After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 300696 - Crash (100%CPU) on paste into mail editor
Crash (100%CPU) on paste into mail editor
Status: RESOLVED FIXED
Product: GtkHtml
Classification: Other
Component: Editing
unspecified
Other Linux
: Normal critical
: ---
Assigned To: gtkhtml-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2005-04-15 04:24 UTC by Luke Hutchison
Modified: 2005-08-08 04:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Luke Hutchison 2005-04-15 04:24:48 UTC 
Version details: 2.2.2

I got a lockup when pasting from the mail editor back into itself.

The message looked like this (numbers shown for reference only):

1: > Quoted text 1
2: > Quoted text 2
3: 
4: Non-quoted text
5:
6: >  Quoted text 3
7: > Quoted text 4

I selected lines 6-7, cut, moved to line 3, and pasted.  Evolution started
taking 100% CPU.

The backtrace obtained by attaching gdb is as follows:

0x06ef9535 in html_engine_get_insert_level_for_object (e=0xa0dc240,
    o=0x149523c0) at htmlengine-edit.c:776
776                             while (clue && clue->parent && (HTML_IS_CLUEV
(clue->parent) || HTML_IS_TABLE_CELL (clue->parent)))
(gdb) bt

+ Trace 58203

  • #0 html_engine_get_insert_level_for_object
    at htmlengine-edit.c line 776
  • #1 html_engine_paste_object
    at htmlengine-edit-cut-and-paste.c line 1105
  • #2 html_engine_paste
    at htmlengine-edit-cut-and-paste.c line 1117
  • #3 selection_received
    at gtkhtml.c line 2058
  • #4 gtk_marshal_VOID__UINT_STRING
    from /usr/lib/libgtk-x11-2.0.so.0
  • #5 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #6 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #7 g_signal_stop_emission
    from /usr/lib/libgobject-2.0.so.0
  • #8 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #9 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #10 gtk_selection_clear
    from /usr/lib/libgtk-x11-2.0.so.0
  • #11 gtk_selection_convert
    from /usr/lib/libgtk-x11-2.0.so.0
  • #12 gtk_html_request_paste
    at gtkhtml.c line 2184
  • #13 gtk_html_paste
    at gtkhtml.c line 4261
  • #14 command
    at gtkhtml.c line 4699
  • #15 gtk_html_command
  • #16 command_cb
    at menubar.c line 554
  • #17 bonobo_socket_add_id
    from /usr/lib/libbonoboui-2.so.0
  • #18 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #19 bonobo_closure_invoke_va_list
    from /usr/lib/libbonobo-2.so.0
  • #20 bonobo_closure_invoke
    from /usr/lib/libbonobo-2.so.0
  • #21 ??
  • #22 ??
  • #23 ??
  • #24 ??
  • #25 ??
  • #26 ??
  • #27 g_object_ref
    from /usr/lib/libgobject-2.0.so.0 


The source surrounding the line in the top stack frame is:


771
772             if (level > 3) {
773                     if (e && e->cursor->object && e->cursor->object->parent
&& e->cursor->object->parent->parent && html_object_is_clue
(e->cursor->object->parent->parent)) {
774                             HTMLObject *clue =
e->cursor->object->parent->parent;
775
776                             while (clue && clue->parent && (HTML_IS_CLUEV
(clue->parent) || HTML_IS_TABLE_CELL (clue->parent)))
777                                    cursor_level ++;
778                     }
779             }
780


The code appears stuck in lines 776-777.  cursor_level is not even referenced in
the while condition, so this is an infinite loop if it can be executed even
once, as long as the two macros referenced don't contain references to
cursor_level.  If they do, there is a loop in the data structure somewhere.

Thanks!
Comment 1 Subodh Soni 2005-05-16 09:15:43 UTC 
Luke: I am not able to replicate the bug as mentioned by you. I followed the
steps as described in the bug report but was unable to replicate the bug. My
gtkhtml versions are:
gtkhtml2-3.6.2.0.200505010300-0.snap.novell.0.1
libgtkhtml-2.6.1-2.1
Comment 2 Luke Hutchison 2005-05-16 13:57:24 UTC 
Evolution uses gtkhtml3, not gtkhtml2, but maybe SUSE's package names are just
weird, because the version numbers line up:

$ rpm -qa | grep gtkhtml
gtkhtml3-3.6.2-1
gtkhtml3-debuginfo-3.6.2-1
gtkhtml2-2.6.3-1
gnome-python2-gtkhtml2-2.10.0-2.1

In CVS it appears that the module "gtkhtml" is actually gtkhtml3, and gtkhtml2
is what you have as libgtkhtml...

Anyway, I checked gtkhtml in GNOME CVS:

http://cvs.gnome.org/viewcvs/gtkhtml/src/htmlengine-edit.c?view=markup

It appears this has not been fixed in CVS head, at least in theory -- look at
the very end:

int
html_engine_get_insert_level_for_object (HTMLEngine *e, HTMLObject *o)
{
	int cursor_level = 3, level = html_object_get_insert_level (o);

	if (level > 3) {
		if (e && e->cursor->object && e->cursor->object->parent &&
e->cursor->object->parent->parent && html_object_is_clue
(e->cursor->object->parent->parent)) {
			HTMLObject *clue = e->cursor->object->parent->parent;

			while (clue && clue->parent && (HTML_IS_CLUEV (clue->parent) ||
HTML_IS_TABLE_CELL (clue->parent)))
			       cursor_level ++;
		}
	}

	return MIN (level, cursor_level);
}


I used to remember what to do to replicate this 100%, but a quick test failed to
turn up anything.  I know I've seen this again recently though, but it seems
harder to trigger now.
Comment 3 Ganesh (Novell) 2005-05-18 09:44:13 UTC 
The code you are poiting out is same as the bug for #272976. I hope to commit a
fix for this soon.
Comment 4 Ganesh (Novell) 2005-05-19 09:45:38 UTC 

*** This bug has been marked as a duplicate of 272976 ***
Comment 5 Kaushal Kumar 2005-08-05 10:46:05 UTC 
Re-opening.
Comment 6 Kaushal Kumar 2005-08-08 04:43:21 UTC 
Fixed in the cvs Head. Kindly verify in the next release.