After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 468427 - crash in start_calendar_server (source=0x0) at itip-formatter.c:314
crash in start_calendar_server (source=0x0) at itip-formatter.c:314
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Calendar
2.10.x (obsolete)
Other All
: High critical
: ---
Assigned To: evolution-calendar-maintainers
Evolution QA team
: 490137 493736 510340 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2007-08-20 08:07 UTC by torbjorn.lindahl
Modified: 2008-04-24 15:00 UTC
See Also:
GNOME target: ---
GNOME version: 2.17/2.18


Attachments
Itip-bits-rewrite (30.62 KB, patch)
2008-01-22 20:35 UTC, Srinivasa Ragavan
committed Details | Review

Description torbjorn.lindahl 2007-08-20 08:07:34 UTC
Version: 2.10

What were you doing when the application crashed?
moving an appointment from local to MS Exchange calendar


Distribution: Fedora release 7 (Moonshine)
Gnome Release: 2.18.3 2007-07-02 (Red Hat, Inc)
BugBuddy Version: 2.18.0

System: Linux 2.6.22.1-33.fc7 #1 SMP Mon Jul 23 16:59:15 EDT 2007 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10300000
Selinux: Enforcing
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: Fedora

Memory status: size: 685424640 vsize: 685424640 resident: 62013440 share: 44568576 rss: 62013440 rss_rlim: 18446744073709551615
CPU usage: start_time: 1187597176 rtime: 175 utime: 149 stime: 26 cutime:1 cstime: 14 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib64/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 46912496488592 (LWP 4188)]
[New Thread 1136945488 (LWP 4287)]
[New Thread 1136679248 (LWP 4228)]
[New Thread 1094719824 (LWP 4224)]
0x0000003a0e00d97f in waitpid () from /lib64/libpthread.so.0

Thread 1 (Thread 46912496488592 (LWP 4188))

  • #0 waitpid
    from /lib64/libpthread.so.0
  • #1 ??
    from /usr/lib64/libgnomeui-2.so.0
  • #2 <signal handler called>
  • #3 g_str_hash
    from /lib64/libglib-2.0.so.0
  • #4 g_hash_table_lookup
    from /lib64/libglib-2.0.so.0
  • #5 start_calendar_server
    at itip-formatter.c line 314
  • #6 g_closure_invoke
    from /lib64/libgobject-2.0.so.0
  • #7 ??
    from /lib64/libgobject-2.0.so.0
  • #8 g_signal_emit_valist
    from /lib64/libgobject-2.0.so.0
  • #9 g_signal_emit
    from /lib64/libgobject-2.0.so.0
  • #10 g_closure_invoke
    from /lib64/libgobject-2.0.so.0
  • #11 ??
    from /lib64/libgobject-2.0.so.0
  • #12 g_signal_emit_valist
    from /lib64/libgobject-2.0.so.0
  • #13 g_signal_emit
    from /lib64/libgobject-2.0.so.0
  • #14 ??
    from /usr/lib64/libgtk-x11-2.0.so.0
  • #15 source_list_changed_cb
    at e-source-combo-box.c line 71
  • #16 g_closure_invoke
    from /lib64/libgobject-2.0.so.0
  • #17 ??
    from /lib64/libgobject-2.0.so.0
  • #18 g_signal_emit_valist
    from /lib64/libgobject-2.0.so.0
  • #19 g_signal_emit
    from /lib64/libgobject-2.0.so.0
  • #20 load_from_gconf
    at e-source-list.c line 176
  • #21 gconf_listeners_notify
    from /usr/lib64/libgconf-2.so.4
  • #22 ??
    from /usr/lib64/libgconf-2.so.4
  • #23 ??
    from /usr/lib64/libgconf-2.so.4
  • #24 g_main_context_dispatch
    from /lib64/libglib-2.0.so.0
  • #25 ??
    from /lib64/libglib-2.0.so.0
  • #26 g_main_loop_run
    from /lib64/libglib-2.0.so.0
  • #27 bonobo_main
    from /usr/lib64/libbonobo-2.so.0
  • #28 main
    at main.c line 586
  • #0 waitpid
    from /lib64/libpthread.so.0


----------- .xsession-errors (8 sec old) ---------------------
(evolution:4188): libecal-WARNING **: e-cal.c:317: Unexpected response
(evolution:4188): e-data-server-DEBUG: Loading categories from "/home/torbjorn/.evolution/categories.xml"
(evolution:4188): e-data-server-DEBUG: Loaded 29 categories
(evolution:4188): libecal-WARNING **: e-cal.c:317: Unexpected response
(evolution:4188): libecal-WARNING **: e-cal.c:317: Unexpected response
calendar-gui-Message: Check if default client matches (1144237822.2427.9@torbjorn.diagenic.intern 1144237822.2427.9@torbjorn.diagenic.intern)
(evolution:4188): libecal-WARNING **: e-cal.c:317: Unexpected response
(evolution:4188): libecal-WARNING **: e-cal.c:317: Unexpected response
(evolution:4188): e-data-server-CRITICAL **: e_source_peek_uid: assertion `E_IS_SOURCE (source)' failed
--------------------------------------------------
Comment 1 Srinivasa Ragavan 2008-01-22 20:35:21 UTC
Created attachment 103485 [details] [review]
Itip-bits-rewrite
Comment 2 Srinivasa Ragavan 2008-01-22 20:39:52 UTC
See the Changelog of the reason it was crashing all time.

This fix isn't for this. But for quite a lot/all of itip-formatter crashes I saw in the stacktrace bug. The data/carrier the callbacks carried were freed. and it always pointed to some dangling pointer.

Andre, if you come across itip-formatter issues, please CC me or close it as dupe of this. I'm so sure of this.

Chen: For a detailed review :)
Comment 3 André Klapper 2008-01-25 01:22:06 UTC
srini: querying for "itip-formatter.c" brings up bug 510340, bug 501298, bug 493736, bug 490137, bug 457645, bug 447938, bug 355418, bug 355416.
Comment 4 Srinivasa Ragavan 2008-01-25 09:54:05 UTC
==30075== Invalid read of size 4
==30075==    at 0x61DA73D: idle_open_cb (itip-formatter.c:1596)
==30075==    by 0x5731C20: g_idle_dispatch (gmain.c:4142)
==30075==    by 0x57337D5: g_main_context_dispatch (gmain.c:2064)
==30075==    by 0x5736BC1: g_main_context_iterate (gmain.c:2697)
==30075==    by 0x5736FA6: g_main_loop_run (gmain.c:2905)
==30075==    by 0x4B97EA2: bonobo_main (bonobo-main.c:311)
==30075==    by 0x805E35A: main (main.c:719)
==30075==  Address 0x6DEBB00 is 96 bytes inside a block of size 160 free'd
==30075==    at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==30075==    by 0x573B6A0: g_free (gmem.c:187)
==30075==    by 0x609C6B0: em_format_html_remove_pobject (em-format-html.c:408)
==30075==    by 0x609C6EE: em_format_html_clear_pobject (em-format-html.c:416)
==30075==    by 0x609DE4B: efh_format_timeout (em-format-html.c:1371)
==30075==    by 0x60957E1: efhd_format_clone (em-format-html-display.c:1388)
==30075==    by 0x60A208C: em_format_set_inline (em-format.c:1029)
==30075==    by 0x6099113: efhd_attachment_show (em-format-html-display.c:1483)
==30075==    by 0x6099140: efhd_attachment_button_show (em-format-html-display.c:1489)
==30075==    by 0x56D424E: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==30075==    by 0x56C69B1: g_closure_invoke (gclosure.c:490)
==30075==    by 0x56DBB7C: signal_emit_unlocked_R (gsignal.c:2440)


==30075== Invalid read of size 4
==30075==    at 0x61D9D7D: view_response_cb (itip-formatter.c:1629)
==30075==    by 0x56D4EB4: g_cclosure_marshal_VOID(i_xx_t) (gmarshal.c:216)
==30075==    by 0x56C69B1: g_closure_invoke (gclosure.c:490)
==30075==    by 0x56DBB7C: signal_emit_unlocked_R (gsignal.c:2440)
==30075==    by 0x56DD717: g_signal_emit_valist (gsignal.c:2199)
==30075==    by 0x56DDB64: g_signal_emit (gsignal.c:2243)
==30075==    by 0x61DC183: button_clicked_cb (itip-view.c:779)
==30075==    by 0x56D424E: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==30075==    by 0x56C69B1: g_closure_invoke (gclosure.c:490)
==30075==    by 0x56DBB7C: signal_emit_unlocked_R (gsignal.c:2440)
==30075==    by 0x56DD717: g_signal_emit_valist (gsignal.c:2199)
==30075==    by 0x56DDB64: g_signal_emit (gsignal.c:2243)
==30075==  Address 0x6DEBABC is 28 bytes inside a block of size 160 free'd
==30075==    at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==30075==    by 0x573B6A0: g_free (gmem.c:187)
==30075==    by 0x609C6B0: em_format_html_remove_pobject (em-format-html.c:408)
==30075==    by 0x609C6EE: em_format_html_clear_pobject (em-format-html.c:416)
==30075==    by 0x609DE4B: efh_format_timeout (em-format-html.c:1371)
==30075==    by 0x60957E1: efhd_format_clone (em-format-html-display.c:1388)
==30075==    by 0x60A208C: em_format_set_inline (em-format.c:1029)
==30075==    by 0x6099113: efhd_attachment_show (em-format-html-display.c:1483)
==30075==    by 0x6099140: efhd_attachment_button_show (em-format-html-display.c:1489)
==30075==    by 0x56D424E: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==30075==    by 0x56C69B1: g_closure_invoke (gclosure.c:490)
==30075==    by 0x56DBB7C: signal_emit_unlocked_R (gsignal.c:2440)


Some of the issues that will be fixed with my patch, but not just limited to this :)
Comment 5 Chenthill P 2008-01-31 09:20:48 UTC
The fix looks good to commit and should solve a lot of crashers around this area.
Comment 6 Suman Manjunath 2008-02-05 13:28:46 UTC
Patch committed to SVN trunk as r34960
(http://svn.gnome.org/viewvc/evolution?view=revision&revision=34960)
Comment 7 Akhil Laddha 2008-03-24 13:48:14 UTC
*** Bug 510340 has been marked as a duplicate of this bug. ***
Comment 8 Akhil Laddha 2008-04-04 14:11:07 UTC
*** Bug 490137 has been marked as a duplicate of this bug. ***
Comment 9 Akhil Laddha 2008-04-24 15:00:59 UTC
*** Bug 493736 has been marked as a duplicate of this bug. ***