Bug 349310 – crash on Evolution

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 349310 - crash on Evolution


Summary:	crash on Evolution


Status:	RESOLVED FIXED

Product:	evolution
Classification:	Applications
Component:	general
Version:	2.8.x (obsolete)
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	Harish Krishnaswamy
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	349161 349414 350607 350718 350756 351153 351154 351854 352015 352302 352319 352462 352813 352954 353392 353469 353564 353897 353945 354179 354227 354309 354525 354740 (view as bug list)
Depends on:
Blocks:

Reported:	2006-07-30 13:01 UTC by anonymous
Modified:	2013-09-13 00:52 UTC

See Also:
GNOME target:	---
GNOME version:	2.15/2.16

Attachments
Patch to add missing declaration (714 bytes, patch) 2006-08-18 20:39 UTC, Laurent Goujon	committed	Details \| Review

Description anonymous 2006-07-30 13:01:38 UTC

What were you doing when the application crashed?



Distribution: Gentoo Base System version 1.12.1
Gnome Release: 2.15.90 2006-07-26 (Gentoo)
BugBuddy Version: 2.15.90

Memory status: size: 397561856 vsize: 397561856 resident: 32419840 share: 19607552 rss: 32419840 rss_rlim: -1
CPU usage: start_time: 1154264525 rtime: 60 utime: 56 stime: 4 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution-2.8'

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 47569220670720 (LWP 25017)]
[New Thread 1126345040 (LWP 25031)]
[New Thread 1117952336 (LWP 25030)]
[New Thread 1109559632 (LWP 25028)]
[New Thread 1092774224 (LWP 25027)]
[New Thread 1101166928 (LWP 25026)]
[New Thread 1084381520 (LWP 25024)]
[New Thread 1075988816 (LWP 25019)]
[New Thread 1073822032 (LWP 25018)]
0x00002b43918528cf in waitpid () from /lib/libpthread.so.0

+ Trace 69795

Thread 1 (Thread 47569220670720 (LWP 25017))

#0 waitpid
from /lib/libpthread.so.0
#1 gnome_gtk_module_info_get
from /usr/lib/libgnomeui-2.so.0
#2 <signal handler called>
#3 raise
from /lib/libc.so.6
#4 abort
from /lib/libc.so.6
#5 mono_handle_native_sigsegv
from /usr/lib/libmono.so.0
#6 mini_init
from /usr/lib/libmono.so.0
#7 <signal handler called>
#8 cairo_font_face_destroy
from /usr/lib/libcairo.so.2
#9 cairo_font_options_copy
from /usr/lib/libcairo.so.2
#10 pango_cairo_context_set_font_options
from /usr/lib/libpangocairo-1.0.so.0
#11 e_cell_text_new
from /usr/lib64/evolution/2.8/libetable.so.0
#12 e_cell_text_get_text_by_view
from /usr/lib64/evolution/2.8/libetable.so.0
#13 e_cell_text_get_text_by_view
from /usr/lib64/evolution/2.8/libetable.so.0
#14 e_cell_tree_new
from /usr/lib64/evolution/2.8/libetable.so.0
#15 e_table_item_set_cursor
from /usr/lib64/evolution/2.8/libetable.so.0
#16 gnome_canvas_root
from /usr/lib/libgnomecanvas-2.so.0
#17 gnome_canvas_item_new
from /usr/lib/libgnomecanvas-2.so.0
#18 gtk_marshal_BOOLEAN__VOID
from /usr/lib/libgtk-x11-2.0.so.0
#19 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#20 g_signal_chain_from_overridden
from /usr/lib/libgobject-2.0.so.0
#21 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#22 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#23 gtk_widget_get_default_style
from /usr/lib/libgtk-x11-2.0.so.0
#24 gnome_canvas_window_to_world
from /usr/lib/libgnomecanvas-2.so.0
#25 gnome_canvas_set_scroll_region
from /usr/lib/libgnomecanvas-2.so.0
#26 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#27 g_main_context_check
from /usr/lib/libglib-2.0.so.0
#28 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#29 bonobo_main
from /usr/lib/libbonobo-2.so.0
#30 main
#0 waitpid
from /lib/libpthread.so.0

Comment 1 Sergej Kotliar 2006-07-31 11:47:44 UTC

*** Bug 349414 has been marked as a duplicate of this bug. ***

Comment 2 André Klapper 2006-08-01 14:39:30 UTC

confirming as per duplicate. also see bug 349161.

ETable?

Comment 3 André Klapper 2006-08-09 20:32:56 UTC

also see bug 350607

Comment 4 André Klapper 2006-08-09 20:33:02 UTC

*** Bug 350607 has been marked as a duplicate of this bug. ***

Comment 5 André Klapper 2006-08-10 15:07:35 UTC

*** Bug 350718 has been marked as a duplicate of this bug. ***

Comment 6 André Klapper 2006-08-10 15:08:40 UTC

also see the stacktrace at bug 350746

Comment 7 André Klapper 2006-08-10 22:04:17 UTC

*** Bug 350756 has been marked as a duplicate of this bug. ***

Comment 8 André Klapper 2006-08-10 22:08:35 UTC

targetting to 2.8 - too many duplicates in too little time

Comment 9 Christian Kirbach 2006-08-11 10:00:59 UTC

crashes in cairo. NOTGNOME?

Comment 10 Andy Wingo 2006-08-11 13:17:30 UTC

This is my cairo version:

ii  libcairo2      1.2.2-1ubuntu1 The Cairo 2D vector graphics library

Comment 11 Olav Vitters 2006-08-13 12:23:35 UTC

*** Bug 351153 has been marked as a duplicate of this bug. ***

Comment 12 Olav Vitters 2006-08-13 12:29:28 UTC

*** Bug 351154 has been marked as a duplicate of this bug. ***

Comment 13 Andy Wingo 2006-08-16 08:53:24 UTC

Still getting this one about 20 times a day...

Comment 14 Karsten Bräckelmann 2006-08-18 01:13:34 UTC

*** Bug 351854 has been marked as a duplicate of this bug. ***

Comment 15 Laurent Goujon 2006-08-18 19:23:24 UTC

I'm currently debugging evolution to get rid of this bug. 
Currently it seems problem lies when returning from the get_font_options function.
Normally the caller should have a valid (const cairo_font_options_t *) value and into the get_font_options, the value is correct. But just after returning the value is mangled.

Looking into the machine code, I see something nasty:
<build_layout+186>:  xor    %eax,%eax
<build_layout+188>:  callq  0x2b7e7d2b1340 <get_font_options@plt>
<build_layout+193>:  movslq %eax,%r12
<build_layout+196>:  mov    %rbx,%rdi
<build_layout+199>:  mov    %r12,%rsi
<build_layout+202>:  callq  0x2b7e7d2b2540 <pango_cairo_context_set_font_options@plt>

The return value is stored into %rax (64bit register) but it is %eax (32bit register) which is stored into %r12 so there's a big risk that the return value is mangled

I suppose this bug only concern AMD64 platform (or perhaps 64bits platforms) but architecture is not reported by bug buddy

Comment 16 Laurent Goujon 2006-08-18 19:34:35 UTC

I think I just found the cause

Extract from build log:

e-cell-text.c: In function 'build_layout':
e-cell-text.c:588: warning: implicit declaration of function 'get_font_options'
e-cell-text.c:588: warning: assignment makes pointer from integer without a cast
e-cell-text.c:601: warning: assignment discards qualifiers from pointer target type

Comment 17 Laurent Goujon 2006-08-18 20:29:36 UTC

The get_font_options function definition is missing. Adding it solved the machine code problem and crashes disappeared

Comment 18 Laurent Goujon 2006-08-18 20:39:11 UTC

Created attachment 71188 [details] [review]
Patch to add missing declaration

Comment 19 André Klapper 2006-08-19 14:56:19 UTC

*** Bug 349161 has been marked as a duplicate of this bug. ***

Comment 20 André Klapper 2006-08-19 14:56:29 UTC

*** Bug 352015 has been marked as a duplicate of this bug. ***

Comment 21 Srinivasa Ragavan 2006-08-20 14:31:52 UTC

fixed to HEAD.

Comment 22 Laurent Goujon 2006-08-21 06:19:04 UTC

Thanks for committing the patch but so far I don't see in CVS any modification to e-util.h (although ChangeLog was modified). 
I want to be sure it is fixed for Gnome 2.16 RC1 ;-)

Comment 23 André Klapper 2006-08-21 11:00:49 UTC

looks like srini committed the changelog entry, but not the patch itself. :-)

Comment 24 André Klapper 2006-08-21 15:35:11 UTC

fixed to HEAD - this time for real. ;-)
http://cvs.gnome.org/viewcvs/evolution/e-util/e-util.h?r1=1.61&r2=1.62

Comment 25 André Klapper 2006-08-21 22:01:26 UTC

*** Bug 352302 has been marked as a duplicate of this bug. ***

Comment 26 James Morrin 2006-08-21 23:57:47 UTC

*** Bug 352319 has been marked as a duplicate of this bug. ***

Comment 27 André Klapper 2006-08-22 23:15:18 UTC

*** Bug 352462 has been marked as a duplicate of this bug. ***

Comment 28 André Klapper 2006-08-25 11:51:26 UTC

*** Bug 352813 has been marked as a duplicate of this bug. ***

Comment 29 André Klapper 2006-08-26 10:34:31 UTC

*** Bug 352954 has been marked as a duplicate of this bug. ***

Comment 30 André Klapper 2006-08-29 13:02:39 UTC

*** Bug 353392 has been marked as a duplicate of this bug. ***

Comment 31 André Klapper 2006-08-29 20:28:09 UTC

*** Bug 353469 has been marked as a duplicate of this bug. ***

Comment 32 Karsten Bräckelmann 2006-08-30 18:27:18 UTC

*** Bug 353564 has been marked as a duplicate of this bug. ***

Comment 33 Christian Kirbach 2006-09-01 20:55:17 UTC

*** Bug 353897 has been marked as a duplicate of this bug. ***

Comment 34 André Klapper 2006-09-02 10:14:32 UTC

*** Bug 353945 has been marked as a duplicate of this bug. ***

Comment 35 Sergej Kotliar 2006-09-03 21:46:31 UTC

*** Bug 354179 has been marked as a duplicate of this bug. ***

Comment 36 Fabio Bonelli 2006-09-04 08:19:14 UTC

*** Bug 354227 has been marked as a duplicate of this bug. ***

Comment 37 Sergej Kotliar 2006-09-04 16:56:58 UTC

*** Bug 354309 has been marked as a duplicate of this bug. ***

Comment 38 Karsten Bräckelmann 2006-09-05 22:17:10 UTC

*** Bug 354525 has been marked as a duplicate of this bug. ***

Comment 39 Karsten Bräckelmann 2006-09-07 10:18:30 UTC

*** Bug 354740 has been marked as a duplicate of this bug. ***