GNOME Bugzilla – Bug 606811
evolution crashed in match_content_type at camel-folder-summary.c:5066
Last modified: 2013-09-13 01:04:52 UTC
Evolution 2.29.5 I searched for particular mails. After getting search results, i selected all the mails (which fulfilled search criteria) with mouse but some how all mails were opened in separate windows. Now without closing those windows, i just deleted all the mails. Later i saw a message window was opened, i clicked on it and evolution crashed. Program received signal SIGSEGV, Segmentation fault. 0xb7c1cc4d in match_content_type (info_ctype=0x0, ctype=0x8f4f120) at camel-folder-summary.c:5066 5066 if (!compare_strings (info_ctype->type, ctype->type)) (gdb) t a a bt
+ Trace 220036
Thread 1 (Thread 0xb6333760 (LWP 2766))
*** Bug 607282 has been marked as a duplicate of this bug. ***
*** Bug 607646 has been marked as a duplicate of this bug. ***
I am getting this crash often. Today i searched for a string, deleted mails from search results, evolution crashes as soon as i try to clear search. ==2009== Conditional jump or move depends on uninitialised value(s) ==2009== at 0x592CB20: re_compile_fastmap_iter (regcomp.c:326) ==2009== by 0x592D18D: re_compile_fastmap (regcomp.c:276) ==2009== by 0x592D9CA: regcomp (regcomp.c:512) ==2009== by 0x48C0CD1: mailing_list_init (camel-mime-utils.c:4516) ==2009== by 0x4DB00AF: pthread_once (pthread_once.S:122) ==2009== by 0x7C45968: imap_get_message (camel-imap-folder.c:3050) ==2009== by 0x43DA0B4: camel_folder_get_message (camel-folder.c:1107) ==2009== by 0x65DB122: get_message_exec (mail-ops.c:1858) ==2009== by 0x65D6A7E: mail_msg_proxy (mail-mt.c:459) ==2009== by 0x5817716: g_thread_pool_thread_proxy (gthreadpool.c:265) ==2009== by 0x5816093: g_thread_create_proxy (gthread.c:635) ==2009== by 0x4DAA6E4: start_thread (pthread_create.c:297) ==2009== ==2009== Thread 1: ==2009== Invalid read of size 4 ==2009== at 0x43D6FFD: match_content_type (camel-folder-summary.c:5066) ==2009== by 0x43D70D5: camel_folder_summary_guess_content_info (camel-folder-summary.c:5088) ==2009== by 0x65C53CE: efhd_attachment_button (em-format-html-display.c:813) ==2009== by 0x65C0996: efh_object_requested (em-format-html.c:1518) ==2009== by 0x45E4A0D: html_g_cclosure_marshal_BOOLEAN__OBJECT (htmlmarshal.c:81) ==2009== by 0x57721A1: g_closure_invoke (gclosure.c:767) ==2009== by 0x5787C65: signal_emit_unlocked_R (gsignal.c:3247) ==2009== by 0x5788EDF: g_signal_emit_valist (gsignal.c:2990) ==2009== by 0x1: ???
*** Bug 608278 has been marked as a duplicate of this bug. ***
0) Similar crash with evolution-2.29.6-1.fc13.i686 and evolution-data-server-2.29.6-1.fc13.i686 (current Fedora rawhide). Triggered by nothing in particular (ie, hopping around between messages). 1) backtrace (truncated): bt 6
+ Trace 220314
child = 0xb072f580 ci = <value optimized out> (gdb) print child->type $9 = (CamelContentType *) 0x0 (gdb) print ctype 3) This particular crash, at this particular location, could probably simply be avoided with some "([...] != NULL)" test, but since I'm not familiar at all with the context of match_content_type() I won't even bother. (Does it actually make sense for a (CamelContentType *) info_ctype->type to be NULL or is there some race condition or whatever?)
(In reply to comment #5) > 0) [...] Triggered by > nothing in particular (ie, hopping around between messages). 0) It feels like hopping between two messages each with an attachment triggers this. Can someone confirm?
(In reply to comment #6) > 0) It feels like hopping between two messages each with an attachment triggers > this. Can someone confirm? 0) More specifically, it seems triggered by just trying to render messages with a header like: Content-Disposition: inline; filename=foo but without headers like MIME-Version: [...] or Content-Type: [...] Does that make sense?
I get this crash every day two times at least :-(
Created attachment 152705 [details] [review] EDS patch Avoids the crash. But let chen decide on the issue. It is a regression because of this. http://git.gnome.org/browse/evolution/commit/?id=6a72dacb7db51cd0f6b84e9aefd248677c0ff4e0
Bharath, can u please check if its valid for ctype to be NULL there. And if its valid, please add the null check inside match_content_type. You could use the case which Paul has mentioned at comment #7.
OK, so the patch in bug #606316 isn't complete. I can reproduce this with a message received through IMAP, which has this structure: > Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp- > signature"; boundary="=-yqg7yh4yZiX3N+24Xr/J" > X-Mailer: Evolution 2.29.5 > > --=-yqg7yh4yZiX3N+24Xr/J > Content-Type: multipart/mixed; boundary="=-ta7ez+tFRV4KmE08invO" > > > --=-ta7ez+tFRV4KmE08invO > Content-Type: text/plain > Content-Transfer-Encoding: quoted-printable > >... when I export it and import it to a local store it has the second child->type properly set to multipart/mixed, but with the initial email with IMAP it has it set to NULL. It even doesn't seem to have the full message structure there, as with a local one. Thus two things, I would add a check for NULL as Bharath did, and have a look into the IMAP code.
Created attachment 153329 [details] sample message Import this to an IMAP folder in offline, then go online, let it re-fetch the message, and try to view it. It crashes for me this way.
Bharath, do you want to complete the patch or shall I take it over ?
Just to confirm there's still at least one message giving me this crash in 2.29.90 as well.
Comment on attachment 152705 [details] [review] EDS patch Committed the patch to avoid the crash. Will look into the second portion
OK, I looked around and it turned out that the mbox is not providing any content info, whereas IMAP is trying to provide at least something.The place the NULL is created is here for me (see it didn't get any headers): > #0 content_info_new_from_header (s=0x10eaab0, h=0x0) at camel-folder- > summary.c:3551 > #1 0x00007ffff6573286 in content_info_new_from_message (s=0x10eaab0, > mp=0xa6cd20) at camel-folder-summary.c:2996 > #2 0x00007ffff6576221 in summary_build_content_info_message (s=0x10eaab0, > msginfo=0x7fffbc03cc30, object=0xa6cd20) at camel-folder-summary.c:3961 > #3 0x00007ffff657652b in summary_build_content_info_message (s=0x10eaab0, > msginfo=0x7fffbc03cc30, object=0x7fffc8010000) at camel-folder-summary.c:4011 > #4 0x00007ffff6571836 in camel_folder_summary_info_new_from_message > (s=0x10eaab0, msg=0x7fffc8010000, > bodystructure=0x7fffa8073e80 "(((\"TEXT\" \"PLAIN\" NIL NIL NIL \"QUOTED- >PRINTABLE\" 16 1 NIL NIL NIL NIL)(\"TEXT\" \"X-PATCH\" (\"NAME\" \"evo.patch\" > \"CHARSET\" \"UTF-8\") NIL NIL \"BASE64\" 1904 26 NIL (\"attachment\" > (\"FILENAME\" \"evo.patch\")) NIL "...) at camel-folder-summary.c:2203 > #5 0x00007fffe94b789c in add_message_from_data (folder=0x13dd990, > messages=0x7fffa8083a40, first=54, data=0x7fffa8083b60) at camel- > imap-folder.c:3269 To be honest, I do not care as that much, thus I'm closing this for Bharath as fixed. Enjoy.
when is there going to be a new release? Using 2.29.90 resembles a game of Minesweeper - you never know which unread email is going to make Evolution explode...
It (2.29.91) was released yesterday. Built for F13 this morning. I'm not planing to update for Rawhide until 2.31, somehow.
ah, thanks. i'll grab the f13 build out of koji, just for my personal sanity...