GNOME Bugzilla – Bug 432578
evolution crashes - html
Last modified: 2011-09-16 11:05:57 UTC
Steps to reproduce: 1. start evolution 2. start deleting unwanted emails, clicking quickly 3. crashes Stack trace: (gdb) cont Continuing. [New Thread -1372906608 (LWP 11883)] Program received signal SIGSEGV, Segmentation fault.
+ Trace 129986
Thread NaN (LWP 11430)
Other information: svn build 20070420
goes with the above BT. (evolution-2.10:11430): e-utils-WARNING **: Plugin 'SpamAssassin junk plugin' failed to load hook 'org.gnome.evolution.mail.junk:1.0' ** (evolution-2.10:11430): DEBUG: mailto URL command: evolution %s ** (evolution-2.10:11430): DEBUG: mailto URL program: evolution (evolution-2.10:11430): GLib-GObject-WARNING **: invalid uninstantiatable type `<invalid>' in cast to `HTMLEngine' (evolution-2.10:11430): gtkhtml-CRITICAL **: html_tokenizer_end: assertion `t && HTML_IS_TOKENIZER (t)' failed (evolution-2.10:11430): gtkhtml-CRITICAL **: html_tokenizer_has_more_tokens: assertion `t && HTML_IS_TOKENIZER (t)' failed (evolution-2.10:11430): gtkhtml-CRITICAL **: html_tokenizer_has_more_tokens: assertion `t && HTML_IS_TOKENIZER (t)' failed (evolution-2.10:11430): gtkhtml-CRITICAL **: html_tokenizer_has_more_tokens: assertion `t && HTML_IS_TOKENIZER (t)' failed Stacktrace: Native stacktrace: /usr/lib/libmono.so.0 [0xb6bd364b] /usr/lib/libmono.so.0 [0xb6ba60d4] [0xffffe440] /usr/lib/libgtkhtml-3.14.so.19(html_engine_stop_parser+0x3c) [0xb7ccac4c] /usr/lib/libgtkhtml-3.14.so.19 [0xb7ccaa60] /usr/lib/libgtkhtml-3.14.so.19 [0xb7ccb428] /usr/lib/libgtkhtml-3.14.so.19(gtk_html_stream_close+0x38) [0xb7c925f8] /usr/lib/evolution/2.10/components/libevolution-mail.so [0xb6345547] /usr/lib/evolution/2.10/components/libevolution-mail.so [0xb6356411] /usr/lib/libglib-2.0.so.0 [0xb717b40d] /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x182) [0xb7151df2] /usr/lib/libglib-2.0.so.0 [0xb7154dcf] /usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9) [0xb7155179] /usr/lib/libbonobo-2.so.0(bonobo_main+0x63) [0xb7a1fd53] evolution(main+0x307) [0x8060a65] /usr/lib/debug/libc.so.6(__libc_start_main+0xdc) [0xb6ff6ebc] evolution [0x80516f1] Debug info from gdb: Using host libthread_db library "/usr/lib/debug/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1234315552 (LWP 11430)] [New Thread -1372906608 (LWP 11883)] [New Thread -1355773040 (LWP 11517)] [New Thread -1338987632 (LWP 11508)] [New Thread -1330205808 (LWP 11458)] [New Thread -1321333872 (LWP 11453)] [New Thread -1312945264 (LWP 11452)] [New Thread -1304556656 (LWP 11451)] [New Thread -1292719216 (LWP 11450)] [New Thread -1248932976 (LWP 11448)] [New Thread -1247884400 (LWP 11432)] [New Thread -1247802480 (LWP 11431)] 0xb7099227 in ?? () from /usr/lib/debug/libc.so.6 12 Thread -1247802480 (LWP 11431) 0xb711927c in ?? () from /usr/lib/debug/libpthread.so.0 11 Thread -1247884400 (LWP 11432) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 10 Thread -1248932976 (LWP 11448) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 9 Thread -1292719216 (LWP 11450) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 8 Thread -1304556656 (LWP 11451) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 7 Thread -1312945264 (LWP 11452) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 6 Thread -1321333872 (LWP 11453) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 5 Thread -1330205808 (LWP 11458) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 4 Thread -1338987632 (LWP 11508) 0xb71161e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 3 Thread -1355773040 (LWP 11517) 0xb7118a81 in ?? () from /usr/lib/debug/libpthread.so.0 2 Thread -1372906608 (LWP 11883) 0xb7096639 in *__GI___poll ( fds=0xb7108ff4, nfds=8, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 1 Thread -1234315552 (LWP 11430) 0xb7099227 in ?? () from /usr/lib/debug/libc.so.6
+ Trace 129987
Thread 11 (Thread -1247884400 (LWP 11432))
================================================================= Got a SIGSEGV while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. =================================================================
Program received signal SIGSEGV, Segmentation fault.
+ Trace 129990
Thread 13 (Thread -1248035952 (LWP 31726))
CalDAV Eplugin starting up ... error : unterminated entity reference Exit (evolution-2.10:4224): evolution-mail-WARNING **: ignored this junk plugin: not enabled (evolution-2.10:4224): e-utils-WARNING **: Plugin 'SpamAssassin junk plugin' failed to load hook 'org.gnome.evolution.mail.junk:1.0' ** (evolution-2.10:4224): DEBUG: mailto URL command: evolution %s ** (evolution-2.10:4224): DEBUG: mailto URL program: evolution Stacktrace: Native stacktrace: /usr/lib/libmono.so.0 [0xb6b8e64b] /usr/lib/libmono.so.0 [0xb6b610d4] [0xffffe440] /usr/lib/libgtkhtml-3.14.so.19 [0xb7c9eab2] /usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x49) [0xb71929d9] /usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x12b) [0xb718562b] /usr/lib/libgobject-2.0.so.0 [0xb7196103] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x8c7) [0xb7197627] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29) [0xb71977e9] /usr/lib/libgdk_pixbuf-2.0.so.0 [0xb73ee436] /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so [0xad9c8e32] /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so [0xad9c96d3] /usr/lib/libgdk_pixbuf-2.0.so.0 [0xb73ee684] /usr/lib/libgdk_pixbuf-2.0.so.0(gdk_pixbuf_loader_write+0x189) [0xb73ef029] /usr/lib/libgtkhtml-3.14.so.19 [0xb7c9e830] /usr/lib/libgtkhtml-3.14.so.19(gtk_html_stream_write+0xc1) [0xb7c4d5f3] /usr/lib/evolution/2.10/components/libevolution-mail.so [0xb63004ae] /usr/lib/evolution/2.10/components/libevolution-mail.so [0xb6311335] /usr/lib/libglib-2.0.so.0 [0xb713640d] /usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x182) [0xb710cdf2] /usr/lib/libglib-2.0.so.0 [0xb710fdcf] /usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9) [0xb7110179] /usr/lib/libbonobo-2.so.0(bonobo_main+0x63) [0xb79dad53] evolution(main+0x307) [0x8060a65] /usr/lib/debug/libc.so.6(__libc_start_main+0xdc) [0xb6fb1ebc] evolution [0x80516f1] Debug info from gdb: Using host libthread_db library "/usr/lib/debug/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1234598176 (LWP 4224)] [New Thread -1381246064 (LWP 4356)] [New Thread -1372206192 (LWP 4267)] [New Thread -1347646576 (LWP 4259)] [New Thread -1338864752 (LWP 4249)] [New Thread -1330476144 (LWP 4248)] [New Thread -1321604208 (LWP 4244)] [New Thread -1293001840 (LWP 4243)] [New Thread -1310172272 (LWP 4242)] [New Thread -1301783664 (LWP 4241)] [New Thread -1249215600 (LWP 4239)] [New Thread -1248167024 (LWP 4229)] [New Thread -1248085104 (LWP 4228)] 0xb7027af4 in __libc_fork () at ../nptl/sysdeps/unix/sysv/linux/i386/../fork.c:127 in ../nptl/sysdeps/unix/sysv/linux/i386/../fork.c 13 Thread -1248085104 (LWP 4228) 0xb70d427c in ?? () from /usr/lib/debug/libpthread.so.0 12 Thread -1248167024 (LWP 4229) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 11 Thread -1249215600 (LWP 4239) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 10 Thread -1301783664 (LWP 4241) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 9 Thread -1310172272 (LWP 4242) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 8 Thread -1293001840 (LWP 4243) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 7 Thread -1321604208 (LWP 4244) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 6 Thread -1330476144 (LWP 4248) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 5 Thread -1338864752 (LWP 4249) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 4 Thread -1347646576 (LWP 4259) 0xb70d11e1 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/debug/libpthread.so.0 3 Thread -1372206192 (LWP 4267) 0xb70d3a81 in ?? () from /usr/lib/debug/libpthread.so.0 2 Thread -1381246064 (LWP 4356) 0xb7051639 in *__GI___poll (fds=0xb70c3ff4, nfds=8, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 1 Thread -1234598176 (LWP 4224) 0xb7027af4 in __libc_fork () at ../nptl/sysdeps/unix/sysv/linux/i386/../fork.c:127
+ Trace 129998
Thread 12 (Thread -1248167024 (LWP 4229))
It doesn't appear to be any particular email. If I hit the up or down arrow quickly cycling through emails, it appears that evolution cores in gtkhtml.
Created attachment 86860 [details] ddd screenshot evolution coring on update_or_redraw ddd listing of HTMLImagePointer
Not sure if this is correct but.... It appears that by moving quickly from one html message to another you can cause the creation of an HTMLImagePointer with required sub-structures being NULL?? I.E. HTMLImageFactory *factory; is null, but update_or_redraw (HTMLImagePointer *ip) attempts to dereference it at 1093 if (ip->factory->engine->block && ip->factory->engine->opened_streams)
0xffffe410 in __kernel_vsyscall () (gdb) cont Continuing. [New Thread -1349403760 (LWP 20953)] [Thread -1349403760 (LWP 20953) exited] [New Thread -1349403760 (LWP 20954)] [Thread -1349403760 (LWP 20954) exited] Program received signal SIGSEGV, Segmentation fault.
+ Trace 131467
Thread NaN (LWP 20854)
1088 update = TRUE; 1089 } 1090 } 1091 } 1092 1093 if (ip->factory->engine->block && ip->factory->engine->opened_streams) 1094 return; 1095 1096 if (!update) { 1097 /* printf ("REDRAW\n"); */ (gdb) print ip $1 = (HTMLImagePointer *) 0x89d44a8 (gdb) print ip->factory $2 = (HTMLImageFactory *) 0x0 (gdb) print ip->factory->engine Cannot access memory at address 0x0
The update_or_redraw one is a dupe of Bug 434262, but the original pop_element_by_type crash is a different problem. Could be something related to Bug 314558, but given the differing source lines, probably not.
l = e->span_stack->list; I've hit this again since the original posts -- but I can't remember which value is NULL,,, e, or e->span_stack, or e->span_stack->list -- but one of them is NULL -- I'll try to post which next time
This appears to have been fixed.
There have been reports from 2.22.3 which was released after 2008-02-20, hence reopening.
*** Bug 556647 has been marked as a duplicate of this bug. ***
*** Bug 558396 has been marked as a duplicate of this bug. ***
*** Bug 562313 has been marked as a duplicate of this bug. ***
bug 532165 should solve the crash mentioned in comment#7
*** This bug has been marked as a duplicate of bug 314558 ***