After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 441372 - Repeating evermore segfault in calc_dimension htmlframeset.c
Repeating evermore segfault in calc_dimension htmlframeset.c
Status: RESOLVED DUPLICATE of bug 338921
Product: GtkHtml
Classification: Other
Component: Rendering
3.12.x
Other All
: Normal critical
: ---
Assigned To: gtkhtml-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2007-05-26 07:21 UTC by Archimerged Submedes
Modified: 2007-05-30 18:39 UTC
See Also:
GNOME target: ---
GNOME version: 2.15/2.16

Attachments
email from eWeek which triggered crash (26.61 KB, text/plain)
2007-05-26 07:26 UTC, Archimerged Submedes 		  Details
Proposed patch (376 bytes, patch)
2007-05-26 07:28 UTC, Archimerged Submedes 		rejected Details | Review

Description Archimerged Submedes 2007-05-26 07:21:48 UTC 
Steps to reproduce:
1. Receive attached email from eWeek in evolution using gtkhtml 3.12.3
2. Click on the title
3. evolution crashes repeatedly until you run it under gdb, use a command list to set the offending variable to zero every time it hits the code, and then click on a different email.  Normal users would have to delete their inbox.

It is very easy to patch htmlframeset.c so the crash doesn't happen, and the patch is obviously harmless even after the underlying cause is fixed.

The email will be attached to this bug.


Stack trace:
Distribution: Fedora Core release 6 (Zod)
Gnome Release: 2.16.3 2007-01-31 (Red Hat, Inc)
BugBuddy Version: 2.16.0

System: Linux 2.6.20-1.2933.fc6 #1 SMP Mon Mar 19 10:42:48 EDT 2007 i686
X Vendor: The X.Org Foundation
X Vendor Release: 70101000
Selinux: Permissive
Accessibility: Disabled

Memory status: size: 163168256 vsize: 0 resident: 163168256 share: 0 rss: 28884992 rss_rlim: 0
CPU usage: start_time: 1180103347 rtime: 0 utime: 433 stime: 0 cutime:386 cstime: 0 timeout: 47 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208842016 (LWP 8453)]
[New Thread -1324524656 (LWP 8469)]
[New Thread -1314034800 (LWP 8468)]
[New Thread -1303135344 (LWP 8467)]
[New Thread -1267229808 (LWP 8463)]
[New Thread -1245856880 (LWP 8462)]
[New Thread -1256346736 (LWP 8461)]
[New Thread -1235367024 (LWP 8458)]
0x00e36402 in __kernel_vsyscall ()

+ Trace 136119

Thread 1 (Thread -1208842016 (LWP 8453))

  • #0 __kernel_vsyscall
  • #1 waitpid
    from /lib/libpthread.so.0
  • #2 libgnomeui_segv_handle
    at gnome-ui-init.c line 870
  • #3 segv_redirect
    at main.c line 427
  • #4 <signal handler called>
  • #5 calc_dimension
    at htmlframeset.c line 131
  • #6 html_frameset_real_calc_size
    at htmlframeset.c line 168
  • #7 html_object_calc_size
    at htmlobject.c line 1080
  • #8 calc_preferred_width
    at htmlobject.c line 247
  • #9 html_object_calc_preferred_width
    at htmlobject.c line 1144
  • #10 calc_preferred_width
    at htmlclueflow.c line 1089
  • #11 html_object_calc_preferred_width
    at htmlobject.c line 1144
  • #12 calc_preferred_width
    at htmlclue.c line 345
  • #13 calc_preferred_width
    at htmlcluev.c line 332
  • #14 calc_preferred_width
    at htmltablecell.c line 166
  • #15 html_object_calc_preferred_width
    at htmlobject.c line 1144
  • #16 calc_column_width_template
    at htmltable.c line 852
  • #17 calc_min_width
    at htmltable.c line 1304
  • #18 html_object_calc_min_width
    at htmlobject.c line 1133
  • #19 calc_min_width
    at htmlclueflow.c line 675
  • #20 html_object_calc_min_width
    at htmlobject.c line 1133
  • #21 calc_min_width
    at htmlclue.c line 364
  • #22 calc_min_width
    at htmlcluev.c line 324
  • #23 calc_min_width
    at htmltablecell.c line 159
  • #24 html_object_calc_min_width
    at htmlobject.c line 1133
  • #25 calc_preferred_width
    at htmltablecell.c line 166
  • #26 html_object_calc_preferred_width
    at htmlobject.c line 1144
  • #27 calc_column_width_template
    at htmltable.c line 852
  • #28 calc_min_width
    at htmltable.c line 1304
  • #29 html_object_calc_min_width
    at htmlobject.c line 1133
  • #30 html_table_set_max_width
    at htmltable.c line 1742
  • #31 html_object_set_max_width
    at htmlobject.c line 1089
  • #32 set_max_width
    at htmlclueflow.c line 654
  • #33 html_object_set_max_width
    at htmlobject.c line 1089
  • #34 set_max_width
    at htmlcluev.c line 344
  • #35 html_object_set_max_width
    at htmlobject.c line 1089
  • #36 html_engine_calc_size
    at htmlengine.c line 4971
  • #37 html_engine_update_event
    at htmlengine.c line 4530
  • #38 html_engine_timer_event
    at htmlengine.c line 4680
  • #39 html_engine_stream_end
    at htmlengine.c line 4729
  • #40 gtk_html_stream_close
    at gtkhtml-stream.c line 137
  • #41 emhs_sync_close
    at em-html-stream.c line 140
  • #42 emcs_gui_received
    at em-sync-stream.c line 164
  • #43 g_io_unix_dispatch
    at giounix.c line 162
  • #44 IA__g_main_context_dispatch
    at gmain.c line 2045
  • #45 g_main_context_iterate
    at gmain.c line 2677
  • #46 IA__g_main_loop_run
    at gmain.c line 2881
  • #47 bonobo_main
    at bonobo-main.c line 311
  • #48 main
    at main.c line 616
  • #49 __libc_start_main
    at libc-start.c line 231
  • #50 _start
  • #0 __kernel_vsyscall 


Other information:
--- usr-src-debug-gtkhtml-3.12.3-src-htmlframeset.c~	2007-05-26 02:17:21.000000000 -0400
+++ usr-src-debug-gtkhtml-3.12.3-src-htmlframeset.c	2007-05-26 02:19:17.000000000 -0400
@@ -95,7 +95,7 @@
 	int remain;
 	int num_frac = 0;
 
-	remain = total;
+	remain = (dim->len > 0 ? total : 0);
 	for (i = 0; i < dim->len; i++) {
 		len = g_ptr_array_index (dim, i);
 		span[i] = 0;
Comment 1 Archimerged Submedes 2007-05-26 07:26:30 UTC 
Created attachment 88833 [details]
email from eWeek which triggered crash

You don't need to confirm the crash or get this email to cause it.  Just apply the patch so poor users won't have to delete their inbox to get evolution to work.  

But to fix the underlying problem (why was calc_dimension called with span == 0?) you might need this email.
Comment 2 Archimerged Submedes 2007-05-26 07:28:37 UTC 
Created attachment 88834 [details] [review]
Proposed patch

This patch will save users from having to delete their inbox to get evolution to come up.  Just apply it!
Comment 3 Srinivasa Ragavan 2007-05-30 18:39:13 UTC 



+
Trace
    136866






    

  • 
#40
gtk_html_stream_close

    
                at gtkhtml-stream.c
                  line
                  137

    

    • 

  • 
#41
emhs_sync_close

    
                at em-html-stream.c
                  line
                  140

    

    • 

  • 
#42
emcs_gui_received

    
                at em-sync-stream.c
                  line
                  164

    

    • 

  • 
#43
g_io_unix_dispatch

    
                at giounix.c
                  line
                  162

    

    • 








This stack trace is due to the implementation of the new spinner animation in evolution. This is dupe of bug #338921 I'll fix that for 2.11.3 

*** This bug has been marked as a duplicate of 338921 ***