another crash:

+ Trace 211538

(gdb) set print pretty
(gdb) set print array
(gdb) print *uid
$1 = 0 '\0'


and this is the end of the console output:

===========
DB SQL operation [SELECT uid, flags, size, dsent, dreceived, subject, mail_from, mail_to, mail_cc, mlist, part, labels, usertags, cinfo, bdata FROM 'Memberships/FLOSS/Ubuntu-packages' WHERE uid = 'es/DynDNS'] started
DB Operation ended. Time Taken : 0.000102
###########
CamelException.set(0x7fff9e8cd5b0, 2, 'no uid [es/DynDNS] exists')

camel_db_select:
SELECT uid, flags, size, dsent, dreceived, subject, mail_from, mail_to, mail_cc, mlist, part, labels, usertags, cinfo, bdata FROM 'Memberships/FLOSS/Ubuntu-packages' WHERE uid = 'es/DynDNS' 

===========
DB SQL operation [SELECT uid, flags, size, dsent, dreceived, subject, mail_from, mail_to, mail_cc, mlist, part, labels, usertags, cinfo, bdata FROM 'Memberships/FLOSS/Ubuntu-packages' WHERE uid = 'es/DynDNS'] started
DB Operation ended. Time Taken : 0.000097
###########

(evolution:16053): camel-CRITICAL **: camel_object_is: assertion `o != NULL' failed

(evolution:16053): camel-CRITICAL **: camel_object_ref: assertion `CAMEL_IS_OBJECT(o)' failed

It is worth noting I *do* have an IMAP folder called "Utilities/DynDNS", so this indeed seems like a memory overrun.

was it reproducible? Did you try a run on valgrind --tool=memcheck ? That would be lot useful

Srini, I did not yet run Valgrind on it. But -- as I sort of expected --, after I removed the "Unread" search folder I did not experience the SIGSEGV again.

I will add the search folder again, and start Evo under Valgrind (and go to bed). Hopelly this will provide us some insight.

Created attachment 126772 [details]
valgrind log

Here you go. I see some unresolved symbols -- probably an update to my system caused a debug library to be dropped. I will find out which libraries got updated, and reload the corresponding DBG.

Meanwhile, I hope this can help. There seem to be quite some memory losses.

It seems to be a uid is over-freed. Hggdh, I know you build/frequently daily from svn. Since when are you seeing this on trunk?

*** Bug 568448 has been marked as a duplicate of this bug. ***

*** Bug 568452 has been marked as a duplicate of this bug. ***

*** Bug 568549 has been marked as a duplicate of this bug. ***

srag, since about 2 weeks ago.

Never mind, I found a way to reproduce it. I will fix it pro'lly today.

Created attachment 126965 [details] [review]
Don't strdup when it should be just str-reffed

Your patch here  :-)

OK. I am now running with the patch on, and back with an "unread" search folder, threaded by subject.

Should be a few days to be sure.

I did not get the *same* SEGV...

I was on my unread search folder, Ctrl-K each message (thus forcing updates).

I suddenly got a SEGV on IA__g_str_hash; restarted Evo, and got immediately hit by another SEGV, now on IA__g_slice_alloc. Again restarted Evolution, everything fine.

I opened bug 568750 on that.

Well... indeed, now, as soon as I Ctrl-K on an email in the unread search folder, I get the SEGV above.

Created attachment 127056 [details]
valgrind log

It seems to be a timing issue. I was able to get a SEGV just by marking read an email when in the unread search folder. So I ran Evo under Valgrind to see what happened.

So what happened... no SEGV.

I am attaching the valgrind log, anyway/

Ends up this is a duplicate of bug 562449, and I am marking as such. The patches here do not apply -- I am running trunk, and the patches were for stable 2.24.3.

*** This bug has been marked as a duplicate of 562449 ***

*** Bug 569421 has been marked as a duplicate of this bug. ***

Infact this is a separate bug. Im keeping it open.

Commited to stable/trunk. But I will leave the bug open, so close when you don't see the crash again. I never happend to get it really.

I'm still seeing this on 2.26.1:

+ Trace 218526

Milan, per bug 574940, the previous comment is a trace from this new crasher.  Any thoughts moving forward?

Perhaps this will all just become moot.  If I find some time today, perhaps I will update to Ubuntu 9.20 RC which has gnome 2..28 and see what new crop of bugs is waiting.  :-/

In any case, maybe I won't get time so how shall we pursue this crasher?

(In reply to comment #21)
> Any thoughts moving forward?

I was trying to reproduce it on my machine, with some similar virtual folders, but with no luck. I left it running couple hours and it didn't want to crash, neither in this particular function. I didn't try with gmane yet, maybe that's the difference.

I will appreciate if you can move to latest stable (2.28), as it's much easier to manage code changes there.

Maybe try a valgrind log again? I lost all the ideas how to track this down.

Can you please check again whether this issue still happens in Evolution 2.32.2 or 3.0 and update this report by adding a comment and changing the "Version"
field? Thanks a lot.

Please feel free to reopen the bug if the problem still occurs with a newer
version of GNOME 3.0.1 or later, thanks.