After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 711824 - [abrt] Crash due to use-after-free after pine import
[abrt] Crash due to use-after-free after pine import
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
3.10.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2013-11-11 09:10 UTC by Milan Crha
Modified: 2013-11-20 20:58 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
evo patch (469 bytes, patch)
2013-11-20 20:56 UTC, Milan Crha
committed Details | Review

Description Milan Crha 2013-11-11 09:10:49 UTC
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1028680

Description of problem:
Start evolution after migrating from f19

Version-Release number of selected component:
evolution-3.10.1-1.fc20

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        evolution
crash_function: g_type_check_instance_is_a
executable:     /usr/bin/evolution
kernel:         3.11.7-300.fc20.x86_64

Core was generated by `evolution'.
Program terminated with signal SIGSEGV, Segmentation fault.

Thread 5 (Thread 0x7fa8d31b2a40 (LWP 3306))

  • #0 g_type_check_instance_cast
    at gtype.c line 4009
  • #1 mail_mt_free_activity
    at e-mail-backend.c line 930
  • #2 mail_msg_free
    at mail-mt.c line 158
  • #3 g_main_dispatch
    at gmain.c line 3065
  • #4 g_main_context_dispatch
    at gmain.c line 3641
  • #5 g_main_context_iterate
    at gmain.c line 3712
  • #6 g_main_loop_run
    at gmain.c line 3906
  • #7 gtk_main
    at gtkmain.c line 1158
  • #8 g_closure_invoke
    at gclosure.c line 777
  • #9 signal_emit_unlocked_R
    at gsignal.c line 3586
  • #10 g_signal_emit_valist
    at gsignal.c line 3330
  • #11 g_signal_emit
    at gsignal.c line 3386
  • #12 e_shell_event
    at e-shell.c line 1708
  • #13 main
    at main.c line 679

Comment 1 Milan Crha 2013-11-20 20:56:19 UTC
Created attachment 260387 [details] [review]
evo patch

for evolution;

I was able to reproduce this too, which led me to a use-after-free caused by the mail_importer_import_mbox_sync() not reffing the GCancellable as it should (it's because its 'free' method unrefs the cancellable at the end).
Comment 2 Milan Crha 2013-11-20 20:58:47 UTC
Created commit a05f4a9 in evo master (3.11.3+)
Created commit 79bfc1a in evo gnome-3-10 (3.10.3+)