Bug 628940 – crash in camel_folder_change_info_changed()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 628940 - crash in camel_folder_change_info_changed()


Summary:	crash in camel_folder_change_info_changed()


Status:	RESOLVED DUPLICATE of bug 628426

Product:	evolution-data-server
Classification:	Platform
Component:	Mailer
Version:	2.32.x (obsolete)
Hardware:	Other Linux

Importance:	High critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:	evolution[imapx]

Depends on:
Blocks:

Reported:	2010-09-07 08:51 UTC by David Woodhouse
Modified:	2013-09-14 16:53 UTC

See Also:
GNOME target:	---
GNOME version:	2.29/2.30

Description David Woodhouse 2010-09-07 08:51:54 UTC

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa35fe710 (LWP 10466)]
0x00007ffff634de44 in camel_folder_change_info_changed (info=0x107ccf0) at camel-folder.c:2891
2891		return (info->uid_added->len || info->uid_removed->len || info->uid_changed->len || info->uid_recent->len);
Missing separate debuginfos, use: debuginfo-install GConf2-2.28.1-1.fc13.x86_64 ORBit2-2.14.18-1.fc13.x86_64 PackageKit-gtk-module-0.6.6-1.fc13.x86_64 cyrus-sasl-lib-2.1.23-11.fc13.x86_64 db4-4.8.30-1.fc13.x86_64 dbus-glib-0.86-4.fc13.x86_64 enchant-1.6.0-1.fc13.x86_64 expat-2.0.1-10.fc13.x86_64 gnome-desktop-2.30.0-3.fc13.x86_64 gnutls-2.8.6-2.fc13.x86_64 gstreamer-0.10.30-1.fc13.x86_64 gtk2-engines-2.20.1-1.fc13.x86_64 gtkimageview-1.6.3-2.fc12.x86_64 gvfs-1.6.2-1.fc13.x86_64 ibus-gtk-1.3.7-1.fc13.x86_64 ibus-libs-1.3.7-1.fc13.x86_64 keyutils-libs-1.2-6.fc12.x86_64 krb5-libs-1.7.1-10.fc13.x86_64 libICE-1.0.6-2.fc13.x86_64 libSM-1.1.0-7.fc12.x86_64 libXau-1.0.5-1.fc12.x86_64 libcanberra-0.24-1.fc13.x86_64 libcanberra-gtk2-0.24-1.fc13.x86_64 libcom_err-1.41.10-7.fc13.x86_64 libgdata-0.6.4-1.fc13.x86_64 libgnome-keyring-2.30.1-1.fc13.x86_64 libnotify-0.5.0-1.fc13.x86_64 libogg-1.2.0-1.fc13.x86_64 libproxy-0.3.1-4.fc13.x86_64 libsoup-2.30.1-1.fc13.x86_64 libtdb-1.2.1-2.fc13.x86_64 libtool-ltdl-2.2.6-20.fc13.x86_64 libudev-153-3.fc13.x86_64 libuuid-2.17.2-8.fc13.x86_64 libvorbis-1.3.1-1.fc13.x86_64 libxcb-1.5-1.fc13.x86_64 libxml2-2.7.7-1.fc13.x86_64 nspr-4.8.4-2.fc13.x86_64 nss-3.12.6-12.fc13.x86_64 nss-softokn-3.12.6-3.fc13.x86_64 nss-softokn-freebl-3.12.6-3.fc13.x86_64 nss-sysinit-3.12.6-12.fc13.x86_64 nss-util-3.12.6-1.fc13.x86_64 openldap-2.4.21-10.fc13.x86_64 openssl-1.0.0a-1.fc13.x86_64 pixman-0.18.0-1.fc13.x86_64 sqlite-3.6.22-1.fc13.x86_64 startup-notification-0.10-4.fc13.x86_64 unique-1.1.6-1.fc13.x86_64 xcb-util-0.3.6-1.fc12.x86_64
(gdb) p info
$1 = (CamelFolderChangeInfo *) 0x107ccf0
(gdb) p info->uid_added
$2 = (GPtrArray *) 0x7fff98003f00
(gdb) p info->uid_removed
$3 = (GPtrArray *) 0x0
(gdb) p info->uid_recent
$4 = (GPtrArray *) 0x1265cc0

Comment 1 David Woodhouse 2010-09-07 08:53:02 UTC

+ Trace 223572

#0 camel_folder_change_info_changed
at camel-folder.c line 2891
#1 camel_imapx_server_refresh_info
at camel-imapx-server.c line 5166
#2 imapx_refresh_info
at camel-imapx-folder.c line 174
#3 camel_folder_refresh_info
at camel-folder.c line 1156
#4 refresh_folders_exec
at mail-send-recv.c line 912
#5 mail_msg_proxy
at mail-mt.c line 469
#6 g_thread_pool_thread_proxy
at gthreadpool.c line 314
#7 g_thread_create_proxy
at gthread.c line 1897
#8 start_thread
at pthread_create.c line 301
#9 clone
at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 115

Comment 2 David Woodhouse 2010-09-07 08:58:45 UTC

This'll be caused by the patch for bug 628426

==13856== Invalid read of size 4
==13856==    at 0x669EE5C: camel_folder_change_info_changed (camel-folder.c:2891)
==13856==    by 0x1A2645E2: camel_imapx_server_refresh_info (camel-imapx-server.c:5166)
==13856==    by 0x1A26302B: imapx_refresh_info (camel-imapx-folder.c:174)
==13856==    by 0x66A2F29: camel_folder_refresh_info (camel-folder.c:1156)
==13856==    by 0xF17E1C5: refresh_folders_exec (mail-send-recv.c:912)
==13856==    by 0xF1775C7: mail_msg_proxy (mail-mt.c:469)
==13856==    by 0x3D3D668EC3: g_thread_pool_thread_proxy (gthreadpool.c:314)
==13856==    by 0x3D3D666745: g_thread_create_proxy (gthread.c:1897)
==13856==    by 0x359B007760: start_thread (pthread_create.c:301)
==13856==    by 0x359A8E14EC: clone (clone.S:115)
==13856==  Address 0x27370cb8 is 8 bytes inside a block of size 32 free'd
==13856==    at 0x4A04D72: free (vg_replace_malloc.c:325)
==13856==    by 0x3D3D645DC2: g_free (gmem.c:204)
==13856==    by 0x3D3D65CB50: g_slice_free1 (gslice.c:901)
==13856==    by 0x3D3D617537: g_ptr_array_free (garray.c:953)
==13856==    by 0x669EFE7: camel_folder_change_info_free (camel-folder.c:2950)
==13856==    by 0x1A269928: imapx_command_step_fetch_done (camel-imapx-server.c:3561)
==13856==    by 0x1A26C187: imapx_step (camel-imapx-server.c:1906)
==13856==    by 0x1A26D41A: parse_contents (camel-imapx-server.c:4580)
==13856==    by 0x1A26D84A: imapx_parser_thread (camel-imapx-server.c:4647)
==13856==    by 0x3D3D666745: g_thread_create_proxy (gthread.c:1897)
==13856==    by 0x359B007760: start_thread (pthread_create.c:301)
==13856==    by 0x359A8E14EC: clone (clone.S:115)

Comment 3 David Woodhouse 2010-09-07 17:49:30 UTC

Oops, commits 339aef2d and 35d9577 refer to this bug when they should refer to bug 628977.

Stupid dwmw2; no biscuit.

Comment 4 Akhil Laddha 2010-09-08 05:19:40 UTC

Just got a same crash on starting evolution. I have evolution 2.31.92.

Comment 5 Milan Crha 2010-09-08 09:41:35 UTC

I'm marking this as a duplicate of the older bug, because it caused it.

*** This bug has been marked as a duplicate of bug 628426 ***