Bug 438142 – crash when rewriting folder summary/index (summary_update at camel-mbox-summary.c:502)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 438142 - crash when rewriting folder summary/index (summary_update at camel-mbox-summary.c:502)


Summary:	crash when rewriting folder summary/index (summary_update at camel-mbox-summa...


Status:	RESOLVED OBSOLETE

Product:	evolution
Classification:	Applications
Component:	Mailer
Version:	2.32.x (obsolete)
Hardware:	Other All

Importance:	High critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	432574 565380 603750 (view as bug list)
Depends on:
Blocks:

Reported:	2007-05-13 16:46 UTC by Kjartan Maraas
Modified:	2013-05-30 18:45 UTC

See Also:
GNOME target:	---
GNOME version:	2.25/2.26

Description Kjartan Maraas 2007-05-13 16:46:45 UTC

What were you doing when the application crashed?
Nothing. Left the computer alone and got this when I unlocked the screen


Distribution: Fedora release 6.93 (Rawhide)
Gnome Release: 2.18.0 2007-03-23 (Red Hat, Inc)
BugBuddy Version: 2.18.0

System: Linux 2.6.21-1.3142.fc7 #1 SMP Mon May 7 21:14:09 EDT 2007 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10300000
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: Echo

Memory status: size: 476704768 vsize: 476704768 resident: 279154688 share: 20647936 rss: 279154688 rss_rlim: 4294967295
CPU usage: start_time: 1179070339 rtime: 8592 utime: 5326 stime: 3266 cutime:1 cstime: 9 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208633632 (LWP 2933)]
[New Thread -1263920240 (LWP 16830)]
[New Thread -1295795312 (LWP 14244)]
[New Thread -1282606192 (LWP 3094)]
[New Thread -1284904048 (LWP 2967)]
0x009be402 in __kernel_vsyscall ()

+ Trace 133963

Thread 2 (Thread -1263920240 (LWP 16830))

#0 __kernel_vsyscall
#1 __lll_mutex_lock_wait
from /lib/libpthread.so.0
#2 _L_mutex_lock_79
from /lib/libpthread.so.0
#3 pthread_mutex_lock
from /lib/libpthread.so.0
#4 segv_redirect
at main.c line 417
#5 <signal handler called>
#6 summary_update
at camel-mbox-summary.c line 502
#7 mbox_summary_check
at camel-mbox-summary.c line 572
#8 camel_local_summary_check
at camel-local-summary.c line 268
#9 mbox_get_message
at camel-mbox-folder.c line 394
#10 camel_folder_get_message
at camel-folder.c line 1070
#11 get_message_get
at mail-ops.c line 1753
#12 mail_msg_proxy
at mail-mt.c line 484
#13 g_thread_pool_thread_proxy
at gthreadpool.c line 265
#14 g_thread_create_proxy
at gthread.c line 591
#15 start_thread
from /lib/libpthread.so.0
#16 clone
from /lib/libc.so.6



----------- .xsession-errors (145 sec old) ---------------------
start play /usr/share/monkey-bubble/sounds/splash.ogg
start play /usr/share/monkey-bubble/sounds/splash.ogg
start play /usr/share/monkey-bubble/sounds/game.ogg
start play /usr/share/monkey-bubble/sounds/splash.ogg
start play /usr/share/monkey-bubble/sounds/game.ogg
start play /usr/share/monkey-bubble/sounds/splash.ogg
** Message: <info>  Du er nå koblet til trådløst nettverk «Lothlorien».
(evolution:2933): e-data-server-ui-DEBUG: ep_msg_send: in main thread? 0
start play /usr/share/monkey-bubble/sounds/splash.ogg
(evolution:2933): camel-local-provider-WARNING **: Didn't get the next message where I expected (474144295) got 474159020 instead
(evolution:2933): camel-local-provider-WARNING **: Summary doesn't match the folder contents!  eek!
  expecting offset 79507713 got 79511173, state = 2
--------------------------------------------------

Comment 1 Kjartan Maraas 2007-05-13 17:13:11 UTC

Ran it under valgrind and got this:

==4520== Thread 3:
==4520== Invalid read of size 1
==4520==    at 0x41D3B0B: camel_index_add_name (camel-index.c:183)
==4520==    by 0x422FD29: camel_folder_summary_info_new_from_parser (camel-folder-summary.c:1015)
==4520==    by 0x422FF3B: camel_folder_summary_add_from_parser (camel-folder-summary.c:920)
==4520==    by 0xB1613E7: summary_update (camel-mbox-summary.c:485)
==4520==    by 0xB161D92: mbox_summary_check (camel-mbox-summary.c:572)
==4520==    by 0xB15BAA6: camel_local_summary_check (camel-local-summary.c:268)
==4520==    by 0xB15D567: mbox_append_message (camel-mbox-folder.c:203)
==4520==    by 0x4234F69: camel_folder_append_message (camel-folder.c:648)
==4520==    by 0x422888F: do_move (camel-filter-driver.c:546)
==4520==    by 0x44B1130: e_sexp_term_eval (e-sexp.c:710)
==4520==    by 0x44B1294: term_eval_begin (e-sexp.c:654)
==4520==    by 0x44B1178: e_sexp_term_eval (e-sexp.c:700)
==4520==    by 0x44B11FF: e_sexp_eval (e-sexp.c:1306)
==4520==    by 0x422673B: camel_filter_driver_filter_message (camel-filter-driver.c:1461)
==4520==    by 0x4226D7E: camel_filter_driver_filter_folder (camel-filter-driver.c:1279)
==4520==    by 0xA13DAB5: em_filter_folder_element_filter (mail-ops.c:140)
==4520==    by 0xA13DDB6: fetch_mail_fetch (mail-ops.c:325)
==4520==    by 0xA139222: mail_msg_proxy (mail-mt.c:484)
==4520==    by 0x5067E67: g_thread_pool_thread_proxy (gthreadpool.c:265)
==4520==    by 0x506649E: g_thread_create_proxy (gthread.c:591)
==4520==    by 0x43D72DA: start_thread (in /lib/libpthread-2.5.90.so)
==4520==    by 0x518C83D: clone (in /lib/libc-2.5.90.so)
==4520==  Address 0x28 is not stack'd, malloc'd or (recently) free'd

Comment 2 Matthew Barnes 2007-05-15 14:59:08 UTC

Looks like the crash is in Thread 2, Frame #6.

   camel-mbox-summary.c:502:
   if (mi->info.info.flags & CAMEL_MESSAGE_FOLDER_NOTSEEN) {

The 'mi' pointer is non-NULL according to the stack trace, but it could be dangling.  Not sure what to make of the valgrind output.

Comment 3 Tobias Mueller 2007-09-29 01:59:34 UTC

==4520==    at 0x41D3B0B: camel_index_add_name (camel-index.c:183)
==4520==    by 0x422FD29: camel_folder_summary_info_new_from_parser
(camel-folder-summary.c:1015)
==4520==    by 0x422FF3B: camel_folder_summary_add_from_parser
(camel-folder-summary.c:920)

these functions are crashers for bug 339602.

Comment 4 Srinivasa Ragavan 2008-01-22 08:31:52 UTC

*** Bug 432574 has been marked as a duplicate of this bug. ***

Comment 5 Sebastien Bacher 2008-08-20 13:16:29 UTC

there is a similar crash on https://bugs.launchpad.net/evolution/+bug/259437 using GNOME 2.23.90

Comment 6 André Klapper 2008-12-23 20:34:41 UTC

*** Bug 565380 has been marked as a duplicate of this bug. ***

Comment 7 Matthew Barnes 2010-03-24 12:53:53 UTC

*** Bug 603750 has been marked as a duplicate of this bug. ***

Comment 8 Milan Crha 2010-11-05 11:28:50 UTC

Downstream bug report about the same in 2.32.0:
https://bugzilla.redhat.com/show_bug.cgi?id=649999

Comment 9 Kjartan Maraas 2013-05-30 18:45:41 UTC

No new reports in a few years so I'm closing this.