After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 508462 - crash in Evolution Mail: replying to an email
crash in Evolution Mail: replying to an email
Status: RESOLVED DUPLICATE of bug 371011
Product: GtkHtml
Classification: Other
Component: Rendering
3.16.x
Other All
: High critical
: ---
Assigned To: Matthew Barnes
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2008-01-10 09:15 UTC by bugreports
Modified: 2008-01-22 14:25 UTC
See Also:
GNOME target: ---
GNOME version: 2.19/2.20

Attachments
Proposed patch (538 bytes, patch)
2008-01-22 14:09 UTC, Matthew Barnes 		none Details | Review

Description bugreports 2008-01-10 09:15:37 UTC 
What were you doing when the application crashed?
replying to an email


Distribution: Debian 3.1 (sarge)
Gnome Release: 2.20.2 2007-11-29 (Debian)
BugBuddy Version: 2.20.1

System: Linux 2.6.24-rc7-sonne #6 SMP PREEMPT Tue Jan 8 12:50:30 CET 2008 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10400090
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: gnome

Memory status: size: 235716608 vsize: 235716608 resident: 104185856 share: 34889728 rss: 104185856 rss_rlim: 4294967295
CPU usage: start_time: 1199906279 rtime: 12169 utime: 9229 stime: 2940 cutime:62 cstime: 27 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb67636b0 (LWP 10848)]
[New Thread 0xb28feb90 (LWP 11109)]
[New Thread 0xb06fbb90 (LWP 11108)]
[New Thread 0xb0efcb90 (LWP 11107)]
[New Thread 0xb16fdb90 (LWP 11105)]
[New Thread 0xb1efeb90 (LWP 11055)]
[New Thread 0xb26ffb90 (LWP 11052)]
[New Thread 0xb30ffb90 (LWP 11007)]
[New Thread 0xb3a8ab90 (LWP 10955)]
[New Thread 0xb432cb90 (LWP 10935)]
[New Thread 0xb4b2db90 (LWP 10934)]
[New Thread 0xb5347b90 (LWP 10927)]
0xb7f54410 in __kernel_vsyscall ()

+ Trace 184763

Thread 1 (Thread 0xb67636b0 (LWP 10848))

  • #0 __kernel_vsyscall
  • #1 waitpid
    from /lib/i686/cmov/libpthread.so.0
  • #2 IA__g_spawn_sync
    at /tmp/buildd/glib2.0-2.14.4/glib/gspawn.c line 369
  • #3 IA__g_spawn_command_line_sync
    at /tmp/buildd/glib2.0-2.14.4/glib/gspawn.c line 677
  • #4 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #5 segv_redirect
    at main.c line 413
  • #6 <signal handler called>
  • #7 undo_or_redo
    at htmlengine-edit-clueflowstyle.c line 210
  • #8 html_undo_do_undo
    at htmlundo.c line 160
  • #9 html_engine_undo
    at htmlengine-edit.c line 71
  • #10 gtk_html_undo
    at gtkhtml.c line 4393
  • #11 command
    at gtkhtml.c line 4884
  • #12 gtk_html_command
    at gtkhtml.c line 5701
  • #13 command_cb
    at menubar.c line 541
  • #14 ??
    from /usr/lib/libbonoboui-2.so.0
  • #15 ??
  • #16 ??
  • #17 ??
  • #18 ??
  • #19 ??
  • #20 ??
    from /usr/lib/libglib-2.0.so.0
  • #21 ??
  • #22 ??
    from /usr/lib/libgobject-2.0.so.0
  • #23 ??
    from /usr/lib/libbonoboui-2.so.0
  • #24 ??
  • #25 ??
  • #26 IA__g_closure_invoke
    at /tmp/buildd/glib2.0-2.14.4/gobject/gclosure.c line 490
  • #0 __kernel_vsyscall 


----------- .xsession-errors (6 sec old) ---------------------
sleeping 60 seconds...
evolution-shell-Message: Killing old version of evolution-data-server...
sleeping 60 seconds...
sleeping 60 seconds...
evolution-shell-Message: Killing old version of evolution-data-server...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
sleeping 60 seconds...
(evolution:10848): gtkhtml-WARNING **: (htmlengine-edit-clueflowstyle.c:)  There were not enough paragraphs for setting the paragraph style.
--------------------------------------------------
Comment 1 Matthew Barnes 2008-01-22 14:06:19 UTC 
Can't reproduce this but here's what might be happening:

    while (p != NULL) {
        if (HTML_OBJECT_TYPE (obj->parent) != HTML_TYPE_CLUEFLOW) {
            ...
        }

        ...

        p = p->next;
        if (p == NULL)
            break;

        /* Go forward object by object, until we find one
           whose parent (i.e. paragraph) is different.  */
        do {
            if (op->forward)
                obj = html_object_next_leaf (obj);
            else
                obj = html_object_prev_leaf (obj);

            if (obj == NULL) {
                /* This should not happen.  */
                g_warning ("(%s:%s)  There were not enough paragraphs for "
                           "setting the paragraph style.",
                           __FILE__, G_GNUC_FUNCTION);
                break;
             }
        } while (obj != NULL && HTML_CLUEFLOW (obj->parent) == clueflow);
    }

The xsession log shows we hit the warning, so we know (obj == NULL) and (p != NULL).  So the next thing that happens is we break out of the inner loop and start a new iteration of the outer loop (since p != NULL).  First thing the outer loop does is dereference 'obj' (which is NULL).  There's your crash.

The outer loop condition should be (p != NULL && obj != NULL).
Comment 2 Matthew Barnes 2008-01-22 14:09:44 UTC 
Created attachment 103439 [details] [review]
Proposed patch

This just fixes the condition that causes the crash.  It doesn't explain why we're hitting the warning which, according to the code, "should not happen."
Comment 3 Matthew Barnes 2008-01-22 14:21:40 UTC 

*** This bug has been marked as a duplicate of 371011 ***
Comment 4 Matthew Barnes 2008-01-22 14:25:25 UTC 
Obsoleteing the patch here and reposting to bug #371011.