Bug 312854 – Evolution will hang while renaming folders twice for exchange

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 312854 - Evolution will hang while renaming folders twice for exchange


Summary:	Evolution will hang while renaming folders twice for exchange


Status:	RESOLVED FIXED

Product:	Evolution Exchange
Classification:	Deprecated
Component:	Connector
Version:	2.10.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Connector Maintainer
QA Contact:	Ximian Connector QA

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2005-08-08 06:25 UTC by Arunprakash
Modified:	2007-06-15 04:55 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Proposed patch (669 bytes, patch) 2007-06-14 19:38 UTC, Matthew Barnes	committed	Details \| Review

Description Arunprakash 2005-08-08 06:25:17 UTC

Please describe the problem:


Steps to reproduce:
1. Rename a folder.
2. Again try to rename the folder.
3. Evolution will hang.


Actual results:
In the evolution-exchange-storage process, "*** glibc detected *** corrupted
double-linked list: 0x41785838 ***
" gets printed.

Expected results:


Does this happen every time?
yes

Other information:

Comment 1 Sarfraaz Ahmed 2005-08-11 18:31:23 UTC

Start exchange process in gdb and u should be able to get the traces when this
happens.

Comment 2 Arunprakash 2005-09-14 05:30:10 UTC

+ Trace 62994

Thread 1 (Thread -1234942848 (LWP 4672))

#0 mallopt
from /lib/tls/libc.so.6
#1 mallopt
from /lib/tls/libc.so.6
#2 mallopt
from /lib/tls/libc.so.6
#3 realloc
from /lib/tls/libc.so.6
#4 IA__g_realloc
at gmem.c line 170
#5 g_string_maybe_expand
at gstring.c line 264
#6 IA__g_string_insert_len
at gstring.c line 504
#7 IA__g_string_append
at gstring.c line 533
#8 search_xml
at e2k-context.c line 1755
#9 e2k_context_search_start
at e2k-context.c line 1903
#10 e_folder_exchange_search_start
at e-folder-exchange.c line 683
#11 scan_subtree
at exchange-hierarchy-webdav.c line 715
#12 exchange_hierarchy_scan_subtree
at exchange-hierarchy.c line 319
#13 exchange_account_rescan_tree
at exchange-account.c line 343
#14 get_folder_info
at mail-stub-exchange.c line 2274
#15 connection_handler
at mail-stub.c line 327
#16 g_io_unix_dispatch
at giounix.c line 162
#17 g_main_dispatch
at gmain.c line 1934
#18 IA__g_main_context_dispatch
at gmain.c line 2484
#19 g_main_context_iterate
at gmain.c line 2565
#20 IA__g_main_loop_run
at gmain.c line 2769
#21 bonobo_main
at bonobo-main.c line 312
#22 main
at main.c line 220
#0 mallopt
from /lib/tls/libc.so.6

Comment 3 Arunprakash 2005-09-14 15:16:33 UTC

Re-opening with traces.

Comment 4 C Shilpa 2005-11-09 08:44:15 UTC

replicable even with evolution-2.5.1. Here is the stack trace:

+ Trace 63967

Thread 1 (Thread 1099506496 (LWP 7270))

#0 ??
#1 ??
#2 ??
#3 ??
#4 __read_nocancel
from /lib/tls/libpthread.so.0
#5 do_read
at camel-stub-marshal.c line 90
#6 marshal_read
at camel-stub-marshal.c line 117
#7 marshal_getc
at camel-stub-marshal.c line 149
#8 decode_uint32
at camel-stub-marshal.c line 177
#9 camel_stub_marshal_decode_uint32
at camel-stub-marshal.c line 262
#10 stub_send_internal
at camel-stub.c line 308
#11 camel_stub_send
at camel-stub.c line 493
#12 exchange_rename_folder
at camel-exchange-store.c line 813
#13 camel_store_rename_folder
at camel-store.c line 486
#14 em_folder_utils_rename_folder
at em-folder-utils.c line 542
#15 emft_popup_rename_folder
at em-folder-tree.c line 2011
#16 ep_activate
at e-popup.c line 303
#17 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#18 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#19 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#20 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#21 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#22 gtk_widget_activate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#23 gtk_menu_shell_activate_item
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#24 gtk_menu_shell_activate_item
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#25 gtk_menu_reorder_child
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#26 gtk_marshal_VOID__UINT_STRING
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#27 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#28 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#29 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#30 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#31 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#32 gtk_widget_activate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#33 gtk_propagate_event
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#34 gtk_main_do_event
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#35 gdk_screen_get_setting
from /opt/gnome/lib/libgdk-x11-2.0.so.0
#36 g_main_context_dispatch
from /opt/gnome/lib/libglib-2.0.so.0
#37 g_main_context_check
from /opt/gnome/lib/libglib-2.0.so.0
#38 g_main_loop_run
from /opt/gnome/lib/libglib-2.0.so.0
#39 bonobo_main
from /opt/gnome/lib/libbonobo-2.so.0
#40 main
at main.c line 602
#0 ??

Comment 5 Sushma Rai 2006-03-08 09:26:38 UTC

waits on do_read()

*** This bug has been marked as a duplicate of 330404 ***

Comment 6 Matthew Barnes 2007-06-04 18:57:11 UTC

I'm still able to reproduce this bug on 2.11.3.  Reopening.

The backtrace I'm getting after the hang is very similar to that in comment #4; we're stuck in a do_read() call while trying to read a 32-bit integer.  And it only happens on the second rename.

Comment 7 Matthew Barnes 2007-06-06 15:13:10 UTC

I've been investigating this in a downstream bug.

Here's what my investigation has found so far:

The behavior is pretty consistent.  There's a noticable delay on the first
rename after clicking OK, but it eventually succeeds (that may be due to the fact that the Exchange server I'm talking to is several hundred miles away).  On the second rename the read() call gets stuck waiting for 4 bytes (it's looking to collect a 32-bit integer value), but the Exchange server appears to only be issuing a newline character ('\n').

Comment 8 Matthew Barnes 2007-06-14 19:38:15 UTC

Created attachment 89965 [details] [review]
Proposed patch

I think I found the problem here.

In exchange-hierarchy-webdav.c:xfer_folder() we cast away the constness of EFolder's 'physical_uri' string and then turn around and free it.  The EFolder object is left with a dangling 'physical_uri' pointer, but the freed memory it points to apparently stays valid.  That's why the folder rename succeeds on the first try.

The second time around, xfer_folder() again tries to free the 'physical_uri' string that doesn't belong to it, which it already freed last time.  This then causes evolution-exchange-store to abort with the error message that the reporter mentioned in comment #0, and the client is left waiting for a response in the do_read() function.

The fix for the server crash is a simple one-liner, though I question the wisdom of the client calling a blocking Camel function in the main (UI) thread.

Comment 9 Srinivasa Ragavan 2007-06-15 04:44:21 UTC

Matthew, the patch looks fine and please commit to stable and head. There are more such  blocking stuffs, which needs to be made async.

Comment 10 Matthew Barnes 2007-06-15 04:55:49 UTC

Committed to trunk (revision 7819) and gnome-2-18 branch (revision 7820).