After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 634971 - Crash in update_cache() due to freed backend
Crash in update_cache() due to freed backend
Status: RESOLVED FIXED
Product: Evolution Exchange
Classification: Deprecated
Component: Connector
2.32.x
Other Linux
: Normal critical
: ---
Assigned To: Milan Crha
Ximian Connector QA
Depends on:
Blocks:
 
 
Reported: 2010-11-16 07:23 UTC by Milan Crha
Modified: 2011-06-23 11:16 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
eex patch (6.97 KB, patch)
2011-06-23 11:13 UTC, Milan Crha 		committed Details | Review

Description Milan Crha 2010-11-16 07:23:35 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=653715

abrt version: 1.1.13
architecture: i686
Attached file: backtrace
cmdline: /usr/libexec/e-addressbook-factory
component: evolution-data-server
crash_function: g_type_check_instance_cast
executable: /usr/libexec/e-addressbook-factory
kernel: 2.6.35.6-48.fc14.i686
package: evolution-data-server-2.32.0-3.fc14
rating: 4
reason: Process /usr/libexec/e-addressbook-factory was killed by signal 11
(SIGSEGV)
release: Fedora release 14 (Laughlin)
How to reproduce: 1. Just viewing e-mail.
time: 1289871006
uid: 15162

Core was generated by `/usr/libexec/e-addressbook-factory'.
Program terminated with signal 11, Segmentation fault.

+ Trace 224699

Thread 1 (Thread 2238)

  • #0 g_type_check_instance_cast
    at gtype.c line 3969
  • #1 update_cache
    at e-book-backend-exchange.c line 667
  • #2 g_thread_create_proxy
    at gthread.c line 1897
  • #3 start_thread
    at pthread_create.c line 301
  • #4 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 133 






Comment 1


Milan Crha





          2011-06-16 07:26:32 UTC
        



Similar crash from 3.0.2:
https://bugzilla.redhat.com/show_bug.cgi?id=713627





+
Trace
    227494






Thread 1
          (Thread 0x7f3897fff700 (LWP 22815))


    

  • 
#0
__pthread_mutex_lock

    
                at pthread_mutex_lock.c
                  line
                  51

    

    • 

  • 
#1
update_cache

    
                at e-book-backend-exchange.c
                  line
                  668

    

    • 

  • 
#2
g_thread_create_proxy

    
                at gthread.c
                  line
                  1955

    

    • 

  • 
#3
start_thread

    
                at pthread_create.c
                  line
                  305

    

    • 

  • 
#4
clone

    
                at ../sysdeps/unix/sysv/linux/x86_64/clone.S
                  line
                  115

    

    • 













Comment 2


Milan Crha





          2011-06-23 11:13:37 UTC
        



Created attachment 190508 [details] [review]
eex patch

for evolution-exchange;

Going through the code I think I see what happened here. the update_cache() (or build_cache()) function is called in a dedicated thread and it doesn't care about the exchange backend itself, it just expects it being alive for the whole time the function is run, but because it's in a separate thread then the backend can be freed meanwhile, which I believe happened here. This patch makes sure that the backend will not be freed before the function call is finished. I made same changes on similar places in eex aswell.






Comment 3


Milan Crha





          2011-06-23 11:16:02 UTC
        



Created commit 797dec8 in eex master (3.1.3+)
Created commit 138e2a2 in eex gnome-3-0 (3.0.3+)