Bug 482940 – evolution crashed with SIGSEGV in strstr()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 482940 - evolution crashed with SIGSEGV in strstr()


Summary:	evolution crashed with SIGSEGV in strstr()


Status:	RESOLVED FIXED

Product:	evolution
Classification:	Applications
Component:	Mailer
Version:	2.12.x (obsolete)
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Srinivasa Ragavan
QA Contact:	Evolution QA team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2007-10-03 13:29 UTC by Pedro Villavicencio
Modified:	2008-01-24 01:35 UTC

See Also:
GNOME target:	---
GNOME version:	2.21/2.22

Attachments
Proposed patch (2.06 KB, patch) 2008-01-22 06:40 UTC, Srinivasa Ragavan	accepted-commit_now	Details \| Review

Description Pedro Villavicencio 2007-10-03 13:29:27 UTC

This bug has been filled here:

https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/148545

"evolution crashes after start.
I am storing my mails in a maildir.
feisty's evolotuion has got a memoryleak in same situation"

".

+ Trace 167398

Thread 7 (process 22648)

#0 __kernel_vsyscall
#1 poll
from /lib/tls/i686/cmov/libc.so.6
#2 _XWaitForReadable
at ../../src/XlibInt.c line 509
#3 _XRead
at ../../src/XlibInt.c line 1099
#4 _XReply
at ../../src/XlibInt.c line 1730
#5 XGetImage
at ../../src/GetImage.c line 75
#6 _get_image_surface
at /build/buildd/libcairo-1.4.10/src/cairo-xlib-surface.c line 552
#7 _cairo_xlib_surface_acquire_dest_image
at /build/buildd/libcairo-1.4.10/src/cairo-xlib-surface.c line 862
#8 _cairo_surface_acquire_dest_image
at /build/buildd/libcairo-1.4.10/src/cairo-surface.c line 966
#9 _fallback_init
at /build/buildd/libcairo-1.4.10/src/cairo-surface-fallback.c line 78
#10 _cairo_surface_fallback_composite
at /build/buildd/libcairo-1.4.10/src/cairo-surface-fallback.c line 1098
#11 _cairo_surface_composite
at /build/buildd/libcairo-1.4.10/src/cairo-surface.c line 1165
#12 _clip_and_composite_trapezoids
at /build/buildd/libcairo-1.4.10/src/cairo-surface-fallback.c line 448
#13 _cairo_surface_fallback_fill
at /build/buildd/libcairo-1.4.10/src/cairo-surface-fallback.c line 907
#14 _cairo_surface_fill
at /build/buildd/libcairo-1.4.10/src/cairo-surface.c line 1454
#15 _cairo_gstate_fill
at /build/buildd/libcairo-1.4.10/src/cairo-gstate.c line 1044
#16 *INT_cairo_fill_preserve
at /build/buildd/libcairo-1.4.10/src/cairo.c line 2096
#17 cairo_fill
at /build/buildd/libcairo-1.4.10/src/cairo.c line 2072
#18 ubuntulooks_draw_list_selection
at ./src/ubuntulooks_draw.c line 2221
#19 draw_flat_box
at ./src/ubuntulooks_style.c line 139
#20 IA__gtk_paint_flat_box
at /build/buildd/gtk+2.0-2.12.0/gtk/gtkstyle.c line 5918
#21 gtk_tree_view_expose
at /build/buildd/gtk+2.0-2.12.0/gtk/gtktreeview.c line 4555
#22 _gtk_marshal_BOOLEAN__BOXED
at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmarshalers.c line 84
#23 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.14.1/gobject/gclosure.c line 567
#24 IA__g_closure_invoke
at /build/buildd/glib2.0-2.14.1/gobject/gclosure.c line 490
#25 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.14.1/gobject/gsignal.c line 2478
#26 IA__g_signal_emit_valist
at /build/buildd/glib2.0-2.14.1/gobject/gsignal.c line 2209
#27 IA__g_signal_emit
at /build/buildd/glib2.0-2.14.1/gobject/gsignal.c line 2243
#28 gtk_widget_event_internal
at /build/buildd/gtk+2.0-2.12.0/gtk/gtkwidget.c line 4675
#29 IA__gtk_main_do_event
at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c line 1495
#30 gdk_window_process_updates_internal
at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c line 2378
#31 IA__gdk_window_process_all_updates
at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c line 2442
#32 gdk_window_update_idle
at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c line 2288
#33 gdk_threads_dispatch
at /build/buildd/gtk+2.0-2.12.0/gdk/gdk.c line 470
#34 g_idle_dispatch
at /build/buildd/glib2.0-2.14.1/glib/gmain.c line 4132
#35 IA__g_main_context_dispatch
at /build/buildd/glib2.0-2.14.1/glib/gmain.c line 2061
#36 g_main_context_iterate
at /build/buildd/glib2.0-2.14.1/glib/gmain.c line 2694
#37 IA__g_main_loop_run
at /build/buildd/glib2.0-2.14.1/glib/gmain.c line 2898
#38 bonobo_main
at bonobo-main.c line 311
#39 main
at main.c line 602
#40 __libc_start_main
from /lib/tls/i686/cmov/libc.so.6
#41 _start

Comment 1 Frederic Crozat 2007-11-27 17:34:02 UTC

Here is a similar stacktrace  obtained with evolution 2.12.0 on Mandriva 2008.0 :

(evolution:6966): camel-CRITICAL **: camel_index_add_name: assertion `CAMEL_IS_INDEX (idx)' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1279849584 (LWP 6973)]
0xb655b767 in strstr () from /lib/i686/libc.so.6

(gdb) thread apply all bt

+ Trace 179850

Thread 1 (Thread -1236785440 (LWP 6966))

#0 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#1 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#2 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#3 pango_ot_ruleset_position
from /usr/lib/libpangoft2-1.0.so.0
#4 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#5 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#6 pango_shape
from /usr/lib/libpango-1.0.so.0
#7 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#8 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#9 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#10 pango_layout_get_line_count
from /usr/lib/libpango-1.0.so.0
#11 build_layout
at e-cell-text.c line 620
#12 generate_layout
at e-cell-text.c line 662
#13 ect_draw
at e-cell-text.c line 779
#14 e_cell_draw
at e-cell.c line 273
#15 eti_draw
at e-table-item.c line 1999
#16 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#17 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#18 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 84
#19 g_type_class_meta_marshal
at gclosure.c line 567
#20 IA__g_closure_invoke
at gclosure.c line 490
#21 signal_emit_unlocked_R
at gsignal.c line 2478
#22 IA__g_signal_emit_valist
at gsignal.c line 2209
#23 IA__g_signal_emit
at gsignal.c line 2243
#24 gtk_widget_event_internal
at gtkwidget.c line 4675
#25 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#26 g_cclosure_marshal_VOID__BOOLEAN
at gmarshal.c line 89
#27 g_idle_dispatch
at gmain.c line 4132
#28 IA__g_main_context_dispatch
at gmain.c line 2061
#29 g_main_context_iterate
at gmain.c line 2694
#30 IA__g_main_loop_run
at gmain.c line 2898
#31 bonobo_main
at bonobo-main.c line 311
#32 main
at main.c line 602
#33 __libc_start_main
from /lib/i686/libc.so.6
#34 _start

Comment 2 Tobias Mueller 2007-11-28 23:46:13 UTC

At least the second bug should be bug 339602. But I'm not sure about the original stacktrace. If it is bug 339602, we should dup it on this NEW one according to bug 339602 comment 79.

Comment 3 Srinivasa Ragavan 2008-01-22 06:26:01 UTC

The main problem in both the bugs is that, local_summary_check is called by two thread. where as it doesn't seem to be thread safe.

Sigh.

Comment 4 Srinivasa Ragavan 2008-01-22 06:40:33 UTC

Created attachment 103404 [details] [review]
Proposed patch

Comment 5 Srinivasa Ragavan 2008-01-24 01:35:08 UTC

Committed to trunk.