After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 612344 - Crash in html_object_prev_not_type at htmlobject.c line 1384
Crash in html_object_prev_not_type at htmlobject.c line 1384
Status: RESOLVED FIXED
Product: GtkHtml
Classification: Other
Component: Parsing
3.32.x
Other All
: Normal critical
: ---
Assigned To: gtkhtml-maintainers
gtkhtml-maintainers
Depends on:
Blocks:
 
 
Reported: 2010-03-09 21:40 UTC by v.merlin
Modified: 2010-12-01 15:09 UTC
See Also:
GNOME target: ---
GNOME version: 2.27/2.28

Attachments
gtkhtml patch (4.26 KB, patch)
2010-12-01 14:59 UTC, Milan Crha 		committed Details | Review

Description v.merlin 2010-03-09 21:40:41 UTC 
What were you doing when the application crashed?
I'v just clicked on "add link?" buttom.  


Distribution: Debian squeeze/sid
Gnome Release: 2.28.2 2009-12-18 (Debian)
BugBuddy Version: 2.28.0

System: Linux 2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10605000
Selinux: No
Accessibility: Disabled
GTK+ Theme: Litoral
Icon Theme: gnome
GTK+ Modules: gnomebreakpad, canberra-gtk-module

Memory status: size: 753844224 vsize: 753844224 resident: 72650752 share: 35532800 rss: 72650752 rss_rlim: 18446744073709551615
CPU usage: start_time: 1268168357 rtime: 2536 utime: 2270 stime: 266 cutime:0 cstime: 3 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

[Thread debugging using libthread_db enabled]
[New Thread 0x7f00426fe910 (LWP 3387)]
[New Thread 0x7f0040c24910 (LWP 3386)]
[New Thread 0x7f004414e910 (LWP 3236)]
[New Thread 0x7f004494f910 (LWP 3235)]
[New Thread 0x7f004535a910 (LWP 3233)]
[New Thread 0x7f0047817910 (LWP 3232)]
0x00007f005ce6051d in __libc_waitpid (pid=3733, 
    stat_loc=<value optimized out>, options=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:41
	in ../sysdeps/unix/sysv/linux/waitpid.c

+ Trace 220888

Thread 1 (Thread 0x7f00622057f0 (LWP 3214))

  • #0 __libc_waitpid
    at ../sysdeps/unix/sysv/linux/waitpid.c line 41
  • #1 g_spawn_sync
    from /lib/libglib-2.0.so.0
  • #2 g_spawn_command_line_sync
    from /lib/libglib-2.0.so.0
  • #3 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #4 <signal handler called>
  • #5 ??
  • #6 html_object_prev_not_type
    from /usr/lib/libgtkhtml-3.14.so.19
  • #7 ??
    from /usr/lib/libgtkhtml-3.14.so.19
  • #8 ??
    from /usr/lib/libgtkhtml-3.14.so.19
  • #9 gtkhtml_editor_link_properties_description_changed_cb
    from /usr/lib/libgtkhtml-editor.so.0
  • #10 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #11 ??
    from /usr/lib/libgobject-2.0.so.0
  • #12 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #13 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #14 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #15 gtk_entry_set_text
    from /usr/lib/libgtk-x11-2.0.so.0
  • #16 gtkhtml_editor_link_properties_show_window_cb
    from /usr/lib/libgtkhtml-editor.so.0
  • #17 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #18 ??
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #21 gtk_widget_show
    from /usr/lib/libgtk-x11-2.0.so.0
  • #22 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #23 ??
    from /usr/lib/libgobject-2.0.so.0
  • #24 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #25 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #26 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #27 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #28 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #29 ??
    from /usr/lib/libgobject-2.0.so.0
  • #30 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #31 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #32 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #33 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #34 ??
    from /usr/lib/libgobject-2.0.so.0
  • #35 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #36 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #37 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #38 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #39 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #40 ??
    from /usr/lib/libgobject-2.0.so.0
  • #41 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #42 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #43 ??
    from /usr/lib/libgtk-x11-2.0.so.0
  • #44 gtk_propagate_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #45 gtk_main_do_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #46 ??
    from /usr/lib/libgdk-x11-2.0.so.0
  • #47 g_main_context_dispatch
    from /lib/libglib-2.0.so.0
  • #48 ??
    from /lib/libglib-2.0.so.0
  • #49 g_main_loop_run
    from /lib/libglib-2.0.so.0
  • #50 bonobo_main
    from /usr/lib/libbonobo-2.so.0
  • #51 ??
  • #52 __libc_start_main
    at libc-start.c line 222
  • #53 ??
  • #54 ??
  • #55 ??
  • #56 ??
  • #57 ??
  • #58 ??
  • #59 ?? 
A debugging session is active.

	Inferior 1 [process 3214] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]


----------- .xsession-errors ---------------------
** (epiphany:3690): DEBUG: NP_Initialize
** (epiphany:3690): DEBUG: NP_Initialize succeeded
** (epiphany:3690): DEBUG: NP_Initialize
** (epiphany:3690): DEBUG: NP_Initialize succeeded
** (epiphany:3690): DEBUG: NP_Shutdown
** (epiphany:3690): DEBUG: NP_Initialize
** (epiphany:3690): DEBUG: NP_Initialize succeeded
** (epiphany:3690): DEBUG: NP_Shutdown
** (epiphany:3690): DEBUG: NP_Initialize
** (epiphany:3690): DEBUG: NP_Initialize succeeded
** (epiphany:3690): DEBUG: NP_Initialize
** (epiphany:3690): DEBUG: NP_Initialize succeeded
(evolution:3214): gtkhtml-editor-WARNING **: cs-CZ: No such language
41	../sysdeps/unix/sysv/linux/waitpid.c: Adresář nebo soubor neexistuje.
--------------------------------------------------
Comment 1 Akhil Laddha 2010-03-10 03:50:28 UTC 
Thanks for taking the time to report this bug.
Unfortunately, that stack trace is missing some elements that will help a lot
to solve the problem, so it will be hard for the developers to fix that crash.
Could you please install some debugging packages [1], start the application as
normal, and reproduce the crash, if possible?

Once bug-buddy pops up, you can find the stacktrace in the Details, now
containing way more information. Please copy that stacktrace and paste it as a
comment here. Thanks in advance!

[1] debugging packages for evolution, evolution-data-server, evolution-exchange, gtkhtml2, gtk2 and glib2 (as far as those packages are provided by your distribution). More details can be found here:
http://live.gnome.org/GettingTraces
Comment 2 Pedro Villavicencio 2010-03-25 12:10:10 UTC 
We got a similar backtrace at:

https://bugs.edge.launchpad.net/evolution/+bug/523300

".

+ Trace 221088

Thread 1 (process 2548)

  • #0 main_arena
    from /lib/libc.so.6
  • #1 html_object_prev_not_type
    at htmlobject.c line 1384
  • #2 normalize
    at htmlcursor.c line 84
  • #3 html_cursor_real_jump_to
    at htmlcursor.c line 590
  • #4 gtkhtml_editor_link_properties_description_changed_cb
    at gtkhtml-editor-signals.c line 1051
  • #5 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #6 ??
    from /usr/lib/libgobject-2.0.so.0
  • #7 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #8 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #9 end_change
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkentry.c line 2418
  • #10 IA__gtk_entry_set_text
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkentry.c line 6768
  • #11 gtkhtml_editor_link_properties_show_window_cb
    at gtkhtml-editor-signals.c line 1198
  • #12 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #13 ??
    from /usr/lib/libgobject-2.0.so.0
  • #14 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #15 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #16 IA__gtk_widget_show
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkwidget.c line 3194
  • #17 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #18 ??
    from /usr/lib/libgobject-2.0.so.0
  • #19 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #20 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #21 _gtk_action_emit_activate
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkaction.c line 755
  • #22 button_clicked
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtktoolbutton.c line 768
  • #23 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #24 ??
    from /usr/lib/libgobject-2.0.so.0
  • #25 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #26 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #27 gtk_real_button_released
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkbutton.c line 1723
  • #28 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #29 ??
    from /usr/lib/libgobject-2.0.so.0
  • #30 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #31 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #32 gtk_button_button_release
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkbutton.c line 1615
  • #33 _gtk_marshal_BOOLEAN__BOXED
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmarshalers.c line 84
  • #34 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #35 ??
    from /usr/lib/libgobject-2.0.so.0
  • #36 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #37 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #38 gtk_widget_event_internal
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkwidget.c line 4949
  • #39 IA__gtk_propagate_event
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmain.c line 2447
  • #40 IA__gtk_main_do_event
    at /build/buildd/gtk+2.0-2.19.5/gtk/gtkmain.c line 1647
  • #41 gdk_event_dispatch
    at /build/buildd/gtk+2.0-2.19.5/gdk/x11/gdkevents-x11.c line 2372
  • #42 g_main_context_dispatch
    from /lib/libglib-2.0.so.0
  • #43 ??
    from /lib/libglib-2.0.so.0
  • #44 g_main_loop_run
    from /lib/libglib-2.0.so.0
  • #45 bonobo_main
    at bonobo-main.c line 311
  • #46 main
    at main.c line 732 






Comment 3


Milan Crha





          2010-11-24 09:54:26 UTC
        



Downstream bug report about the same in 3.32.1:
https://bugzilla.redhat.com/show_bug.cgi?id=656346

Steps:
1. Copied text that was a hyperlink from a webpage.
2. Pasted into e-mail reply.
3. Highlighted already-linked text and clicked the insert link button.
4. Crash.






Comment 4


Milan Crha





          2010-12-01 14:59:47 UTC
        



Created attachment 175624 [details] [review]
gtkhtml patch

for gtkhtml;

I was able to reproduce this with steps from the previous comment. The issue was with the 'link_object', which was a cache of the object where the cursor was standing last time, with a link. Seeing its usage it was pretty unnecessary to cache this, so I removed it and it works as expected, as far as I can tell, even when pasting text, which is later normalized, which also means that particular object can be deleted, thus the cached object pointed to already freed memory.






Comment 5


Milan Crha





          2010-12-01 15:09:34 UTC
        



Created commit fdb840a in gtkhtml master (3.91.4+)
Created commit 39aacb8 in gtkhtml gnome-2-32 (3.32.2+)