Bug 629459 – Crash when searching in the calendar view

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 629459 - Crash when searching in the calendar view


Summary:	Crash when searching in the calendar view


Status:	RESOLVED DUPLICATE of bug 628522

Product:	evolution
Classification:	Applications
Component:	Calendar
Version:	2.32.x (obsolete)
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	evolution-calendar-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	629466 (view as bug list)
Depends on:
Blocks:

Reported:	2010-09-12 21:46 UTC by Thomas
Modified:	2013-09-13 01:04 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
proposed evo patch (636 bytes, patch) 2010-09-17 09:07 UTC, Milan Crha	rejected	Details \| Review

Description Thomas 2010-09-12 21:46:52 UTC

Just built and installed the latest master version (2.31.xx) on a vmware running
a daily snapshot of ubuntu maverick (Sep 6th).

I hoped those problems which I regularly observed with version 2.28.xx would 
have gone away, i.e. when searching in calendar view, entering different terms
in the search field, changing categories, switching view from week view to list view, sooner rather than later, evolution would segfault. Well, here is another
one:

(gdb) bt

+ Trace 223674

#0 can_break_at
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 3026
#1 can_break_in
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 3043
#2 process_line
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 3534
#3 pango_layout_check_lines
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 3850
#4 pango_layout_get_extents_internal
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 2431
#5 gtk_label_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtklabel.c line 3185
#6 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#7 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#8 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#9 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#10 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#11 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#12 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#13 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#14 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#15 gtk_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkbox.c line 280
#16 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#17 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#18 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#19 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#20 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#21 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#22 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#23 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#24 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#25 gtk_event_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkeventbox.c line 494
#26 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#27 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#28 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#29 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#30 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#31 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#32 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#33 compute_base_dimension
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 638
#34 compute_dimension
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 661
#35 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 817
#36 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#37 shell_sidebar_size_request
at ../../../evolution/shell/e-shell-sidebar.c line 248
#38 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#39 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#40 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#41 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#42 g_signal_emit_valist
#43 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#44 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#45 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#46 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#47 gtk_notebook_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtknotebook.c line 1891
#48 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#49 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#50 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#51 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#52 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#53 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#54 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#55 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#56 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#57 shell_switcher_size_request
at ../../../evolution/shell/e-shell-switcher.c line 264
#58 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#59 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#60 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#61 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#62 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#63 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#64 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#65 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#66 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#67 gtk_paned_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkpaned.c line 768
#68 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#69 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#70 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#71 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#72 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#73 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#74 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#75 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#76 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#77 gtk_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkbox.c line 280
#78 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#79 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#80 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#81 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#82 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#83 g_signal_emit_by_name
#84 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#85 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#86 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#87 gtk_window_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 4985
#88 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#89 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#90 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#91 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#92 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#93 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#94 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#95 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#96 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#97 gtk_window_compute_configure_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 5859
#98 gtk_window_move_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 6071
#99 gtk_window_check_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 5425
#100 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 79
#101 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#102 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#103 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3290
#104 g_signal_emit_valist
#105 g_signal_emit
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3040
#106 IA__gtk_container_check_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkcontainer.c line 1445
#107 gtk_container_idle_sizer
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkcontainer.c line 1370
#108 gdk_threads_dispatch
at /build/buildd/gtk+2.0-2.21.7/gdk/gdk.c line 512
#109 g_idle_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 4224
#110 g_main_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2119
#111 g_main_context_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2672
#112 g_main_context_iterate
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2750
#113 g_main_loop_run
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2958
#114 IA__gtk_main
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmain.c line 1237
#115 main
at ../../../evolution/shell/main.c line 644

(gdb) pwd
Working directory /home/tom.
(gdb) gcore
Saved corefile core.6300

Comment 1 Felipe Besoaín Pino 2010-09-13 00:46:33 UTC

*** Bug 629466 has been marked as a duplicate of this bug. ***

Comment 2 Akhil Laddha 2010-09-13 03:56:23 UTC

looks related to bug 628497

Comment 3 Milan Crha 2010-09-17 09:04:59 UTC

Valgrind found this issue for me, and it seems related, like evo causing memory corruption and crash in another module. Akhil's bug maybe just another result of the same reason.

==10711== Invalid read of size 4
==10711==    at 0x43109A7: e_bit_array_delete_real (e-bit-array.c:99)
==10711==    by 0x4310AF5: e_bit_array_delete (e-bit-array.c:128)
==10711==    by 0x41C5E00: e_selection_model_array_delete_rows (e-selection-model-array.c:81)
==10711==    by 0x40FC86C: model_rows_deleted (e-table-selection-model.c:163)
==10711==    by 0x431EAEE: e_marshal_VOID__INT_INT (e-marshal.c:1016)
==10711==    by 0x47128DC: g_closure_invoke (gclosure.c:766)
==10711==    by 0x472A96B: signal_emit_unlocked_R (gsignal.c:3252)
==10711==    by 0x4729CBA: g_signal_emit_valist (gsignal.c:2983)
==10711==    by 0x4729FA6: g_signal_emit (gsignal.c:3040)
==10711==    by 0x40FB065: e_table_model_rows_deleted (e-table-model.c:584)
==10711==    by 0x5F391CD: redo_queries (e-cal-model.c:2364)
==10711==    by 0x5F39696: e_cal_model_set_search_query (e-cal-model.c:2450)
==10711==  Address 0x6c6afdc is 0 bytes after a block of size 4 alloc'd
==10711==    at 0x4005CD2: realloc (vg_replace_malloc.c:476)
==10711==    by 0x479EAF9: g_realloc (gmem.c:181)
==10711==    by 0x479EE46: g_realloc_n (gmem.c:314)
==10711==    by 0x4310A5C: e_bit_array_delete_real (e-bit-array.c:113)
==10711==    by 0x4310AF5: e_bit_array_delete (e-bit-array.c:128)
==10711==    by 0x41C5E00: e_selection_model_array_delete_rows (e-selection-model-array.c:81)
==10711==    by 0x40FC86C: model_rows_deleted (e-table-selection-model.c:163)
==10711==    by 0x431EAEE: e_marshal_VOID__INT_INT (e-marshal.c:1016)
==10711==    by 0x47128DC: g_closure_invoke (gclosure.c:766)
==10711==    by 0x472A96B: signal_emit_unlocked_R (gsignal.c:3252)
==10711==    by 0x4729CBA: g_signal_emit_valist (gsignal.c:2983)
==10711==    by 0x4729FA6: g_signal_emit (gsignal.c:3040)

Comment 4 Milan Crha 2010-09-17 09:07:08 UTC

Created attachment 170465 [details] [review]
proposed evo patch

for evolution;

Thomas, could you apply this patch and give it a try, please? While I was able to reproduce a similar crash without this patch, I'm not able to reproduce it with it, but it's possible I didn't try enough. Thanks in advance.

Comment 5 Milan Crha 2010-09-17 10:21:56 UTC

*** Bug 628522 has been marked as a duplicate of this bug. ***

Comment 6 David Woodhouse 2010-09-17 11:11:01 UTC

I don't think the trace in comment #3 is going to be causing memory corruption. That happens when shrinking an e-bit-array by deleting from the middle, and it's only *reading* from off the end of the array; copying bit N+1 into bit N when the array is only N bits long.

It's an off-by-one in the copying, which I think is better fixed like this:

--- a/e-util/e-bit-array.c
+++ b/e-util/e-bit-array.c
@@ -78,7 +78,7 @@ e_bit_array_delete_real (EBitArray *eba, gint row, gboolean move_selection_mode)
        if (eba->bit_count >= 0) {
                guint32 bitmask;
                box = row >> 5;
-               last = eba->bit_count >> 5;
+               last = (eba->bit_count - 1) >> 5;
 
                /* Build bitmasks for the left and right half of the box */
                bitmask = BITMASK_RIGHT (row) >> 1;

I don't think the patch in comment #4 is the best approach -- if you have a bug which causes you to read off the end of the array, it's better to *fix* that bug rather than deliberately making the array larger than it needs to be.

And I don't think *any* of this is actually relevant to the originally-reported bug, so I'll file the patch against bug 628522 which was opened specifically for the e-bit-array problem.

Comment 7 Milan Crha 2010-09-17 13:00:48 UTC

(In reply to comment #6)
> I don't think the patch in comment #4 is the best approach -- if you have a bug
> which causes you to read off the end of the array, it's better to *fix* that
> bug rather than deliberately making the array larger than it needs to be.

Yes, I obviously overlooked that, and it seemed to me that the rest of the EBitArray expected a "bit_count + 1" array size.

I'm obsoleting my "patch" in a favour of yours in bug #628522 and I'm reopening it.

Thomas, could you try with the latest patch from bug #628522, please? Thanks in advance.

Comment 8 Thomas 2010-09-17 21:50:13 UTC

(In reply to comment #7)
> (In reply to comment #6)
> > I don't think the patch in comment #4 is the best approach -- if you have a bug
> > which causes you to read off the end of the array, it's better to *fix* that
> > bug rather than deliberately making the array larger than it needs to be.
> 
> Yes, I obviously overlooked that, and it seemed to me that the rest of the
> EBitArray expected a "bit_count + 1" array size.
> 
> I'm obsoleting my "patch" in a favour of yours in bug #628522 and I'm reopening
> it.
> 
> Thomas, could you try with the latest patch from bug #628522, please? Thanks in
> advance.

Yes, will test it both on the new 2.32 version and on my "ancient" 2.28.

Comment 9 Thomas 2010-09-17 21:58:38 UTC

(In reply to comment #8)
> (In reply to comment #7)
> > (In reply to comment #6)
> > > I don't think the patch in comment #4 is the best approach -- if you have a bug
> > > which causes you to read off the end of the array, it's better to *fix* that
> > > bug rather than deliberately making the array larger than it needs to be.
> > 
> > Yes, I obviously overlooked that, and it seemed to me that the rest of the
> > EBitArray expected a "bit_count + 1" array size.
> > 
> > I'm obsoleting my "patch" in a favour of yours in bug #628522 and I'm reopening
> > it.
> > 
> > Thomas, could you try with the latest patch from bug #628522, please? Thanks in
> > advance.
> 
> Yes, will test it both on the new 2.32 version and on my "ancient" 2.28.

My tests with the 2.32 version repeatedly caused that hang in _xcb_conn_wait in library libxcb1. See https://bugzilla.gnome.org/show_bug.cgi?id=627620#c11. Here is the stack trace. Please tell me if I should file a separate bug.


(gdb) bt

+ Trace 223773

#0 ??
#1 poll
from /lib/libc.so.6
#2 _xcb_conn_wait
at ../../src/xcb_conn.c line 316
#3 xcb_wait_for_reply
at ../../src/xcb_in.c line 390
#4 _XReply
from /usr/lib/libX11.so.6
#5 XGetWindowProperty
from /usr/lib/libX11.so.6
#6 IA__gdk_selection_property_get
at /build/buildd/gtk+2.0-2.21.7/gdk/x11/gdkselection-x11.c line 297
#7 _gtk_selection_notify
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkselection.c line 2709
#8 _gtk_marshal_BOOLEAN__BOXED
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmarshalers.c line 86
#9 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#10 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#11 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3290
#12 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2993
#13 g_signal_emit
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3040
#14 gtk_widget_event_internal
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 4983
#15 IA__gtk_main_do_event
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmain.c line 1619
#16 gdk_event_dispatch
at /build/buildd/gtk+2.0-2.21.7/gdk/x11/gdkevents-x11.c line 2377
#17 g_main_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2119
#18 g_main_context_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2672
#19 g_main_context_iterate
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2750
#20 g_main_loop_run
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2958
#21 IA__gtk_main
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmain.c line 1237
#22 main
at /home/tom/src/evolution/evolution/shell/main.c line 671

Comment 10 Thomas 2010-09-17 22:13:41 UTC

(In reply to comment #9)
> (In reply to comment #8)
> > (In reply to comment #7)
> > > (In reply to comment #6)

> > > Thomas, could you try with the latest patch from bug #628522, please? 

Looks good, so far. On both machines.

Comment 11 Milan Crha 2010-09-20 06:38:00 UTC

(In reply to comment #9)
> My tests with the 2.32 version repeatedly caused that hang in _xcb_conn_wait
> in library libxcb1.
> See https://bugzilla.gnome.org/show_bug.cgi?id=627620#c11.
> Here is the stack trace. Please tell me if I should file a separate bug.

We can deal with it in bug #627620, as you have it filled there.

(In reply to comment #10)
> > > > Thomas, could you try with the latest patch from bug #628522, please? 
> 
> Looks good, so far. On both machines.

Thanks, good, so I'm marking this as a duplicate of that bug.

*** This bug has been marked as a duplicate of bug 628522 ***

Comment 12 David Woodhouse 2010-09-20 08:18:03 UTC

I still don't see how the trace which was given when this bug was originally filed could possibly be caused by bug 628522. But 628522 doesn't cause memory corruption -- the only crash it could cause would be *in* e_bit_array_delete_real() as it tries to read from the word after the end of the array.

Thomas, please could you confirm that you can reliably reproduce the crash you first reported in trace 223674, and that it goes away when you apply the patch from bug 628522 and nothing more?

Comment 13 Thomas 2010-09-20 09:24:12 UTC

(In reply to comment #12)
> I still don't see how the trace which was given when this bug was originally
> filed could possibly be caused by bug 628522. But 628522 doesn't cause memory
> corruption -- the only crash it could cause would be *in*
> e_bit_array_delete_real() as it tries to read from the word after the end of
> the array.
> 
> Thomas, please could you confirm that you can reliably reproduce the crash you
> first reported in trace 223674, and that it goes away when you apply the patch
> from bug 628522 and nothing more?

Yes. I can confirm that now with version 2.32. Reverted the patch and it crashed
in pango-layout.c, one time with a slightly different stack trace, though, which follows. But I could definitely reproduce it and it goes away with the patch applied.

(gdb) bt

+ Trace 223817

#0 pango_context_get_base_dir
at /build/buildd/pango1.0-1.28.1/pango/pango-context.c line 425
#1 pango_layout_check_lines
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 3764
#2 pango_layout_get_extents_internal
at /build/buildd/pango1.0-1.28.1/pango/pango-layout.c line 2431
#3 gtk_label_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtklabel.c line 3185
#4 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#5 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#6 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#7 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#8 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#9 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#10 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#11 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#12 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#13 gtk_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkbox.c line 280
#14 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#15 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#16 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#17 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#18 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#19 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#20 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#21 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#22 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#23 gtk_event_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkeventbox.c line 494
#24 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#25 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#26 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#27 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#28 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#29 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#30 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#31 compute_base_dimension
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 638
#32 compute_dimension
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 661
#33 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 817
#34 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#35 shell_sidebar_size_request
at /home/tom/src/evolution/evolution/shell/e-shell-sidebar.c line 248
#36 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#37 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#38 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#39 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#40 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#41 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#42 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#43 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#44 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#45 gtk_notebook_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtknotebook.c line 1891
#46 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#47 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#48 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#49 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#50 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#51 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#52 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#53 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#54 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#55 shell_switcher_size_request
at /home/tom/src/evolution/evolution/shell/e-shell-switcher.c line 264
#56 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#57 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#58 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#59 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#60 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#61 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#62 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#63 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#64 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#65 gtk_paned_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkpaned.c line 768
#66 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#67 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#68 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#69 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#70 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#71 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#72 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#73 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#74 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#75 gtk_box_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkbox.c line 280
#76 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#77 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#78 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#79 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#80 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#81 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#82 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#83 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#84 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#85 gtk_window_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 4985
#86 g_cclosure_marshal_VOID__BOXED
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 568
#87 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#88 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#89 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3182
#90 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#91 g_signal_emit_by_name
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3077
#92 do_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 628
#93 _gtk_size_group_compute_requisition
at /build/buildd/gtk+2.0-2.21.7/gtk/gtksizegroup.c line 828
#94 IA__gtk_widget_size_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwidget.c line 3907
#95 gtk_window_compute_configure_request
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 5859
#96 gtk_window_move_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 6071
#97 gtk_window_check_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkwindow.c line 5425
#98 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.25.15/gobject/gmarshal.c line 79
#99 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 877
#100 g_closure_invoke
at /build/buildd/glib2.0-2.25.15/gobject/gclosure.c line 766
#101 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3290
#102 g_signal_emit_valist
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 2983
#103 g_signal_emit
at /build/buildd/glib2.0-2.25.15/gobject/gsignal.c line 3040
#104 IA__gtk_container_check_resize
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkcontainer.c line 1445
#105 gtk_container_idle_sizer
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkcontainer.c line 1370
#106 gdk_threads_dispatch
at /build/buildd/gtk+2.0-2.21.7/gdk/gdk.c line 512
#107 g_idle_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 4224
#108 g_main_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2119
#109 g_main_context_dispatch
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2672
#110 g_main_context_iterate
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2750
#111 g_main_loop_run
at /build/buildd/glib2.0-2.25.15/glib/gmain.c line 2958
#112 IA__gtk_main
at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmain.c line 1237
#113 main
at /home/tom/src/evolution/evolution/shell/main.c line 671

Comment 14 Fabio Durán Verdugo 2010-10-01 13:54:36 UTC

*** Bug 631089 has been marked as a duplicate of this bug. ***