After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 676471 - [abrt] Double free when sorting by date columns in calendar
[abrt] Double free when sorting by date columns in calendar
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Calendar
3.6.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-calendar-maintainers
Evolution QA team
: 739597 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2012-05-21 07:34 UTC by Milan Crha
Modified: 2014-11-11 11:38 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Milan Crha 2012-05-21 07:34:32 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=823348

[abrt] evolution-3.2.3-3.fc16: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)

libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        evolution
crash_function: icaltimezone_load_builtin_timezone
executable:     /usr/bin/evolution
kernel:         3.3.5-2.fc16.i686.PAE
reason:         Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)
time:           Mon 21 May 2012 08:44:16 AM MYT

comment:
:When switching to 'calendar', this crash occurs.
:Reopening evolution leads to same problem (immediate crash).
:Launching with: evolution --express works, and after closing, will open without --express.
:Switching to calendar again results in a crash (either immediately or on first interaction).
:Note: Using remote calendar via google.

Core was generated by `evolution'.
Program terminated with signal 11, Segmentation fault.

+ Trace 230247

Thread 2 (Thread 0xb7494b40 (LWP 2160))

  • #0 __kernel_vsyscall
  • #1 read
    at ../sysdeps/unix/syscall-template.S line 82
  • #2 read
    at /usr/include/bits/unistd.h line 45
  • #3 unix_signal_helper_thread
    at gmain.c line 4567
  • #4 g_thread_create_proxy
    at gthread.c line 1962
  • #5 start_thread
    at pthread_create.c line 309
  • #6 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 133

Thread 1 (Thread 0xb77338c0 (LWP 2158))

  • #0 icaltimezone_load_builtin_timezone
    at icaltimezone.c line 1766
  • #1 icaltimezone_ensure_coverage
    at icaltimezone.c line 462
  • #2 icaltimezone_get_utc_offset_of_utc_time
    at icaltimezone.c line 969
  • #3 icaltimezone_convert_time
    at icaltimezone.c line 778
  • #4 icaltime_from_timet_with_zone
    at icaltime.c line 226
  • #5 e_week_view_add_event
    at e-week-view.c line 2753
  • #6 week_view_process_component
    at e-week-view.c line 232
  • #7 week_view_process_component
    at e-week-view.c line 202
  • #8 week_view_model_rows_inserted_cb
    at e-week-view.c line 360
  • #9 week_view_model_rows_inserted_cb
    at e-week-view.c line 337
  • #10 e_marshal_VOID__INT_INT
    at e-marshal.c line 1092
  • #11 g_closure_invoke
    at gclosure.c line 774
  • #12 signal_emit_unlocked_R
    at gsignal.c line 3272
  • #13 g_signal_emit_valist
    at gsignal.c line 3003
  • #14 g_signal_emit
    at gsignal.c line 3060
  • #15 e_table_model_rows_inserted
    at e-table-model.c line 556
  • #16 e_table_model_row_inserted
    at e-table-model.c line 574
  • #17 add_instance_cb
    at e-cal-model.c line 2224
  • #18 process_instances
    at e-cal-client.c line 1961
  • #19 generate_instances_for_object_got_objects_cb
    at e-cal-client.c line 1992
  • #20 got_objects_for_uid_cb
    at e-cal-client.c line 1711
  • #21 g_simple_async_result_complete
    at gsimpleasyncresult.c line 749
  • #22 finish_async_op
    at e-client.c line 2288
  • #23 async_result_ready_cb
    at e-client.c line 2325
  • #24 g_simple_async_result_complete
    at gsimpleasyncresult.c line 749
  • #25 complete_in_idle_cb
    at gsimpleasyncresult.c line 761
  • #26 g_idle_dispatch
    at gmain.c line 4801
  • #27 g_main_dispatch
    at gmain.c line 2441
  • #28 g_main_context_dispatch
    at gmain.c line 3011
  • #29 g_main_context_iterate
    at gmain.c line 3089
  • #30 g_main_loop_run
    at gmain.c line 3297
  • #31 gtk_main
    at gtkmain.c line 1362
  • #32 main
    at main.c line 709 






Comment 1


Milan Crha





          2012-05-21 07:35:44 UTC
        



Might be the same issue as described in bug #673197






Comment 2


Milan Crha





          2012-11-28 07:53:32 UTC
        



Similar crash from evolution-data-server 3.6.1:
https://bugzilla.redhat.com/show_bug.cgi?id=880864





+
Trace
    231234






Thread 1
          (Thread 0xb28eeb40 (LWP 10453))


    

  • 
#0
icaltimezone_load_builtin_timezone

    
                at icaltimezone.c
                  line
                  1766

    

    • 

  • 
#1
icaltimezone_ensure_coverage

    
                at icaltimezone.c
                  line
                  462

    

    • 

  • 
#2
icaltimezone_get_utc_offset_of_utc_time

    
                at icaltimezone.c
                  line
                  969

    

    • 

  • 
#3
icaltimezone_convert_time

    
                at icaltimezone.c
                  line
                  778

    

    • 

  • 
#4
icaltime_from_timet_with_zone

    
                at icaltime.c
                  line
                  226

    

    • 

  • 
#5
cal_object_time_from_time

    
                at e-cal-recur.c
                  line
                  3743

    

    • 

  • 
#6
??

    • 

  • 
#7
e_cal_recur_generate_instances_of_rule

    
                at e-cal-recur.c
                  line
                  808

    

    • 

  • 
#8
e_cal_recur_generate_instances

    
                at e-cal-recur.c
                  line
                  640

    

    • 

  • 
#9
func_occur_in_time_range

    
                at e-cal-backend-sexp.c
                  line
                  432

    

    • 

  • 
#10
e_sexp_term_eval

    
                at e-sexp.c
                  line
                  784

    

    • 

  • 
#11
term_eval_and

    
                at e-sexp.c
                  line
                  288

    

    • 

  • 
#12
e_sexp_term_eval

    
                at e-sexp.c
                  line
                  772

    

    • 

  • 
#13
e_sexp_eval

    
                at e-sexp.c
                  line
                  1700

    

    • 

  • 
#14
e_cal_backend_sexp_match_comp

    
                at e-cal-backend-sexp.c
                  line
                  1502

    

    • 

  • 
#15
caldav_start_view

    
                at e-cal-backend-caldav.c
                  line
                  4560

    

    • 

  • 
#16
e_cal_backend_start_view

    
                at e-cal-backend.c
                  line
                  1410

    

    • 

  • 
#17
calview_start_thread

    
                at e-data-cal-view.c
                  line
                  440

    

    • 

  • 
#18
g_thread_proxy

    
                at gthread.c
                  line
                  797

    

    • 

  • 
#19
start_thread

    
                at pthread_create.c
                  line
                  308

    

    • 

  • 
#20
clone

    
                at ../sysdeps/unix/sysv/linux/i386/clone.S
                  line
                  132

    

    • 













Comment 3


Milan Crha





          2014-11-04 11:41:07 UTC
        



Yet another downstream bug report from 3.12.7:
https://bugzilla.redhat.com/show_bug.cgi?id=1158711

--------------------------------------------------------------------------------

I managed to reproduce this when the Tasks, Memos or Calendar tables (list view) are sorted by a date column, which are Created, Last Modified, Start Date, End Date, Due Date and Completed. I believe it's the cause, for which I'll use this bug report (there happened a double free, which could free anything in the memory).






Comment 4


Milan Crha





          2014-11-04 14:40:34 UTC
        



Created commit 7af5d37 in evo master (3.13.8+) [1]
Created commit ca64c26 in evo evolution-3-12 (3.12.8+)

https://git.gnome.org/browse/evolution/commit/?id=7af5d37






Comment 5


Milan Crha





          2014-11-11 11:38:06 UTC
        



*** Bug 739597 has been marked as a duplicate of this bug. ***