Bug 270844 – too large tasks crash evolution

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 270844 - too large tasks crash evolution


Summary:	too large tasks crash evolution


Status:	RESOLVED FIXED

Product:	GtkHtml
Classification:	Other
Component:	API
Version:	3.7.x
Hardware:	Other All

Importance:	High major
Target Milestone:	2.3
Assigned To:	evolution-calendar-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	273784 313240 318841 (view as bug list)
Depends on:
Blocks:

Reported:	2004-12-28 13:39 UTC by Andreas Faust
Modified:	2006-01-20 22:51 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Andreas Faust 2004-12-28 13:39:27 UTC

Distribution: Gentoo Base System version 1.6.8
Package: Evolution
Priority: Blocker
Version: GNOME2.8.1 2.0.2
Gnome-Distributor: Gentoo Linux
Synopsis: to large tasks crash evolution
Bugzilla-Product: Evolution
Bugzilla-Component: Tasks
Bugzilla-Version: 2.0.2
BugBuddy-GnomeVersion: 2.0 (2.8.0)
Description:
Description of the crash:
If I try to access large task, evolution crashes

Steps to reproduce the crash:
1.  Create large Task
2. Try to save it
3. --- BANG ---

Expected Results:
Not to die

How often does this happen?
always

Additional Information:
had saved a small shellscript (~20-30 lines)  in a task


Debugging Information:

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 10338)]
[New Thread 32769 (LWP 10343)]
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 10338)]
[New Thread 32769 (LWP 10343)]
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 10338)]
[New Thread 32769 (LWP 10343)]
[New Thread 16386 (LWP 10344)]
0xb742e34b in waitpid () from /lib/libpthread.so.0

+ Trace 53920

Thread 1 (Thread 16384 (LWP 10338))

#0 waitpid
from /lib/libpthread.so.0
#1 ??
from /usr/lib/libgnomeui-2.so.0
#2 ??
#3 libgnomeui_segv_handle
from /usr/lib/libgnomeui-2.so.0
#4 segv_redirect
#5 __pthread_sighandler
from /lib/libpthread.so.0
#6 <signal handler called>
#7 strlen
from /lib/libc.so.6
#8 vfprintf
from /lib/libc.so.6
#9 vsnprintf
from /lib/libc.so.6
#10 g_printf_string_upper_bound
from /usr/lib/libglib-2.0.so.0
#11 gtk_html_stream_vprintf
from /usr/lib/libgtkhtml-3.1.so.11
#12 gtk_html_stream_printf
from /usr/lib/libgtkhtml-3.1.so.11
#13 write_html
from /usr/lib/evolution/2.0/components/libevolution-calendar.so
#14 e_cal_component_preview_display
from /usr/lib/evolution/2.0/components/libevolution-calendar.so
#15 table_cursor_change_cb
from /usr/lib/evolution/2.0/components/libevolution-calendar.so
#16 g_cclosure_marshal_VOID
from /usr/lib/libgobject-2.0.so.0
#17 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#18 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#19 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#20 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#21 group_cursor_change
from /usr/lib/libgal-2.2.so.1
#22 g_cclosure_marshal_VOID
from /usr/lib/libgobject-2.0.so.0
#23 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#24 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#25 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#26 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#27 e_table_group_cursor_change
from /usr/lib/libgal-2.2.so.1
#28 etgl_cursor_change
from /usr/lib/libgal-2.2.so.1
#29 g_cclosure_marshal_VOID
from /usr/lib/libgobject-2.0.so.0
#30 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#31 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#32 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#33 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#34 eti_cursor_change
from /usr/lib/libgal-2.2.so.1
#35 e_marshal_VOID__INT_INT
from /usr/lib/libgal-2.2.so.1
#36 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#37 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#38 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#39 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#40 e_selection_model_do_something
from /usr/lib/libgal-2.2.so.1
#41 e_selection_model_maybe_do_something
from /usr/lib/libgal-2.2.so.1
#42 eti_event
from /usr/lib/libgal-2.2.so.1
#43 gnome_canvas_marshal_BOOLEAN__BOXED
from /usr/lib/libgnomecanvas-2.so.0
#44 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#45 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#46 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#47 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#48 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#49 emit_event
from /usr/lib/libgal-2.2.so.1
#50 e_canvas_button
from /usr/lib/libgal-2.2.so.1
#51 _gtk_marshal_BOOLEAN__BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#52 g_type_class_meta_marshal
from /usr/lib/libgobject-2.0.so.0
#53 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#54 signal_emit_unlocked_R
from /usr/lib/libgobject-2.0.so.0
#55 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#56 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#57 gtk_widget_event_internal
from /usr/lib/libgtk-x11-2.0.so.0
#58 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#59 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#60 gdk_event_dispatch
from /usr/lib/libgdk-x11-2.0.so.0
#61 g_main_dispatch
from /usr/lib/libglib-2.0.so.0
#62 g_main_context_iterate
from /usr/lib/libglib-2.0.so.0
#63 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#64 bonobo_main
from /usr/lib/libbonobo-2.so.0
#65 main
#0 waitpid
from /lib/libpthread.so.0




Unknown reporter: a.faust@gmx.net, changed to bugbuddy-import@ximian.com.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Gerardo Marin 2004-12-28 20:15:29 UTC

Seems to work for me in 2.0.3

Comment 2 Andreas Faust 2004-12-28 21:09:19 UTC

This was the content of the Task:

BEGIN:VTODO
UID:20041117T144224Z-6671-100-8059-8@workon.fbit
DTSTAMP:20040831T120353Z
SUMMARY:purge
CLASS:PUBLIC
PERCENT-COMPLETE:0
PRIORITY:0
SEQUENCE:2
LAST-MODIFIED:20041209T113024
CREATED:20041117T144224
DESCRIPTION:7.5 How can I purge an object from my cache?\n\nSquid does
 not allow you to purge objects unless it is configured with access
 controls in squid.conf. First you must add something like\n\n        acl
 PURGE method PURGE\n        acl localhost src 127.0.0.1\n
 http_access allow PURGE localhost\n        http_access deny PURGE\n\nThe
 above only allows purge requests which come from the local host and
 denies all other purge requests.\n\nTo purge an object\, you can use the
 squidclient program:\n\n        squidclient -m PURGE http:
 //www.miscreant.com/\n\nIf the purge was successful\, you will see a
 ``200 OK'' response:\n\n        HTTP/1.0 200 OK\n        Date: Thu\, 17
 Jul 1997 16:03:32 GMT\n        Server: Squid/1.1.14\n\nIf the object was
 not found in the cache\, you will see a ``404 Not Found'' response:\n\n
      HTTP/1.0 404 Not Found\n        Date: Thu\, 17 Jul 1997 16:03:22
 GMT\n        Server: Squid/1.1.14\n\n#!/bin/bash\n\nif [ -z \"$1\"
 ]\nthen\n  echo Usage `basename $0 ` hostname\n  exit\nfi\n\nif [ \"`echo
 \"$1\" | grep : `\" != \"\" ]\nthen\n  host=\"`echo \"$1 | cut -f3
 -d\"/\"`\"\nelse\n  host=$1\nfi\n\nprintf \"PURGE http://%s/
 HTTP/1.0\\n\\n\" \"$host\" >/dev/tcp/localhost/3128\n\nif [ \"`grep
 \"PURGE http://$host\" /var/secenv/squid/log/access.log | grep
 TCP_MISS`\" != \"\" ]\nthen\n  echo Purged \"$host\"\nelse\n  echo Purge
 $host failed\nfi\n\n
END:VTODO

Comment 3 C Shilpa 2005-03-31 14:04:36 UTC

Reproduceable in 2.2.x

Comment 4 Chenthill P 2005-06-03 11:30:48 UTC

Seems like a gtkhtml bug.

Comment 5 Chenthill P 2005-06-03 11:45:34 UTC

Moving it to GtkHtml

Comment 6 Poornima 2005-06-10 09:42:47 UTC

*** Bug 273784 has been marked as a duplicate of this bug. ***

Comment 7 Poornima 2005-06-10 09:43:40 UTC

*** Bug 306215 has been marked as a duplicate of this bug. ***

Comment 8 Kaushal Kumar 2005-07-14 07:17:47 UTC

I do not get a crash on large tasks. However, I do get a crash for the
particular task attached above.

Comment 9 Kaushal Kumar 2005-07-14 12:47:23 UTC

The crash in function g_printf_string_upper_bound used to happen while handling
positional parameters in pre-2-2 glib. The current versions do not have this
problem.

I do not find anything askew in gtkhtml function calling the
g_printf_string_upper_bound. It could be due to some invalid values being passed
to it from write_html (which is called by e_cal_component_preview_display). 

I compiled evolution/calendar/gui without the optimizations. Then, the same task
file attached above (summary: purge) is displayed without any problems.

Evolution calender maintainers: any clues why it is working with evolution's
optimization turned off ? Is write_html passing some incorrect values? The
reason for my doubt is the code that handles these values in gtkhtml is pretty
much stock as it makes direct glib calls and does not play around with the data.

Comment 10 Krishnan R 2005-07-22 06:06:45 UTC

I don't think this is a blocker.  Large tasks are not regular scenarios. 
Changing it to 'Major' with "high" priority.

Comment 11 Chenthill P 2005-08-07 22:49:57 UTC

Moving it to tasks component.

Comment 12 Sushma Rai 2005-08-13 05:56:30 UTC

*** Bug 313240 has been marked as a duplicate of this bug. ***

Comment 13 Sushma Rai 2005-08-13 06:47:46 UTC

Moving to gtkhtml, I guess this needs to be moved to glib.

Comment 14 Kaushal Kumar 2005-08-16 04:18:48 UTC

Fixed.

Comment 15 André Klapper 2006-01-20 22:51:04 UTC

*** Bug 318841 has been marked as a duplicate of this bug. ***