
    from /lib64/libglib-2.0.so.0
  • #13 g_source_destroy_internal
    from /lib64/libglib-2.0.so.0
  • #14 g_main_context_dispatch
    from /lib64/libglib-2.0.so.0
  • #15 g_main_context_iterate.isra.24
    from /lib64/libglib-2.0.so.0
  • #16 g_main_loop_run
    from /lib64/libglib-2.0.so.0
  • #17 e_source_registry_authenticate_sync
    at e-source-registry.c line 1819
  • #18 mail_session_authenticate_sync
    at e-mail-session.c line 1584
  • #19 camel_session_authenticate_sync
    at camel-session.c line 1832
  • #20 ews_connect_sync
    at camel-ews-store.c line 516
  • #21 service_connect_thread
    at camel-service.c line 773
  • #22 run_in_thread
    from /lib64/libgio-2.0.so.0
  • #23 io_job_thread
    from /lib64/libgio-2.0.so.0
  • #24 g_thread_pool_thread_proxy
    from /lib64/libglib-2.0.so.0
  • #25 g_thread_proxy
    from /lib64/libglib-2.0.so.0
  • #26 start_thread
    from /lib64/libpthread.so.0
  • #27 clone
    from /lib64/libc.so.6

Comment 1 Milan Crha 2013-07-10 10:07:34 UTC
Downstream bug report from 3.8.3 about the same, also involving ews:
https://bugzilla.redhat.com/show_bug.cgi?id=982892

From var_log_messages just from the crash:
Jul  8 09:14:24 bigblacklinux /etc/gdm/Xsession[25398]: (evolution:26026): GLib-GObject-CRITICAL **: g_object_ref: assertion `G_IS_OBJECT (object)' failed
Jul  8 09:14:24 bigblacklinux /etc/gdm/Xsession[25398]: (evolution:26026): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `(null)'
Jul  8 09:14:24 bigblacklinux /etc/gdm/Xsession[25398]: (evolution:26026): GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
Jul  8 09:14:24 bigblacklinux /etc/gdm/Xsession[25398]: (evolution:26026): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

Thread 1 (Thread 0x7fee49aab700 (LWP 26076))

  • #0 __GI_raise
    at ../nptl/sysdeps/unix/sysv/linux/raise.c line 56
  • #1 __GI_abort
    at abort.c line 90
  • #2 g_assertion_message
    at gtestutils.c line 1912
  • #3 g_assertion_message_expr
    at gtestutils.c line 1923
  • #4 g_weak_ref_set
    at gobject.c line 4127
  • #5 source_closure_free
    at e-source-registry.c line 269
  • #6 g_source_callback_unref
    at gmain.c line 1541
  • #7 g_source_destroy_internal
    at gmain.c line 1200
  • #8 g_main_dispatch
    at gmain.c line 3078
  • #9 g_main_context_dispatch
    at gmain.c line 3630
  • #10 g_main_context_iterate
    at gmain.c line 3701
  • #11 g_main_loop_run
    at gmain.c line 3895
  • #12 e_source_registry_authenticate_sync
    at e-source-registry.c line 2086
  • #13 mail_session_authenticate_sync
    at e-mail-session.c line 1584
  • #14 camel_session_authenticate_sync
    at camel-session.c line 1832
  • #15 ews_connect_sync
    at camel-ews-store.c line 516
  • #16 service_connect_thread
    at camel-service.c line 773
  • #17 run_in_thread
    at gsimpleasyncresult.c line 871
  • #18 io_job_thread
    at gioscheduler.c line 89
  • #19 g_task_thread_pool_thread
    at gtask.c line 1242
  • #20 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #21 g_thread_proxy
    at gthread.c line 798
  • #22 start_thread
    at pthread_create.c line 308
  • #23 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 113

Comment 2 Milan Crha 2013-10-14 10:17:14 UTC
Downstream bug report about the same from 3.10.0:
https://bugzilla.redhat.com/show_bug.cgi?id=1018388

Description of problem:
This happened when creating the configuration for an EWS account.
Comment 3 Jonathan Underwood 2014-03-06 13:45:26 UTC
Just a "me too" - I just hit exactly this when configuring Evolution to use an EWS server (Office 365) for the first time.
Comment 4 Milan Crha 2014-03-10 17:38:28 UTC
I cannot reproduce it again, with the same steps I gave at comment #0.
Comment 5 P. A. López-Valencia 2014-03-12 12:14:16 UTC
I just had this happen to me again, being the original downstream reporter of https://bugzilla.redhat.com/show_bug.cgi?id=1018388 (that was 5 months ago!).
Comment 6 Milan Crha 2014-12-12 10:36:39 UTC
I managed to reproduce this. The problem was that evolution-ews created a new ESourceRegistry instance in its ews_store_maybe_update_sent_and_drafts(), which was freed quickly afterwards, but it could be that an event had been added into the ESourceRegistry's main_context, which was not flushed before dispose, thus left there some idle/timeout sources to be done on a freed ESourceRegistry. I made changes in both evolution-ews and evolution-data-server.

Created commit c77dec7 in eds master (3.13.9+) [1]
Created commit fc99a07 in ews master (3.13.9+) [2]

Created commit fe77982 in eds evolution-data-server-3-12 (3.12.10+)
Created commit 6a5a2d7 in ews evolution-ews-3-12 (3.12.10+)

[1] https://git.gnome.org/browse/evolution-data-server/commit/?id=c77dec7
[2] https://git.gnome.org/browse/evolution-ews/commit/?id=fc99a07