After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 338921 - crash dislaying a mail
crash dislaying a mail
Status: RESOLVED FIXED
Product: GtkHtml
Classification: Other
Component: Rendering
3.16.x
Other Linux
: High critical
: ---
Assigned To: gtkhtml-maintainers
Evolution QA team
: 360851 363152 369322 369910 397498 434262 436829 440855 441372 494297 501310 540541 559869 560607 560888 564703 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-04-18 17:56 UTC by Karsten Bräckelmann
Modified: 2009-01-27 04:24 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
proposed gtkhtml patch (1.77 KB, patch)
2008-11-04 19:03 UTC, Milan Crha 		committed Details | Review

Description Karsten Bräckelmann 2006-04-18 17:56:20 UTC 
Yeah, sorry for the lousy Summary and this description. But I really don't know what exactly triggered this. Not reproducible with that particular mail either.

All I noticed was a (seemingly) lag in the network connection, somewhere. Clicked the Stop button twice, as I was tired of waiting and wanted to check the connection -- when Evo crashed. By the time bug-buddy was up, the connection definitely worked again, without any action. Thus I can't even tell if the connection really was down for a few seconds, lagged only, or if that lag affected parts of the network wich where not used by the IMAP connection at all...

Evolution 2.6.0, GtkHTML 3.10.0

Including the crashing top-most thread only (entire stacktrace saved).


Backtrace was generated from '/opt/gnome-2.14/bin/evolution-2.6'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1230379328 (LWP 10286)]
[New Thread -1297278032 (LWP 10343)]
[Thread debugging using libthread_db enabled]
[New Thread -1230379328 (LWP 10286)]
[New Thread -1297278032 (LWP 10343)]
[Thread debugging using libthread_db enabled]
[New Thread -1230379328 (LWP 10286)]
[New Thread -1297278032 (LWP 10343)]
[New Thread -1288701008 (LWP 10342)]
[New Thread -1278919760 (LWP 10295)]
[New Thread -1269449808 (LWP 10294)]
[New Thread -1260651600 (LWP 10292)]
[New Thread -1252222032 (LWP 10290)]
[New Thread -1243829328 (LWP 10289)]
[New Thread -1235436624 (LWP 10288)]
0xffffe410 in ?? ()

+ Trace 67698

  • #0 ??
  • #1 ??
  • #2 ??
  • #3 ??
  • #4 __waitpid_nocancel
    from /lib/tls/libpthread.so.0
  • #5 libgnomeui_segv_handle
    at gnome-ui-init.c line 792
  • #6 <signal handler called>
  • #7 update_or_redraw
    at htmlimage.c line 1095
  • #8 html_image_factory_end_pixbuf
    at htmlimage.c line 1131
  • #9 gtk_html_stream_close
    at gtkhtml-stream.c line 137
  • #10 emhs_sync_close
    at em-html-stream.c line 140
  • #11 emcs_gui_received
    at em-sync-stream.c line 164
  • #12 g_io_unix_dispatch
    at giounix.c line 162
  • #13 IA__g_main_context_dispatch
    at gmain.c line 1916
  • #14 g_main_context_iterate
    at gmain.c line 2547
  • #15 IA__g_main_loop_run
    at gmain.c line 2751
  • #16 bonobo_main
    at bonobo-main.c line 311
  • #17 main
    at main.c line 611 






Comment 1


Poornima





          2006-10-09 10:47:04 UTC
        



*** Bug 360851 has been marked as a duplicate of this bug. ***






Comment 2


Elijah Newren





          2006-10-18 14:45:37 UTC
        



*** Bug 363152 has been marked as a duplicate of this bug. ***






Comment 3


Fabio Bonelli





          2006-11-02 15:05:30 UTC
        



*** Bug 369322 has been marked as a duplicate of this bug. ***






Comment 4


Karsten Bräckelmann





          2006-11-04 04:16:21 UTC
        



*** Bug 369910 has been marked as a duplicate of this bug. ***






Comment 5


palfrey





          2007-01-17 17:08:03 UTC
        



*** Bug 397498 has been marked as a duplicate of this bug. ***






Comment 6


André Klapper





          2007-01-28 23:42:20 UTC
        



confirming as per dups.






Comment 7


Susana





          2007-05-12 00:41:49 UTC
        



*** Bug 436829 has been marked as a duplicate of this bug. ***






Comment 8


André Klapper





          2007-05-17 11:54:02 UTC
        



bug 434262 is probably a duplicate.
-------

i quickly deleted messages in my pop inbox (NO hide deleted messages enabled) and moved with the up-arrow key of my keyboard. cannot reproduce the crash with that particular e-mail message, perhaps some kind of racing? evo 2.11.1, gtkhtml 3.15.1 svn.

System: Linux 2.6.21-1.3142.fc7 #1 SMP Mon May 7 21:14:09 EDT 2007 i686

Memory status: size: 174473216 vsize: 174473216 resident: 49102848 share: 38969344 rss: 49102848 rss_rlim: 4294967295
CPU usage: start_time: 1179400924 rtime: 586 utime: 398 stime: 188 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/libexec/evolution-2.12'

[?1034hUsing host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208551744 (LWP 27722)]
[New Thread 145120144 (LWP 27752)]
[New Thread 110263184 (LWP 27751)]
[New Thread 131578768 (LWP 27748)]
[New Thread 95525776 (LWP 27745)]
[New Thread 58485648 (LWP 27743)]
[New Thread 33831824 (LWP 27740)]
[New Thread 70601616 (LWP 27739)]
0x0031c402 in __kernel_vsyscall ()




+
Trace
    134599






Thread 1
          (Thread -1208551744 (LWP 27722))


    

  • 
#0
__kernel_vsyscall

    • 

  • 
#1
waitpid

    
                from
                /lib/libpthread.so.0

    

    • 

  • 
#2
libgnomeui_segv_handle

    
                at gnome-ui-init.c
                  line
                  865

    

    • 

  • 
#3
<signal handler called>

    • 

  • 
#4
update_or_redraw

    
                at htmlimage.c
                  line
                  1093

    

    • 

  • 
#5
html_image_factory_end_pixbuf

    
                at htmlimage.c
                  line
                  1129

    

    • 

  • 
#6
gtk_html_stream_close

    
                at gtkhtml-stream.c
                  line
                  137

    

    • 

  • 
#7
emhs_sync_close

    
                at em-html-stream.c
                  line
                  140

    

    • 

  • 
#8
emcs_gui_received

    
                at em-sync-stream.c
                  line
                  164

    

    • 

  • 
#9
g_io_unix_dispatch

    
                at giounix.c
                  line
                  162

    

    • 

  • 
#10
IA__g_main_context_dispatch

    
                at gmain.c
                  line
                  2061

    

    • 

  • 
#11
g_main_context_iterate

    
                at gmain.c
                  line
                  2694

    

    • 

  • 
#12
IA__g_main_loop_run

    
                at gmain.c
                  line
                  2898

    

    • 

  • 
#13
bonobo_main

    
                at bonobo-main.c
                  line
                  311

    

    • 

  • 
#14
main

    
                at main.c
                  line
                  592

    

    • 

  • 
#0
__kernel_vsyscall

    • 













Comment 9


Sebastien Bacher





          2007-05-19 11:39:13 UTC
        



evolution crashes quite often since 2.19






Comment 10


André Klapper





          2007-05-28 18:20:18 UTC
        



seb: same here. i just have to quickly move in the message list by using the arrow keys. crashes like 3 times a day. sigh.






Comment 11


Srinivasa Ragavan





          2007-05-28 19:29:45 UTC
        



Hmm. I think in head, Im facing such issues after bug #338921 Im just reverting a few of them to test it. Looks like it is stable after I revert all. Im just suspecting it.






Comment 12


Srinivasa Ragavan





          2007-05-29 19:05:03 UTC
        



seb, can you try reverting locally and test it? It is fine for me.






Comment 13


Srinivasa Ragavan





          2007-05-30 17:47:15 UTC
        



Sigh. It was due to the all cool spinner animations in the preview. Im reworking and fixing it for 2.11.3 Thanks for the 'CC' andre :) I got it finally. It didn't crash at all for me, when I commented the spinner animation in the preview.






Comment 14


Srinivasa Ragavan





          2007-05-30 18:38:12 UTC
        



*** Bug 434262 has been marked as a duplicate of this bug. ***






Comment 15


Srinivasa Ragavan





          2007-05-30 18:39:13 UTC
        



*** Bug 441372 has been marked as a duplicate of this bug. ***






Comment 16


Sebastien Bacher





          2007-06-01 11:07:19 UTC
        



no need to test the reverted change then?






Comment 17


Srinivasa Ragavan





          2007-06-01 18:49:04 UTC
        



Seb, no need to test. I will disable the spinner in preivew for 2.11.3 and will fix it right for 2.11.4. (I dont think I have sufficient time for fixing this in 2.11.3)






Comment 18


André Klapper





          2007-06-11 09:33:52 UTC
        



evolution 2.11.3 is *much* more stable for me.






Comment 19


André Klapper





          2007-06-19 23:26:21 UTC
        



haven't been able to face this crash in the last time, running 2.11.3 and .4 here.






Comment 20


André Klapper





          2007-08-01 04:20:35 UTC
        



no duplicates since then, closing as fixed. please anybody reopen if he can reproduce this with evo 2.11.4/gtkhtml3.15.4 or higher.






Comment 21


Sebastien Bacher





          2007-10-01 13:58:44 UTC
        



https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/147626 has a similar backtrace on GNOME 2.20, reopening

"#0  0xb7b5e16f in update_or_redraw (ip=0x99c5028) at htmlimage.c:1093
	list = (GSList *) 0x0
	update = 0




+
Trace
    166852






    

  • 
#1
html_image_factory_end_pixbuf

    
                at htmlimage.c
                  line
                  1129

    

    • 

  • 
#2
gtk_html_stream_close

    
                at gtkhtml-stream.c
                  line
                  137

    

    • 

  • 
#3
emhs_sync_close

    
                at em-html-stream.c
                  line
                  140

    

    • 

  • 
#4
emcs_gui_received

    
                at em-sync-stream.c
                  line
                  164

    

    • 

  • 
#5
g_io_unix_dispatch

    
                at /build/buildd/glib2.0-2.14.1/glib/giounix.c
                  line
                  162

    

    • 

  • 
#6
IA__g_main_context_dispatch

    
                at /build/buildd/glib2.0-2.14.1/glib/gmain.c
                  line
                  2061

    

    • 

  • 
#7
g_main_context_iterate

    
                at /build/buildd/glib2.0-2.14.1/glib/gmain.c
                  line
                  2694

    

    • 

  • 
#8
IA__g_main_loop_run

    
                at /build/buildd/glib2.0-2.14.1/glib/gmain.c
                  line
                  2898

    

    • 

  • 
#9
bonobo_main

    
                at bonobo-main.c
                  line
                  311

    

    • 

  • 
#10
main

    
                at main.c
                  line
                  602

    

    • 

  • 
#11
__libc_start_main

    
                from
                /lib/tls/i686/cmov/libc.so.6

    

    • 

  • 
#12
_start

    • 













Comment 22


Srinivasa Ragavan





          2007-10-03 05:37:07 UTC
        



The traces seems to be right, may be due to another broken image passed. But the original bug was due to spinner.






Comment 23


Tobias Mueller





          2007-12-04 15:02:03 UTC
        



*** Bug 494297 has been marked as a duplicate of this bug. ***






Comment 24


Tobias Mueller





          2007-12-04 15:02:21 UTC
        



*** Bug 501310 has been marked as a duplicate of this bug. ***






Comment 25


Paul Bolle





          2008-10-31 19:38:50 UTC
        



*** Bug 540541 has been marked as a duplicate of this bug. ***






Comment 26


Paul Bolle





          2008-10-31 19:47:00 UTC
        



Note that bug #432578 (which concerns another evolution/gtkhtml crash) contains a detailed analysis of this bug in comments two (http://bugzilla.gnome.org/show_bug.cgi?id=432578#c2) through seven (http://bugzilla.gnome.org/show_bug.cgi?id=432578#c7). Those comments were made just over one and a half year ago.






Comment 27


Milan Crha





          2008-11-04 19:03:06 UTC
        



Created attachment 121975 [details] [review]
proposed gtkhtml patch

for gtkhtml;

This is quite stupid patch, but from a particular point of view makes sense. The bad thing is I'm not able to check whether it'll be better or not with the patch, because I'm not able to reproduce it.

The idea behind it is that the interest in the image pointer left before the image itself has been loaded, thus the structure itself wasn't freed, because we only have the interest in the image, but nobody else, which is checkable by the 'factory' member. It's set to NULL on two places, in cleanup_images and in html_image_factory_unregister. I guess it has been set in the former function, but the structure itself has not been freed, because it is html_image_pointer_ref'ed in html_image_pointer_load.






Comment 28


Srinivasa Ragavan





          2008-11-05 04:09:42 UTC
        



Commit to stable/trunk






Comment 29


Milan Crha





          2008-11-05 10:22:55 UTC
        



Committed to trunk. Committed revision 9043.
Committed to gnome-2-24. Committed revision 9044.






Comment 30


André Klapper





          2008-11-08 13:28:02 UTC
        



*** Bug 559869 has been marked as a duplicate of this bug. ***






Comment 31


Kandepu Prasad





          2008-11-13 09:16:27 UTC
        



*** Bug 560607 has been marked as a duplicate of this bug. ***






Comment 32


André Klapper





          2008-11-15 13:37:41 UTC
        



*** Bug 560888 has been marked as a duplicate of this bug. ***






Comment 33


palfrey





          2008-12-16 13:50:28 UTC
        



*** Bug 564703 has been marked as a duplicate of this bug. ***






Comment 34


Akhil Laddha





          2009-01-27 04:24:15 UTC
        



*** Bug 440855 has been marked as a duplicate of this bug. ***