GNOME Bugzilla – Bug 242867
crash using period ('.') to move through unread mail
Last modified: 2005-06-21 18:30:14 UTC
Package: Evolution Priority: Normal Version: GNOME2.3.1 1.3.3 Synopsis: crash using period ('.') to move through unread mail Bugzilla-Product: Evolution Bugzilla-Component: Mailer BugBuddy-GnomeVersion: 2.0 (2.3.0) Description: Description of Problem: evolution crashed while using period ('.') to move through unread mail in folder. I do this all the time and this is the only time it's happened. Debugging Information: Backtrace was generated from '/home/rodd/gnome-2.3.1/bin/evolution-1.3' [New Thread 1091732000 (LWP 10381)] [New Thread 1142127920 (LWP 10389)] [New Thread 1133735216 (LWP 10387)] [New Thread 1125342512 (LWP 10386)] [New Thread 1116949808 (LWP 10385)] [New Thread 1106287920 (LWP 10384)] 0xffffe002 in ?? ()
+ Trace 36823
Thread 1 (Thread 1091732000 (LWP 10381))
Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
*** bug 242874 has been marked as a duplicate of this bug. ***
do you use gnome accessibility tools?
This is an interesting question. Here's what I can tell you. I'm running garnome-0.24.2. I've compiled metaballs gnome-desktop and gnome-accessibility, along with a few other applications. I've only recently turned on accessibility in gnome using gconf-editor. I'm not sure if this action predates this bug report or not. I'm guessing that I flicked the switch about three days ago, but I didn't restart gnome straight away, so it may or may not have taken affect the same day. (I don't need the a11y stuff, I'm just interested.) Hope this helps ;-]
accessibility is not yet fully supported => rescheduling
*** bug 243694 has been marked as a duplicate of this bug. ***
Radek, with gnome-2.4 looking like it will have accessibility included will this be address before it's released?
I cannot say anything yet for sure, it has to be decided for next major vesrion of evolution.
*** bug 245327 has been marked as a duplicate of this bug. ***
*** bug 247369 has been marked as a duplicate of this bug. ***
*** bug 247370 has been marked as a duplicate of this bug. ***
I should let you know that this bug (or what I presume was this bug) is causing evolution to crash 20 or 30 times a day. While I can just restart and move on it's very, very annoying. I recently posted bug reports 47369, and 47370 to see if the problem was the same as the report I had initially filed as I had changed enough that I thought it worth being sure. Since filling the report I've upgraded my version of garnome to 0.25.1 and I've used both the version of evolution that came with garnome (1.4.3) and the current version (1.4.4). Given the frequency of the crashes I would propose that the priority of this bug be elevated. Or I could just start filing a bug report for each crash to make you realize how annoying this is. ;-]
perhaps we should have one of people looking into a11y look into this problem. I don't know anything about this part of th code.
*** bug 250574 has been marked as a duplicate of this bug. ***
*** bug 251032 has been marked as a duplicate of this bug. ***
*** bug 251076 has been marked as a duplicate of this bug. ***
*** bug 251121 has been marked as a duplicate of this bug. ***
*** bug 251257 has been marked as a duplicate of this bug. ***
*** bug 251269 has been marked as a duplicate of this bug. ***
*** bug 251272 has been marked as a duplicate of this bug. ***
*** bug 251342 has been marked as a duplicate of this bug. ***
*** bug 251379 has been marked as a duplicate of this bug. ***
*** bug 251390 has been marked as a duplicate of this bug. ***
*** bug 251475 has been marked as a duplicate of this bug. ***
*** bug 251481 has been marked as a duplicate of this bug. ***
*** bug 251631 has been marked as a duplicate of this bug. ***
*** bug 251744 has been marked as a duplicate of this bug. ***
Marking as 1.5.1 since a11y is part of 1.5
this definitely looks like an a11y bug adding york to the CC. York do you have any idea what might be going wrong here?
The bug is already fixed in trunk. In a11y/utils.c, some sanity check code is added to avoid the crash. According our previous agreement, we a11y code is not merge into 1.4. Some bugs in the duplication list maybe not duplication. For other ones that are surely duplications, they are all in 1.4. You can find this by looking at the stack trace, and will find "..1.4/components/..". Actually I cannot reproduce it in my trunk build. I think the bug can be closed. -York
Closing as per last comment. Thanks a lot!
*** bug 252133 has been marked as a duplicate of this bug. ***
*** bug 252175 has been marked as a duplicate of this bug. ***
*** bug 252201 has been marked as a duplicate of this bug. ***
*** bug 252335 has been marked as a duplicate of this bug. ***
*** bug 252412 has been marked as a duplicate of this bug. ***
*** bug 252414 has been marked as a duplicate of this bug. ***
*** bug 253611 has been marked as a duplicate of this bug. ***
*** bug 253778 has been marked as a duplicate of this bug. ***
*** bug 252559 has been marked as a duplicate of this bug. ***
*** bug 254781 has been marked as a duplicate of this bug. ***
*** bug 255271 has been marked as a duplicate of this bug. ***
*** bug 255275 has been marked as a duplicate of this bug. ***
*** bug 255291 has been marked as a duplicate of this bug. ***
*** bug 255383 has been marked as a duplicate of this bug. ***
*** bug 255641 has been marked as a duplicate of this bug. ***
*** bug 255865 has been marked as a duplicate of this bug. ***
So considering I got this with 1.5.5, we are not very happy bunnies. Am I correct?
Crashes still happen.
*** bug 256742 has been marked as a duplicate of this bug. ***
*** bug 257314 has been marked as a duplicate of this bug. ***
*** bug 257499 has been marked as a duplicate of this bug. ***
*** bug 257789 has been marked as a duplicate of this bug. ***
looks like there's still something wrong. today's valgrind output: ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3D4B601F: g_datalist_id_get_data (gdataset.c:461) ==3245== by 0x3C40AA74: html_object_get_data_nocp (htmlobject.c:1596) ==3245== by 0x3C436920: html_utils_get_accessible (utils.c:102) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== by 0x3D4777BA: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636) ==3245== Address 0x3F159AF8 is 64 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3C436759: create_accessible (utils.c:40) ==3245== by 0x3C43693A: html_utils_get_accessible (utils.c:105) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== by 0x3D4777BA: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636) ==3245== by 0x3D46BA9B: g_closure_invoke (gclosure.c:437) ==3245== Address 0x3F159AB8 is 0 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3C4335C2: html_a11y_paragraph_new (paragraph.c:94) ==3245== by 0x3C436788: create_accessible (utils.c:42) ==3245== by 0x3C43693A: html_utils_get_accessible (utils.c:105) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== by 0x3D4777BA: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636) ==3245== Address 0x3F159AB8 is 0 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3C4335CA: html_a11y_paragraph_new (paragraph.c:94) ==3245== by 0x3C436788: create_accessible (utils.c:42) ==3245== by 0x3C43693A: html_utils_get_accessible (utils.c:105) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== by 0x3D4777BA: g_cclosure_marshal_VOID__OBJECT (gmarshal.c:636) ==3245== Address 0x3F159AB8 is 0 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3D4B6A7D: g_data_set_internal (gdataset.c:212) ==3245== by 0x3D4B7278: g_datalist_id_set_data_full (gdataset.c:380) ==3245== by 0x3C40AA3B: html_object_set_data_full_nocp (htmlobject.c:1590) ==3245== by 0x3C43696D: html_utils_get_accessible (utils.c:108) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== Address 0x3F159AF8 is 64 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid read of size 4 ==3245== at 0x3D4B6ABD: g_data_set_internal (gdataset.c:311) ==3245== by 0x3D4B7278: g_datalist_id_set_data_full (gdataset.c:380) ==3245== by 0x3C40AA3B: html_object_set_data_full_nocp (htmlobject.c:1590) ==3245== by 0x3C43696D: html_utils_get_accessible (utils.c:108) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== Address 0x3F159AF8 is 64 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142) ==3245== ==3245== Invalid write of size 4 ==3245== at 0x3D4B6AD0: g_data_set_internal (gdataset.c:315) ==3245== by 0x3D4B7278: g_datalist_id_set_data_full (gdataset.c:380) ==3245== by 0x3C40AA3B: html_object_set_data_full_nocp (htmlobject.c:1590) ==3245== by 0x3C43696D: html_utils_get_accessible (utils.c:108) ==3245== by 0x3C432FF3: gtk_html_a11y_ref_child (object.c:119) ==3245== by 0x3D3D61EA: atk_object_ref_accessible_child (atkobject.c:607) ==3245== by 0x3DCDAA80: spi_atk_bridge_signal_listener (bridge.c:908) ==3245== by 0x3D47A752: signal_emit_unlocked_R (gsignal.c:2402) ==3245== by 0x3D47BAC1: g_signal_emit_valist (gsignal.c:2195) ==3245== by 0x3D47BCC2: g_signal_emit_by_name (gsignal.c:2263) ==3245== by 0x3DD1F3D7: gail_container_real_remove_gtk (gailcontainer.c:248) ==3245== by 0x3DD1F18B: gail_container_remove_gtk (gailcontainer.c:192) ==3245== Address 0x3F159AF8 is 64 bytes inside a block of size 116 free'd ==3245== at 0x3C01C851: free (vg_replace_malloc.c:127) ==3245== by 0x3D4CB2A1: g_free (gmem.c:186) ==3245== by 0x3C407D0A: destroy (htmlobject.c:74) ==3245== by 0x3C3CC55B: destroy (htmlclue.c:56) ==3245== by 0x3C3CE617: destroy (htmlclueflow.c:107) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3CC52B: destroy (htmlclue.c:51) ==3245== by 0x3C40924A: html_object_destroy (htmlobject.c:834) ==3245== by 0x3C3F8BBD: html_engine_parse (htmlengine.c:4879) ==3245== by 0x3C3C2C30: gtk_html_begin_full (gtkhtml.c:3332) ==3245== by 0x3E10DDC6: emhs_sync_write (em-html-stream.c:112) ==3245== by 0x3E10C246: emcs_gui_received (em-sync-stream.c:142)
The bug happens when there is a embeded widget in the gtkhtml layout. problem is that the a11y object for gtkhtml(object.c) do not inherit from gailcontainer. But when distroy such a embeded widget, gtk_container_remove() is called. When a11y is enabled, gail_container** will be invoked, so thing will go wrong.
Index: object.c =================================================================== RCS file: /cvs/gnome/gtkhtml/a11y/object.c,v retrieving revision 1.4 diff -u -r1.4 object.c --- object.c 6 Aug 2003 10:47:16 -0000 1.4 +++ object.c 21 May 2004 09:42:16 -0000 @@ -59,12 +59,10 @@ * we are deriving from */ AtkObjectFactory *factory; - GType derived_type; GTypeQuery query; GType derived_atk_type; - derived_type = g_type_parent (GTK_TYPE_HTML); - factory = atk_registry_get_factory (atk_get_default_registry (), derived_type); + factory = atk_registry_get_factory (atk_get_default_registry (), GTK_TYPE_WIDGET); derived_atk_type = atk_object_factory_get_accessible_type (factory); g_type_query (derived_atk_type, &query); tinfo.class_size = query.class_size;
proposed fix
*** bug 258883 has been marked as a duplicate of this bug. ***
fixed in cvs.
*** bug 259298 has been marked as a duplicate of this bug. ***
*** bug 261123 has been marked as a duplicate of this bug. ***
*** bug 261124 has been marked as a duplicate of this bug. ***
*** bug 260566 has been marked as a duplicate of this bug. ***
Hi Gerardo, The stack trace of newer duplicate shows that it is not quite the same bug, so we may not duplicate them on this bug.
Oh sorry, I just realize this bug mentioned 2 problems, including the newer duplicated ones. So you are right.
*** bug 261460 has been marked as a duplicate of this bug. ***
*** bug 261658 has been marked as a duplicate of this bug. ***
*** bug 261497 has been marked as a duplicate of this bug. ***
*** bug 261499 has been marked as a duplicate of this bug. ***
*** bug 261829 has been marked as a duplicate of this bug. ***
*** bug 261863 has been marked as a duplicate of this bug. ***
*** bug 261908 has been marked as a duplicate of this bug. ***
*** bug 263700 has been marked as a duplicate of this bug. ***
*** bug 263933 has been marked as a duplicate of this bug. ***
*** bug 264320 has been marked as a duplicate of this bug. ***
*** bug 264539 has been marked as a duplicate of this bug. ***
*** bug 265848 has been marked as a duplicate of this bug. ***
*** bug 265880 has been marked as a duplicate of this bug. ***
*** bug 266084 has been marked as a duplicate of this bug. ***
*** bug 266208 has been marked as a duplicate of this bug. ***
*** Bug 274222 has been marked as a duplicate of this bug. ***
*** Bug 306969 has been marked as a duplicate of this bug. ***
*** Bug 307592 has been marked as a duplicate of this bug. ***
*** Bug 307593 has been marked as a duplicate of this bug. ***
*** Bug 308201 has been marked as a duplicate of this bug. ***