After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 348679 - [patch]Crash removing an http:// Attachment
[patch]Crash removing an http:// Attachment
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
2.6.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
: 422536 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-07-25 18:52 UTC by Karsten Bräckelmann
Modified: 2007-03-30 23:59 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
proposed patch (2.53 KB, patch)
2006-10-18 19:29 UTC, parthasarathi susarla 		committed Details | Review

Description Karsten Bräckelmann 2006-07-25 18:52:50 UTC 
I was composing a new mail. Accidentally added a new attachment by drag-n-drop a link from Firefox to the Composer (wanted to get the URL in the mail body only). The link I accidentally attached is a PDF file, about 10 MByte large, http:// source.

The attachment can not have been pulled from the net before I clicked the attachment. Also, the icon still was some place-holder with a large questionmark.

On right clicking the attachment to remove it, Evo crashed instantly.
Reproducible.


Note: Why is org_gnome_evolution_import_ics_attachments() being called at all here?


Evolution 2.6.2+, patch for bug 342242 applied

Including the crashing, top-most thread only.


Backtrace was generated from '/opt/gnome-2.14/bin/evolution-2.6'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1230387520 (LWP 8177)]
[New Thread -1346184272 (LWP 9339)]
[Thread debugging using libthread_db enabled]
[New Thread -1230387520 (LWP 8177)]
[New Thread -1346184272 (LWP 9339)]
[Thread debugging using libthread_db enabled]
[New Thread -1230387520 (LWP 8177)]
[New Thread -1346184272 (LWP 9339)]
[New Thread -1330672720 (LWP 8523)]
[New Thread -1322280016 (LWP 8522)]
[New Thread -1309017168 (LWP 8304)]
[New Thread -1296671824 (LWP 8237)]
[New Thread -1288094800 (LWP 8236)]
[New Thread -1279698000 (LWP 8186)]
[New Thread -1269937232 (LWP 8185)]
[New Thread -1261151312 (LWP 8183)]
[New Thread -1252709456 (LWP 8181)]
[New Thread -1244316752 (LWP 8180)]
[New Thread -1235924048 (LWP 8179)]
0xffffe410 in ?? ()

+ Trace 69616

  • #0 ??
  • #1 ??
  • #2 ??
  • #3 ??
  • #4 __waitpid_nocancel
    from /lib/tls/libpthread.so.0
  • #5 libgnomeui_segv_handle
    at gnome-ui-init.c line 820
  • #6 <signal handler called>
  • #7 org_gnome_evolution_import_ics_attachments
    at icsimporter.c line 101
  • #8 epl_invoke
    at e-plugin.c line 863
  • #9 e_plugin_invoke
    at e-plugin.c line 652
  • #10 emph_popup_factory
    at e-popup.c line 741
  • #11 e_popup_create_menu
    at e-popup.c line 271
  • #12 e_popup_create_menu_once
    at e-popup.c line 575
  • #13 emcab_popup
    at e-msg-composer.c line 3681
  • #14 button_press_event
    at e-msg-composer.c line 3713
  • #15 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 83
  • #16 IA__g_closure_invoke
    at gclosure.c line 490
  • #17 signal_emit_unlocked_R
    at gsignal.c line 2438
  • #18 IA__g_signal_emit_valist
    at gsignal.c line 2207
  • #19 IA__g_signal_emit
    at gsignal.c line 2241
  • #20 gtk_widget_event_internal
    at gtkwidget.c line 3751
  • #21 IA__gtk_propagate_event
    at gtkmain.c line 2195
  • #22 IA__gtk_main_do_event
    at gtkmain.c line 1424
  • #23 gdk_event_dispatch
    at gdkevents-x11.c line 2291
  • #24 IA__g_main_context_dispatch
    at gmain.c line 1916
  • #25 g_main_context_iterate
    at gmain.c line 2547
  • #26 IA__g_main_loop_run
    at gmain.c line 2751
  • #27 bonobo_main
    at bonobo-main.c line 311
  • #28 main
    at main.c line 611 






Comment 1


Karsten Bräckelmann





          2006-07-25 18:56:33 UTC
        



Stacktrace very similar to the one in bug 331435.

However, please note this significant difference in the stacktrace above:
  e_plugin_invoke (ep=0x0, name=0x0, data=0x0)







Comment 2


Karsten Bräckelmann





          2006-07-25 19:14:12 UTC
        



Also, bug 332280 got a similar stacktrace. The difference in all these cases are the passed values and NULL pointers...







Comment 3


parthasarathi susarla





          2006-10-18 19:29:09 UTC
        



Created attachment 74970 [details] [review]
proposed patch

Accessing the structure members directly (as was the case) is the reason for the crash.
The cameldatawrapper class provides methods to determine mime type, use that instead of trying to access the member variable. 

The attached patch fixes the issue.






Comment 4


parthasarathi susarla





          2006-11-28 18:26:18 UTC
        



This patch has been committed to head.






Comment 5


Veerapuram Varadhan





          2006-11-29 08:55:01 UTC
        



Thanks for the fix.  Can you commit it to STABLE as well?






Comment 6


Susana





          2007-03-30 23:59:24 UTC
        



*** Bug 422536 has been marked as a duplicate of this bug. ***