Bug 523402 – Crash on paste event in calendar

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 523402 - Crash on paste event in calendar


Summary:	Crash on paste event in calendar


Status:	RESOLVED FIXED

Product:	evolution
Classification:	Applications
Component:	Calendar
Version:	2.22.x (obsolete)
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	---
Assigned To:	evolution-calendar-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	513550 528362 530655 531022 531919 532182 (view as bug list)
Depends on:
Blocks:

Reported:	2008-03-19 16:58 UTC by Milan Crha
Modified:	2008-09-02 08:52 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
proposed evo patch (1.12 KB, patch) 2008-03-19 17:06 UTC, Milan Crha	committed	Details \| Review
proposed evo patch (additional) (1.65 KB, patch) 2008-04-18 10:05 UTC, Milan Crha	none	Details \| Review
proposed evo patch (additional) (1.67 KB, patch) 2008-04-18 10:09 UTC, Milan Crha	committed	Details \| Review

Description Milan Crha 2008-03-19 16:58:43 UTC

I tried cut&paste the even form one day to other and it crashed with double free with this trace:

Program received signal SIGABRT, Aborted.
(gdb) bt

+ Trace 192869

#0 raise
at ../nptl/sysdeps/unix/sysv/linux/raise.c line 64
#1 abort
at abort.c line 88
#2 __libc_message
at ../sysdeps/unix/sysv/linux/libc_fatal.c line 170
#3 _int_free
at malloc.c line 5891
#4 __libc_free
at malloc.c line 3626
#5 IA__g_free
at gmem.c line 190
#6 e_cal_component_free_datetime
at e-cal-component.c line 4731
#7 e_calendar_view_add_event
at e-calendar-view.c line 374
#8 clipboard_get_text_cb
at e-calendar-view.c line 831
#9 request_text_received_func
at gtkclipboard.c line 940
#10 selection_received
at gtkclipboard.c line 852
#11 _gtk_marshal_VOID__BOXED_UINT
at gtkmarshalers.c line 1584
#12 IA__g_closure_invoke
at gclosure.c line 490
#13 signal_emit_unlocked_R
at gsignal.c line 2440
#14 IA__g_signal_emit_valist
at gsignal.c line 2199
#15 IA__g_signal_emit_by_name
at gsignal.c line 2267
#16 gtk_selection_retrieval_report
at gtkselection.c line 2772
#17 IA__gtk_selection_convert
at gtkselection.c line 1083
#18 IA__gtk_clipboard_request_contents
at gtkclipboard.c line 904
#19 IA__gtk_clipboard_request_text
at gtkclipboard.c line 976
#20 e_calendar_view_paste_clipboard
at e-calendar-view.c line 861
#21 on_paste
at e-calendar-view.c line 1659
#22 ep_activate
at e-popup.c line 305
#23 IA__g_cclosure_marshal_VOID__VOID
at gmarshal.c line 77
#24 IA__g_closure_invoke
at gclosure.c line 490
#25 signal_emit_unlocked_R
at gsignal.c line 2440
#26 IA__g_signal_emit_valist
at gsignal.c line 2199
#27 IA__g_signal_emit
at gsignal.c line 2243
#28 IA__gtk_widget_activate
at gtkwidget.c line 4707
#29 IA__gtk_menu_shell_activate_item
at gtkmenushell.c line 1145
#30 gtk_menu_shell_button_release
at gtkmenushell.c line 669
#31 gtk_menu_button_release
at gtkmenu.c line 2725
#32 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 84
#33 g_type_class_meta_marshal
at gclosure.c line 567
#34 IA__g_closure_invoke
at gclosure.c line 490
#35 signal_emit_unlocked_R
at gsignal.c line 2478
#36 IA__g_signal_emit_valist
at gsignal.c line 2209
#37 IA__g_signal_emit
at gsignal.c line 2243
#38 gtk_widget_event_internal
at gtkwidget.c line 4676
#39 IA__gtk_widget_event
at gtkwidget.c line 4476
#40 IA__gtk_propagate_event
at gtkmain.c line 2336
#41 IA__gtk_main_do_event
at gtkmain.c line 1556
#42 gdk_event_dispatch
at gdkevents-x11.c line 2365
#43 g_main_dispatch
at gmain.c line 2003
#44 IA__g_main_context_dispatch
at gmain.c line 2555
#45 g_main_context_iterate
at gmain.c line 2636
#46 IA__g_main_loop_run
at gmain.c line 2844
#47 bonobo_main
at bonobo-main.c line 311
#48 main
at main.c line 782

Comment 1 Milan Crha 2008-03-19 17:06:39 UTC

Created attachment 107636 [details] [review]
proposed evo patch

for evolution;

Seems like icaltimezone_get_tzid returns its own local value, thus do not free it.
Is it related to Chen's recent changes in libical memory management?

Comment 2 Chenthill P 2008-04-17 05:59:15 UTC

I don think its related to the libical changes. Timezones piece of code in libical was never touched. This has been a regression due to https://bugzilla.gnome.org/attachment.cgi?id=95339&action=view which both of us has missed :(

The patch looks good to commit.

Comment 3 Srinivasa Ragavan 2008-04-17 06:28:20 UTC

commit to stable and trunk.

Comment 4 Milan Crha 2008-04-17 10:03:50 UTC

Committed to trunk. Committed revision 35376.
Committed to gnome-2-22. Committed revision 35377.

Comment 5 Milan Crha 2008-04-17 10:09:06 UTC

(In reply to comment #2)
> I don think its related to the libical changes. Timezones piece of code in
> libical was never touched. This has been a regression due to
> https://bugzilla.gnome.org/attachment.cgi?id=95339&action=view which both of us
> has missed :(

I just wonder whether we should not revert (or better improve) that patch, because it's possible it will crash even on other places, what do you think?

Comment 6 Chenthill P 2008-04-18 07:14:45 UTC

You need not revert the patch. Just set the tzid to NULL in other places as well if the memory for tzid is a const before calling e_cal_component_free_datetime or the tzid should be duped. The ECalComponentDateTime should be free'ed anyways. I see in some places the tzid is set to NULL before free'ing. So it would be good to fix up the areas which are bad.

Comment 7 Milan Crha 2008-04-18 10:05:02 UTC

Created attachment 109477 [details] [review]
proposed evo patch (additional)

for evolution;

Believe or not, but it seems like all other places are fine. As far as I read the code. Unfortunately I found two little weak places, so here's a patch.

Comment 8 Milan Crha 2008-04-18 10:09:16 UTC

Created attachment 109478 [details] [review]
proposed evo patch (additional)

for evolution;

(err, compiler warnings)

Comment 9 Milan Crha 2008-04-22 16:43:20 UTC

*** Bug 513550 has been marked as a duplicate of this bug. ***

Comment 10 Akhil Laddha 2008-04-30 07:49:06 UTC

*** Bug 530655 has been marked as a duplicate of this bug. ***

Comment 11 Chenthill P 2008-05-02 08:06:22 UTC

The patch at comment #8 looks good to commit. 

W.r.t patch mentioned at comment #2, the tzid must be reset to NULL in some more places at e-day-view.c. Am listing the bit of code here,

+		e_cal_component_get_dtstart (comp, &ecdt);
+		is_date = ecdt.value && ecdt.value->is_date;
 		if (!is_date)
 			date.tzid = icaltimezone_get_tzid (e_calendar_view_get_timezone (E_CALENDAR_VIEW (day_view)));
 		dt = day_view->day_starts[day_view->resize_start_row];
 		*date.value = icaltime_from_timet_with_zone (dt, is_date,
 							     e_calendar_view_get_timezone (E_CALENDAR_VIEW (day_view)));
 		e_cal_component_set_dtstart (comp, &date);
+		e_cal_component_free_datetime (&ecdt);

Comment 12 Akhil Laddha 2008-05-08 14:48:00 UTC

*** Bug 531919 has been marked as a duplicate of this bug. ***

Comment 13 Akhil Laddha 2008-05-08 16:25:30 UTC

*** Bug 532182 has been marked as a duplicate of this bug. ***

Comment 14 Das Auge 2008-05-08 22:04:30 UTC

I can confirm this bug. see bug 531919

Comment 15 André Klapper 2008-05-10 00:11:21 UTC

*** Bug 528362 has been marked as a duplicate of this bug. ***

Comment 16 Suman Manjunath 2008-05-23 11:19:12 UTC

Patch committed to stable (gnome-2-22) branch as r35532
http://svn.gnome.org/viewvc/evolution?view=revision&revision=35532

Patch committed to SVN trunk as r35533
http://svn.gnome.org/viewvc/evolution?view=revision&revision=35533

Comment 17 Milan Crha 2008-05-27 18:28:00 UTC

Because also the second patch has been committed, then I'm setting this as fixed.

Comment 18 Milan Crha 2008-09-02 08:52:59 UTC

*** Bug 531022 has been marked as a duplicate of this bug. ***