After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 666341 - [bbdb] Invalid free in bbdb_do_it
[bbdb] Invalid free in bbdb_do_it
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Plugins
3.2.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: Milan Crha
Evolution QA team
: 665866 671355 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2011-12-16 06:05 UTC by Milan Crha
Modified: 2012-04-05 11:58 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
evo patch (296 bytes, patch)
2011-12-16 09:22 UTC, Milan Crha 		committed Details | Review

Description Milan Crha 2011-12-16 06:05:10 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=767975

libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/bin/evolution
comment:        i had just clicked send in an email.
executable:     /usr/bin/evolution
kernel:         3.1.4-1.fc16.i686.PAE
reason:         Process /usr/bin/evolution was killed by signal 6 (SIGABRT)
time:           Thu 15 Dec 2011 12:29:40 PM GMT

*** glibc detected *** /usr/bin/evolution: free(): invalid pointer: 0x43b6c958 ***

Core was generated by `/usr/bin/evolution'.
Program terminated with signal 6, Aborted.

+ Trace 229286

Thread 7 (Thread 0xb78128c0 (LWP 10346))

  • #0 lookup_type_node_I
    at gtype.c line 393
  • #1 g_type_value_table_peek
    at gtype.c line 4152
  • #2 g_value_type_compatible
    at gvalue.c line 503
  • #3 g_value_copy
    at gvalue.c line 208
  • #4 gtk_style_properties_merge
    at gtkstyleproperties.c line 1006
  • #5 build_properties
    at gtkstylecontext.c line 931
  • #6 style_data_lookup
    at gtkstylecontext.c line 1034
  • #7 gtk_style_context_lookup_icon_set
    at gtkstylecontext.c line 2477
  • #8 gtk_widget_render_icon_pixbuf
    at gtkwidget.c line 9226
  • #9 gtk_image_calc_size
    at gtkimage.c line 1910
  • #10 gtk_image_get_preferred_height
    at gtkimage.c line 1976
  • #11 compute_size_for_orientation
    at gtksizerequest.c line 383
  • #12 gtk_button_get_size
    at gtkbutton.c line 1968
  • #13 compute_size_for_orientation
    at gtksizerequest.c line 383
  • #14 gtk_tool_item_get_preferred_height
    at gtktoolitem.c line 525
  • #15 compute_size_for_orientation
    at gtksizerequest.c line 383
  • #16 gtk_widget_get_preferred_size
    at gtksizerequest.c line 703
  • #17 toolbar_content_size_request
    at gtktoolbar.c line 3422
  • #18 gtk_toolbar_size_request
    at gtktoolbar.c line 925
  • #19 gtk_toolbar_get_preferred_width
    at gtktoolbar.c line 1036
  • #20 compute_size_for_orientation
    at gtksizerequest.c line 350
  • #21 gtk_box_get_size
    at gtkbox.c line 1033
  • #22 compute_size_for_orientation
    at gtksizerequest.c line 350
  • #23 gtk_window_get_preferred_width
    at gtkwindow.c line 6270
  • #24 compute_size_for_orientation
    at gtksizerequest.c line 350
  • #25 gtk_widget_get_preferred_size
    at gtksizerequest.c line 685
  • #26 gtk_window_compute_hints
    at gtkwindow.c line 7279
  • #27 gtk_window_compute_configure_request
    at gtkwindow.c line 6601
  • #28 gtk_window_move_resize
    at gtkwindow.c line 6832
  • #29 gtk_window_check_resize
    at gtkwindow.c line 6070
  • #30 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 85
  • #31 g_type_class_meta_marshal
    at gclosure.c line 885
  • #32 g_closure_invoke
    at gclosure.c line 774
  • #33 signal_emit_unlocked_R
    at gsignal.c line 3310
  • #34 g_signal_emit_valist
    at gsignal.c line 3003
  • #35 g_signal_emit
    at gsignal.c line 3060
  • #36 gtk_container_check_resize
    at gtkcontainer.c line 1771
  • #37 gtk_container_idle_sizer
    at gtkcontainer.c line 1661
  • #38 gdk_threads_dispatch
    at gdk.c line 754
  • #39 g_idle_dispatch
    at gmain.c line 4785
  • #40 g_main_dispatch
    at gmain.c line 2425
  • #41 g_main_context_dispatch
    at gmain.c line 2995
  • #42 g_main_context_iterate
    at gmain.c line 3073
  • #43 g_main_loop_run
    at gmain.c line 3281
  • #44 gtk_main
    at gtkmain.c line 1362
  • #45 main
    at main.c line 696

Thread 5 (Thread 0xb7611b40 (LWP 10347))

  • #0 __kernel_vsyscall
  • #1 read
    at ../sysdeps/unix/syscall-template.S line 82
  • #2 read
    at /usr/include/bits/unistd.h line 45
  • #3 unix_signal_helper_thread
    at gmain.c line 4551
  • #4 g_thread_create_proxy
    at gthread.c line 1962
  • #5 start_thread
    at pthread_create.c line 309
  • #6 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 133 






Comment 1


Akhil Laddha





          2011-12-16 08:45:47 UTC
        



duplicate of bug 654590 but that's closed






Comment 2


Milan Crha





          2011-12-16 09:13:31 UTC
        



yeah, I know there were some fixes in that area, but as it's 3.2.2, then it should work fine there. Thus I fixed it here. Your bug is without a fix, unfortunately.






Comment 3


Milan Crha





          2011-12-16 09:22:45 UTC
        



Created attachment 203640 [details] [review]
evo patch

for evolution;

Aah, got it, it is an invalid free, as glib says. There was left forgotten g_free() call, which was used on an uninitialized variable, thus it could free almost anything in the memory, or crash, like here.






Comment 4


Milan Crha





          2011-12-16 09:25:01 UTC
        



Created commit 8ec5982 in evo master (3.3.3+)
Created commit 4299a12 in evo gnome-3-2 (3.2.3+)






Comment 5


Akhil Laddha





          2012-03-06 03:56:26 UTC
        



*** Bug 671355 has been marked as a duplicate of this bug. ***






Comment 6


Milan Crha





          2012-04-05 11:58:04 UTC
        



*** Bug 665866 has been marked as a duplicate of this bug. ***