GNOME Bugzilla – Bug 588959
Expanding appointment crashes Evolution
Last modified: 2012-10-19 10:38:49 UTC
Steps to reproduce: 1. Change to the Calendar view, select a time slot and start typing a description 2. without pressing Enter, expand the time slot downwards to alter the end time 3. Watch Evolution disappear... Stack trace: Other information:
Thanks for taking the time to report this bug. Without a stack trace from the crash it's very hard to determine what caused it. Can you get us a stack trace? Please see http://live.gnome.org/GettingTraces for more information on how to do so. Thanks in advance!
I can reproduce on 2.29.1 System: Linux 2.6.27.21-0.1-pae #1 SMP 2009-03-31 14:50:44 +0200 i686 X Vendor: The X.Org Foundation X Vendor Release: 10502000 Selinux: No Accessibility: Enabled GTK+ Theme: Gilouche Icon Theme: Gilouche GTK+ Modules: canberra-gtk-module, gail:atk-bridge, gnomebreakpad Memory status: size: 270831616 vsize: 270831616 resident: 39485440 share: 26554368 rss: 39485440 rss_rlim: 18446744073709551615 CPU usage: start_time: 1251358672 rtime: 390 utime: 356 stime: 34 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100 Backtrace was generated from '/home/akhil/opt/gnome2/bin/evolution' [?1034h[Thread debugging using libthread_db enabled] [New Thread 0xa786fb90 (LWP 6492)] [New Thread 0xaa698b90 (LWP 6360)] [New Thread 0xabed0b90 (LWP 6358)] [New Thread 0xaaeceb90 (LWP 6357)] [New Thread 0xb2111b90 (LWP 6352)] [New Thread 0xb2912b90 (LWP 6351)] [New Thread 0xb31ffb90 (LWP 6350)] [New Thread 0xb3bf0b90 (LWP 6349)] [New Thread 0xb541bb90 (LWP 6347)] [New Thread 0xb4c1ab90 (LWP 6346)] 0xffffe430 in __kernel_vsyscall ()
+ Trace 217173
Thread 1 (Thread 0xb6084760 (LWP 6332))
----------- .xsession-errors (13548 sec old) --------------------- ** (nautilus:4112): WARNING **: Unable to add monitor: Not supported ** (nautilus:4112): WARNING **: Unable to add monitor: Not supported Nautilus-Share-Message: REFRESHING SHARES Nautilus-Share-Message: ------------------------------------------ Nautilus-Share-Message: spawn arg "net" Nautilus-Share-Message: spawn arg "usershare" Nautilus-Share-Message: spawn arg "info" Nautilus-Share-Message: end of spawn args; SPAWNING Nautilus-Share-Message: returned from spawn: SUCCESS: Nautilus-Share-Message: exit code 255 Nautilus-Share-Message: ------------------------------------------ Nautilus-Share-Message: Called "net usershare info" but it failed: 'net usershare' returned error 255: net usershare: usershares are currently disabled --------------------------------------------------
see bug 395009 also
*** Bug 600423 has been marked as a duplicate of this bug. ***
(In reply to comment #3) > see bug 395009 also It can be this. I think I saw another too, quite old. the problem is the even get lost too early and then it crashes, if I recall correctly.
Similar downstream bug report from 2.32.0: https://bugzilla.redhat.com/show_bug.cgi?id=653534 Program terminated with signal 11, Segmentation fault.
+ Trace 224697
Thread 8 (Thread 17109)
Thread 1 (Thread 16443)
Just got similar crash in Evolution 3.1.2. I had 4 events created in line (one by one in day view) and was deleting them one by one. (evolution:10020): calendar-gui-WARNING **: tooltip_get_view_event: index 3 is out of bounds [0,3) at array 0x9a52648 Program received signal SIGSEGV, Segmentation fault. 0xb5715218 in e_day_view_on_text_item_event (item=0x9a5dd48, event=0x9af1e70, day_view=0x9a56460) at e-day-view.c:6309 6309 pevent->x = ((GdkEventMotion *) event)->x_root; (gdb) bt
+ Trace 227187
*** Bug 643566 has been marked as a duplicate of this bug. ***
still there in 3.0.0 More information: when clicking at an empty space in the calendar view (time without an appointment), it seems to work around the problem. But not resolved at all. TODO: set version to 3.0.0
Really want to postpone fixing a crash?
I cann't reproduce the crash with Evolution 3.2.1 but i see invalid reads while following steps from original bug description ==11550== Invalid read of size 4 ==11550== at 0x7463852: e_day_view_on_event_click (e-day-view.c:3539) ==11550== by 0x74631C7: e_day_view_on_event_button_press (e-day-view.c:3359) ==11550== by 0x7462B99: e_day_view_on_main_canvas_button_press (e-day-view.c:3196) ==11550== by 0x50E2571: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85) ==11550== by 0x5859E13: g_closure_invoke (gclosure.c:774) ==11550== by 0x5872590: signal_emit_unlocked_R (gsignal.c:3272) ==11550== by 0x5871A0F: g_signal_emit_valist (gsignal.c:3013) ==11550== by 0x5871C6F: g_signal_emit (gsignal.c:3060) ==11550== by 0x526DE5F: gtk_widget_event_internal (gtkwidget.c:6132) ==11550== by 0x526D6EC: gtk_widget_event (gtkwidget.c:5848) ==11550== by 0x50E23D3: gtk_propagate_event (gtkmain.c:2614) ==11550== by 0x50E0FC0: gtk_main_do_event (gtkmain.c:1837) ==11550== Address 0xfc97d90 is 0 bytes inside a block of size 64 free'd ==11550== at 0x4028FDB: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11550== by 0x58D983D: g_array_maybe_expand (garray.c:689) ==11550== by 0x58D8DB9: g_array_append_vals (garray.c:353) ==11550== by 0x74660C6: e_day_view_add_event (e-day-view.c:4584) ==11550== by 0x745BFBF: process_component (e-day-view.c:742) ==11550== by 0x745C38C: model_rows_inserted_cb (e-day-view.c:845) ==11550== by 0x43ED63B: e_marshal_VOID__INT_INT (e-marshal.c:1092) ==11550== by 0x5859E13: g_closure_invoke (gclosure.c:774) ==11550== by 0x5872590: signal_emit_unlocked_R (gsignal.c:3272) ==11550== by 0x5871983: g_signal_emit_valist (gsignal.c:3003) ==11550== by 0x5871C6F: g_signal_emit (gsignal.c:3060) ==11550== by 0x42560CB: e_table_model_rows_inserted (e-table-model.c:556) ==11550== ==11550== Invalid read of size 4 ==11550== at 0x4386DB6: gnome_canvas_item_raise_to_top (gnome-canvas.c:760) ==11550== by 0x746385B: e_day_view_on_event_click (e-day-view.c:3539) ==11550== by 0x74631C7: e_day_view_on_event_button_press (e-day-view.c:3359) ==11550== by 0x7462B99: e_day_view_on_main_canvas_button_press (e-day-view.c:3196) ==11550== by 0x50E2571: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85) ==11550== by 0x5859E13: g_closure_invoke (gclosure.c:774) ==11550== by 0x5872590: signal_emit_unlocked_R (gsignal.c:3272) ==11550== by 0x5871A0F: g_signal_emit_valist (gsignal.c:3013) ==11550== by 0x5871C6F: g_signal_emit (gsignal.c:3060) ==11550== by 0x526DE5F: gtk_widget_event_internal (gtkwidget.c:6132) ==11550== by 0x526D6EC: gtk_widget_event (gtkwidget.c:5848) ==11550== by 0x50E23D3: gtk_propagate_event (gtkmain.c:2614) ==11550== Address 0xe75e510 is 0 bytes inside a block of size 376 free'd ==11550== at 0x4028053: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11550== by 0x592D0ED: g_slice_free1 (gslice.c:907) ==11550== by 0x5877458: g_type_free_instance (gtype.c:1930) ==11550== by 0x58625E8: g_object_unref (gobject.c:2759) ==11550== by 0x430068D: canvas_emit_event (e-canvas.c:156) ==11550== by 0x430151E: canvas_focus_out_event (e-canvas.c:582) ==11550== by 0x50E2571: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85) ==11550== by 0x585A118: g_type_class_meta_marshal (gclosure.c:885) ==11550== by 0x5859E13: g_closure_invoke (gclosure.c:774) ==11550== by 0x587274F: signal_emit_unlocked_R (gsignal.c:3310) ==11550== by 0x5871A0F: g_signal_emit_valist (gsignal.c:3013) ==11550== by 0x5871C6F: g_signal_emit (gsignal.c:3060)
Created attachment 207234 [details] [review] Patch for evolution From the warnings tooltip_get_view_event shows event is out of bound and hence returns NULL. Hence adding a NULL check.
Created attachment 207236 [details] [review] Patch for evolution From the warnings tooltip_get_view_event shows event is out of bound and hence returns NULL. Hence adding a NULL check.
(In reply to comment #13) > Created an attachment (id=207236) [details] [review] > Patch for evolution Typos should get fixed first, like /*In case event is out of bound pevent is NULL*/
I updated the patch slightly and included it in sources: Created commit 012a346 in evo master (3.7.1+) Created commit eb35c54 in evo gnome-3-6 (3.6.2+)