GNOME Bugzilla – Bug 540269
Evolution crashes in em-format.c:em_format_is_attachment() if called for an empty message
Last modified: 2013-09-13 00:58:53 UTC
What were you doing when the application crashed? Just for fun, I tried "Compose in external editor" from the File menu. It hung Evolution; I went and killed the child `vim` process and then evo crashed. How about that. Glancing at the .xsession-errors part of the crash, it's interesting to see it having tried to start vim, but presumably not having had a terminal to do so in. Hmm. AfC Distribution: Gentoo Base System release 1.12.11.1 Gnome Release: 2.22.2 2008-06-03 (Gentoo) BugBuddy Version: 2.22.0 System: Linux 2.6.24-gentoo-r8 #1 SMP Fri May 16 22:55:49 EST 2008 i686 X Vendor: The X.Org Foundation X Vendor Release: 10402000 Selinux: No Accessibility: Disabled GTK+ Theme: Cillop-Mediterranean Icon Theme: gnome Memory status: size: 129499136 vsize: 129499136 resident: 53235712 share: 22171648 rss: 53235712 rss_rlim: 4294967295 CPU usage: start_time: 1214464837 rtime: 447 utime: 399 stime: 48 cutime:22 cstime: 9 timeout: 0 it_real_value: 0 frequency: 100 Backtrace was generated from '/usr/bin/evolution' [Thread debugging using libthread_db enabled] [New Thread 0xb5a846e0 (LWP 25423)] [New Thread 0xb3c6db90 (LWP 25545)] [New Thread 0xb447fb90 (LWP 25543)] [New Thread 0xb345eb90 (LWP 25429)] 0xffffe410 in __kernel_vsyscall ()
+ Trace 201420
Thread 1 (Thread 0xb5a846e0 (LWP 25423))
----------- .xsession-errors (14 sec old) --------------------- Vim: Warning: Output is not to a terminal Vim: Warning: Input is not from a terminal [m[m[0m[H[2J[24;1H"/tmp/evolution-composer" "/tmp/evolution-composer" 10L, 438C[1;1H[1m[36m###|||Insert , seperated TO addresses below this line. Do not delete this line. [3;1H###||| Insert ###|||Insert BODY of mail below this line. Do not delete this line.[0m [1m[34m~ [12;1H~ [13;1H~ Vim: Finished. [24;1H (evolution:25423): camel-CRITICAL **: camel_object_is: assertion `o != NULL' failed (evolution:25423): camel-CRITICAL **: camel_object_is: assertion `o != NULL' failed (evolution:25423): camel-CRITICAL **: camel_data_wrapper_get_mime_type: assertion `CAMEL_IS_DATA_WRAPPER (data_wrapper)' failed --------------------------------------------------
P.S. If someone could tell me how to configure things [debugedit? Some gdb setting? Something in Bug Buddy?] so that function call stacks aren't included in stack traces I'd appreciate it. It rather dampens the signal to noise ratio. AfC
*** Bug 524774 has been marked as a duplicate of this bug. ***
*** Bug 532201 has been marked as a duplicate of this bug. ***
I'm hitting the same issue with 2.22. Pretty easy to reproduce. Just hit File->Compose with external editor. muelli@rootbox ~ $ evolution CalDAV Eplugin starting up ... libnm_glib_nm_state_cb: dbus returned an error. (org.freedesktop.DBus.Error.ServiceUnknown) The name org.freedesktop.NetworkManager was not provided by any .service files (evolution:10354): composer-CRITICAL **: set_editor_signature: assertion `account != NULL' failed restoring draft flag 'text/plain' (evolution:10354): gtkhtml-WARNING **: No such file or directory (evolution:10354): e-data-server-DEBUG: Loading categories from "/home/muelli/.evolution/categories.xml" (evolution:10354): e-data-server-DEBUG: Loaded 29 categories external_editor plugin is launched /bin/nano: unrecognized option `--nofork' Usage: nano [OPTIONS] [[+LINE,COLUMN] FILE]... Option GNU long option Meaning -h, -? --help Show this message +LINE,COLUMN Start at line LINE, column COLUMN -A --smarthome Enable smart home key -B --backup Save backups of existing files -C <dir> --backupdir=<dir> Directory for saving unique backup files -D --boldtext Use bold instead of reverse video text -E --tabstospaces Convert typed tabs to spaces -F --multibuffer Enable multiple file buffers -H --historylog Log & read search/replace string history -I --ignorercfiles Don't look at nanorc files -K --rebindkeypad Fix numeric keypad key confusion problem -L --nonewlines Don't add newlines to the ends of files -N --noconvert Don't convert files from DOS/Mac format -O --morespace Use one more line for editing -Q <str> --quotestr=<str> Quoting string -R --restricted Restricted mode -S --smooth Smooth scrolling -T <#cols> --tabsize=<#cols> Set width of a tab to #cols columns -U --quickblank Do quick statusbar blanking -V --version Print version information and exit -W --wordbounds Detect word boundaries more accurately -Y <str> --syntax=<str> Syntax definition to use for coloring -c --const Constantly show cursor position -d --rebinddelete Fix Backspace/Delete confusion problem -i --autoindent Automatically indent new lines -k --cut Cut from cursor to end of line -l --nofollow Don't follow symbolic links, overwrite -m --mouse Enable the use of the mouse -o <dir> --operatingdir=<dir> Set operating directory -p --preserve Preserve XON (^Q) and XOFF (^S) keys -r <#cols> --fill=<#cols> Set wrapping point at column #cols -s <prog> --speller=<prog> Enable alternate speller -t --tempfile Auto save on exit, don't prompt -v --view View mode (read-only) -w --nowrap Don't wrap long lines -x --nohelp Don't show the two help lines -z --suspend Enable suspension -a, -b, -e, -f, -g, -j (ignored, for Pico compatibility) external editor works like a charm stripped off token[1] is : stripped off token[2] is : stripped off token[3] is : stripped off token[4] is : stripped off token[5] is : (evolution:10354): composer-CRITICAL **: set_editor_signature: assertion `account != NULL' failed (evolution:10354): camel-CRITICAL **: camel_object_is: assertion `o != NULL' failed (evolution:10354): camel-CRITICAL **: camel_object_is: assertion `o != NULL' failed (evolution:10354): camel-CRITICAL **: camel_data_wrapper_get_mime_type: assertion `CAMEL_IS_DATA_WRAPPER (data_wrapper)' failed Stacktrace: Native stacktrace: /usr/lib/libmono.so.0 [0xb6d08469] /usr/lib/libmono.so.0 [0xb6d26051] /usr/lib/libmono.so.0 [0xb6cb6e48] [0xffffe440] Debug info from gdb: Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 0xb5d7db00 (LWP 10354)] [New Thread 0xb1df0b90 (LWP 10623)] [New Thread 0xb1634b90 (LWP 10622)] [New Thread 0xb3664b90 (LWP 10365)] [New Thread 0xb5103b90 (LWP 10357)] [New Thread 0xb5127b90 (LWP 10356)] 0xffffe410 in __kernel_vsyscall () 6 Thread 0xb5127b90 (LWP 10356) 0xffffe410 in __kernel_vsyscall () 5 Thread 0xb5103b90 (LWP 10357) 0xffffe410 in __kernel_vsyscall () 4 Thread 0xb3664b90 (LWP 10365) 0xffffe410 in __kernel_vsyscall () 3 Thread 0xb1634b90 (LWP 10622) 0xffffe410 in __kernel_vsyscall () 2 Thread 0xb1df0b90 (LWP 10623) 0xffffe410 in __kernel_vsyscall () 1 Thread 0xb5d7db00 (LWP 10354) 0xffffe410 in __kernel_vsyscall ()
+ Trace 201519
Thread 1 (Thread 0xb5d7db00 (LWP 10354))
================================================================= Got a SIGSEGV while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. ================================================================= Aborted muelli@rootbox ~ $ echo $VISUAL muelli@rootbox ~ $ echo $EDITOR /bin/nano muelli@rootbox ~ $ Please notice that it tried to launch nano with a bad option. Does it assume vi to be the editor? Also I had clicked that "Compose in external editor" from Contacts view. Does it make sense to provide that option in contacts view anyway?
I guess, I caught the crasher. The crashing function is int em_format_is_attachment(EMFormat *emf, CamelMimePart *part) { /*CamelContentType *ct = camel_mime_part_get_content_type(part);*/ CamelDataWrapper *dw = camel_medium_get_content_object((CamelMedium *)part); /*printf("checking is attachment %s/%s\n", ct->type, ct->subtype);*/ return !(camel_content_type_is (dw->mime_type, "multipart", "*") .... and dw is NULL. (gdb) where
+ Trace 201527
$5 = (CamelDataWrapper *) 0x0 (gdb) call camel_mime_part_get_content_type(part) $6 = (CamelContentType *) 0x833acb0 (gdb) call camel_mime_part_get_content_type(part)->type $7 = 0x86589f0 "text" (gdb) call camel_mime_part_get_content_type(part)->subtype $8 = 0x86761f0 "plain" (gdb)
Created attachment 113529 [details] [review] patch which checks whether dw is NULL Pretty simple patch, but I can't test it :( I hope to get the semantics right by returning true, to consider it an attachment.
Sankar, you need to look at it IMM.
Milan, can you review it?
I cannot reproduce it with evolution revision 35743. It doesn't crash but neither opens the composer. I can see my "nano" on the console, but it doesn't response, same as vim (I installed vim, do you believe?). Then I tried to set the editor to gedit and then it crashed, but in totally different place:
+ Trace 203985
It seems like totally different issue than the above. ---------------------------------------------------------------------------- Nonetheless, I think the check can be done there, but as far as I can tell, the dw can be NULL for those cases where there is empty body. Thus do not do the g_return_val_if_fail there, do rather if (!dw) return 0; It's fine to just do this, add ChangeLog and commit to trunk, from my point of view. If you wish, you cn upload modified version before commit, I'll leave it up on you.
*** Bug 557306 has been marked as a duplicate of this bug. ***
Tobias, ping
*** Bug 565537 has been marked as a duplicate of this bug. ***
Similar crash in 2.25.5, that seems to have happened while just switching folders. (My guess is evolution tried to render a mail that was already moved to another folder.) That implies the summary of this bug is too narrow. Anyway, gdb tells me: (gdb) bt
+ Trace 212086
$10 = (EMFormat *) 0x950be78 (gdb) print part $11 = (CamelMimePart *) 0xa9c9400 (gdb) print *part $12 = {parent_object = {parent_object = {parent_object = {klass = 0x9b11b20, magic = 2007188717, hooks = 0x0, ref_count = 1, flags = 0, next = 0x9d4ea38, prev = 0x0}, priv = 0xa31c860, encoding = CAMEL_TRANSFER_ENCODING_DEFAULT, mime_type = 0xb16a2d0, stream = 0x0, offline = 0}, content = 0x0}, headers = 0x0, description = 0x0, disposition = 0x0, content_id = 0x0, content_MD5 = 0x0, content_location = 0x0, content_languages = 0x0, encoding = CAMEL_TRANSFER_ENCODING_DEFAULT} (gdb) p dw $13 = (CamelDataWrapper *) 0x0 Nothing that invalidates comment #9 here. So, I guess this should count as a ping for Tobias too. Tobias, feel free to claim to be busy, uninterested, whatever, and I'm happy to commit the three lines (and ChangeLog administratrivia) that Milan suggested. (Bumping version. Attempted to adjusting summary too.)
Shouldn't the description of camel_medium_get_content_object() be updated too? Currently it reads: /** * camel_medium_get_content_object: * @medium: a #CamelMedium object * * Getss a data wrapper that represents the content of the medium, * without its headers. * * Returns: a #CamelDataWrapper containing @medium's content **/ Should I (fix one typo and) add the possibility of a NULL return value?
Sounds good. Go for it and attach a patch :)
i got same crash today with master. any update on patch ?
Created commit b9149e4 in evo master. Created commit bdbcdf0 in eds master.
*** Bug 582590 has been marked as a duplicate of this bug. ***
*** Bug 560461 has been marked as a duplicate of this bug. ***