After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 624335 - Abort after group-by-thread with certain sorting
Abort after group-by-thread with certain sorting
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
2.30.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: Milan Crha
Evolution QA team
: 626831 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2010-07-14 12:25 UTC by Milan Crha
Modified: 2010-08-13 17:09 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
evo patch (858 bytes, patch)
2010-07-14 13:19 UTC, Milan Crha 		committed Details | Review

Description Milan Crha 2010-07-14 12:25:13 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=597456

After quite large investigation with a reporter it turned out that having set sort options:
   follow up flag (descending)
   date (descending)
and turning on group-by-thread in the same folder leads to a crash. Namely:

*** glibc detected *** /build/local/bin/evolution: free(): invalid pointer: 0x01581a31 ***

gdb) bt

+ Trace 222842

  • #0 __kernel_vsyscall
  • #1 raise
    at ../nptl/sysdeps/unix/sysv/linux/raise.c line 64
  • #2 abort
    at abort.c line 92
  • #3 __libc_message
    at ../sysdeps/unix/sysv/linux/libc_fatal.c line 186
  • #4 malloc_printerr
    at malloc.c line 6264
  • #5 IA__g_free
    at gmem.c line 191
  • #6 ml_free_value
    at message-list.c line 1082
  • #7 free_message_info_data
    at message-list.c line 4226
  • #8 IA__g_hash_table_foreach
    at ghash.c line 1325
  • #9 ml_sort_uids_by_tree
    at message-list.c line 4296
  • #10 regen_list_exec
    at message-list.c line 4448
  • #11 mail_msg_proxy
    at mail-mt.c line 469
  • #12 g_thread_pool_thread_proxy
    at gthreadpool.c line 315
  • #13 g_thread_create_proxy
    at gthread.c line 1893
  • #14 start_thread
    at pthread_create.c line 297
  • #15 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 130 






Comment 1


Milan Crha





          2010-07-14 13:19:47 UTC
        



Created attachment 165878 [details] [review]
evo patch

for evolution;

It turned out that the values returned from ml_tree_value_at_ex aren't newly allocated data, thus they shouldn't be freed. The invalid pointer was an empty string constant, which really shouldn't be freed. I supposed the value is newly allocated memory because ml_tree_value_at_ex returns gpointer, not a gconstpointer, but it was obviously incorrect observation.






Comment 2


Milan Crha





          2010-07-14 13:33:35 UTC
        



Created commit 31128ea in evo master (2.31.6+)
Created commit 1dc0de3 in evo gnome-2-30 (2.30.3+)






Comment 3


Matthew Barnes





          2010-08-13 17:09:17 UTC
        



*** Bug 626831 has been marked as a duplicate of this bug. ***