After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 641711 - Crash in remove_queued_alarm
Crash in remove_queued_alarm
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Calendar
3.6.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-calendar-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2011-02-07 10:42 UTC by Milan Crha
Modified: 2013-06-25 12:35 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
evo patch (3.87 KB, patch)
2013-06-25 12:32 UTC, Milan Crha
committed Details | Review

Description Milan Crha 2011-02-07 10:42:44 UTC
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=675589

abrt version: 1.1.14
architecture: i686
Attached file: backtrace
cmdline: /usr/libexec/evolution/2.32/evolution-alarm-notify
comment: the aplett is just notifiying me about an appointment
component: evolution
crash_function: remove_queued_alarm
executable: /usr/libexec/evolution/2.32/evolution-alarm-notify
kernel: 2.6.35.10-74.fc14.i686.PAE
package: evolution-2.32.1-1.fc14
rating: 4
reason: Process /usr/libexec/evolution/2.32/evolution-alarm-notify was killed
by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1297025413
uid: 500

How to reproduce
-----
1. the aplett is just notifiying me about an appointment

Core was generated by `/usr/libexec/evolution/2.32/evolution-alarm-notify'.
Program terminated with signal 11, Segmentation fault.

Thread 1 (Thread 2601)

  • #0 remove_queued_alarm
    at alarm-queue.c line 322
  • #1 tray_list_remove_async
    at alarm-queue.c line 1130
  • #2 message_push
    at alarm-queue.c line 183
  • #3 tray_list_remove_icons
    at alarm-queue.c line 1158
  • #4 notify_dialog_cb
    at alarm-queue.c line 1264
  • #5 dialog_response_cb
    at alarm-notify-dialog.c line 143
  • #6 g_cclosure_marshal_VOID__INT
    at gmarshal.c line 218
  • #7 g_closure_invoke
    at gclosure.c line 766
  • #8 signal_emit_unlocked_R
    at gsignal.c line 3252
  • #9 g_signal_emit_valist
    at gsignal.c line 2983
  • #10 g_signal_emit
    at gsignal.c line 3040
  • #11 IA__gtk_dialog_response
    at gtkdialog.c line 932
  • #12 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 79
  • #13 g_closure_invoke
    at gclosure.c line 766
  • #14 signal_emit_unlocked_R
    at gsignal.c line 3252
  • #15 g_signal_emit_valist
    at gsignal.c line 2983
  • #16 g_signal_emit
    at gsignal.c line 3040
  • #17 IA__gtk_button_clicked
    at gtkbutton.c line 1128
  • #18 gtk_real_button_released
    at gtkbutton.c line 1725
  • #19 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 79
  • #20 g_type_class_meta_marshal
    at gclosure.c line 877
  • #21 g_closure_invoke
    at gclosure.c line 766
  • #22 signal_emit_unlocked_R
    at gsignal.c line 3182
  • #23 g_signal_emit_valist
  • #24 g_signal_emit
    at gsignal.c line 3040
  • #25 gtk_button_released
    at gtkbutton.c line 1120
  • #26 gtk_button_button_release
    at gtkbutton.c line 1617
  • #27 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 86
  • #28 g_type_class_meta_marshal
    at gclosure.c line 877
  • #29 g_closure_invoke
    at gclosure.c line 766
  • #30 signal_emit_unlocked_R
    at gsignal.c line 3290
  • #31 g_signal_emit_valist
    at gsignal.c line 2993
  • #32 g_signal_emit
    at gsignal.c line 3040
  • #33 gtk_widget_event_internal
    at gtkwidget.c line 4992
  • #34 IA__gtk_propagate_event
    at gtkmain.c line 2460
  • #35 IA__gtk_main_do_event
    at gtkmain.c line 1665
  • #36 gdk_event_dispatch
    at gdkevents-x11.c line 2377
  • #37 g_main_dispatch
    at gmain.c line 2149
  • #38 g_main_context_dispatch
    at gmain.c line 2702
  • #39 g_main_context_iterate
    at gmain.c line 2780
  • #40 g_main_loop_run
    at gmain.c line 2988
  • #41 IA__gtk_main
    at gtkmain.c line 1237
  • #42 main
    at notify-main.c line 118

Comment 1 Reinout van Schouwen 2011-06-23 12:19:00 UTC
Multiple duplicates on RH bugzilla ( https://bugzilla.redhat.com/show_bug.cgi?id=675589 )
Also for version 3.0.x.
Comment 2 Milan Crha 2011-11-28 10:01:41 UTC
Possible reproducer and analysis from the downstream bug by Ramon de C Valle:

After a brief analysis of the source code, a way to reproduce this issue is:

 1. Open Evolution
 2. Create a new appointment
 3. Set an alarm for this event
 4. Wait the alarm to be triggered
 5. Wait the pop up to close
 6. Without iteracting with the tray icon of the alam, delete both the alarm
and the appointment in Evolution
 7. Click in the tray icon of the alarm

A dump will be created at /var/spool/abrt directory.

[...]

    300 
    301  d(printf("%s:%d (remove_queued_alarm) \n",__FILE__, __LINE__));
    302 
    303  for (l = cqa->queued_alarms; l; l = l->next) {
    304   qa = l->data;
    305   if (qa->alarm_id == alarm_id)
    306    break;
    307  }
    308 
    309  if (!l)
    310   return FALSE;
    311 
    312  cqa->queued_alarms = g_slist_delete_link (cqa->queued_alarms, l);
    313 

[...]

In remove_queued_alarm function, it does not check if the component still
exists or, if this was the last queued alarm for this component, if the
component was not already removed.
Comment 3 Milan Crha 2011-11-28 13:29:18 UTC
I tried to reproduce this on current git master, which is after 3.3.2, and I cannot let it crash with the above steps. I also tried to run evolution-alarm-notify under valgrind, but it doesn't show any issue with memory. If I just add an event with alarm, which can trigger the alarm and show me the notification icon, then keeping the icon as is and deleting the appointment leads to no action when clicking the notification icon with the left mouse button, because tray_icon_clicked_cb() function checks how many alarms are stored, with g_list_length (tray_icons_list) > 0 , and if there is none then it just ignores the request. Clicking with the right button removes the icon from the notification tray.
Comment 4 Milan Crha 2012-01-04 11:24:28 UTC
Downstream bug report from 3.2.2:
https://bugzilla.redhat.com/show_bug.cgi?id=771392

Thread 1 (Thread 0xb7863880 (LWP 13866))

  • #0 remove_queued_alarm
    at alarm-queue.c line 353
  • #1 tray_list_remove_async
    at alarm-queue.c line 1244
  • #2 message_push
    at alarm-queue.c line 201
  • #3 tray_list_remove_icons
    at alarm-queue.c line 1276
  • #4 notify_dialog_cb
    at alarm-queue.c line 1388
  • #5 dialog_response_cb
    at alarm-notify-dialog.c line 164
  • #6 g_cclosure_marshal_VOID__INT
    at gmarshal.c line 224
  • #7 g_closure_invoke
    at gclosure.c line 774
  • #8 signal_emit_unlocked_R
    at gsignal.c line 3272
  • #9 g_signal_emit_valist
    at gsignal.c line 3003
  • #10 g_signal_emit
    at gsignal.c line 3060
  • #11 gtk_dialog_response
    from /usr/lib/libgtk-3.so.0
  • #12 ??
    from /usr/lib/libgtk-3.so.0
  • #13 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 85
  • #14 g_closure_invoke
    at gclosure.c line 774
  • #15 signal_emit_unlocked_R
    at gsignal.c line 3272
  • #16 g_signal_emit_valist
    at gsignal.c line 3003
  • #17 g_signal_emit
    at gsignal.c line 3060
  • #18 gtk_button_clicked
    from /usr/lib/libgtk-3.so.0
  • #19 ??
    from /usr/lib/libgtk-3.so.0
  • #20 g_cclosure_marshal_VOID__VOID
    at gmarshal.c line 85
  • #21 g_type_class_meta_marshal
    at gclosure.c line 885
  • #22 g_closure_invoke
    at gclosure.c line 774
  • #23 signal_emit_unlocked_R
    at gsignal.c line 3202
  • #24 g_signal_emit_valist
    at gsignal.c line 3003
  • #25 g_signal_emit
    at gsignal.c line 3060
  • #26 gtk_button_released
    from /usr/lib/libgtk-3.so.0
  • #27 ??
    from /usr/lib/libgtk-3.so.0
  • #28 ??
    from /usr/lib/libgtk-3.so.0
  • #29 g_type_class_meta_marshal
    at gclosure.c line 885
  • #30 g_closure_invoke
    at gclosure.c line 774
  • #31 signal_emit_unlocked_R
    at gsignal.c line 3310
  • #32 g_signal_emit_valist
    at gsignal.c line 3013
  • #33 g_signal_emit
    at gsignal.c line 3060
  • #34 ??
    from /usr/lib/libgtk-3.so.0
  • #35 gtk_propagate_event
    from /usr/lib/libgtk-3.so.0
  • #36 gtk_main_do_event
    from /usr/lib/libgtk-3.so.0
  • #37 ??
    from /usr/lib/libgdk-3.so.0
  • #38 ??
    from /usr/lib/libgdk-3.so.0
  • #39 g_main_dispatch
    at gmain.c line 2425
  • #40 g_main_context_dispatch
    at gmain.c line 2995
  • #41 g_main_context_iterate
    at gmain.c line 3073
  • #42 g_main_loop_run
    at gmain.c line 3281
  • #43 gtk_main
    from /usr/lib/libgtk-3.so.0
  • #44 ??
    from /usr/lib/libgtk-3.so.0
  • #45 g_application_run
    at gapplication.c line 1323
  • #46 main
    at notify-main.c line 92

Comment 5 Tobias Mueller 2012-05-27 19:50:01 UTC
So given that you couldn't reproduce, let's assume it's fixed. We'll reopen if it happens with evolution 3.4.
Comment 6 Milan Crha 2012-12-10 11:12:11 UTC
Hrm, I just got this crash report from 3.6.2:
https://bugzilla.redhat.com/show_bug.cgi?id=884908

Version-Release number of selected component:
evolution-3.6.2-3.fc18

Additional info:
backtrace_rating: 4
cmdline:        /usr/libexec/evolution/3.6/evolution-alarm-notify
crash_function: remove_queued_alarm
executable:     /usr/libexec/evolution/3.6/evolution-alarm-notify
kernel:         3.6.7-5.fc18.x86_64
remote_result:  675589
uid:            1000

Core was generated by `/usr/libexec/evolution/3.6/evolution-alarm-notify'.
Program terminated with signal 11, Segmentation fault.

Thread 1 (Thread 0x7f06e64afa00 (LWP 11051))

  • #0 remove_queued_alarm
    at alarm-queue.c line 351
  • #1 tray_list_remove_async
    at alarm-queue.c line 1257
  • #2 message_push
    at alarm-queue.c line 199
  • #3 tray_list_remove_icons
    at alarm-queue.c line 1289
  • #4 notify_dialog_cb
    at alarm-queue.c line 1406
  • #5 dialog_response_cb
    at alarm-notify-dialog.c line 165
  • #6 g_closure_invoke
    at gclosure.c line 777
  • #7 signal_emit_unlocked_R
    at gsignal.c line 3551
  • #8 g_signal_emit_valist
    at gsignal.c line 3300
  • #9 g_signal_emit
    at gsignal.c line 3356
  • #10 _g_closure_invoke_va
    at gclosure.c line 840
  • #11 g_signal_emit_valist
    at gsignal.c line 3211
  • #12 g_signal_emit
    at gsignal.c line 3356
  • #13 gtk_real_button_released
    at gtkbutton.c line 1967
  • #14 g_closure_invoke
    at gclosure.c line 777
  • #15 signal_emit_unlocked_R
    at gsignal.c line 3481
  • #16 g_signal_emit_valist
    at gsignal.c line 3300
  • #17 g_signal_emit
    at gsignal.c line 3356
  • #18 gtk_button_button_release
    at gtkbutton.c line 1802
  • #19 gtk_button_button_release
    at gtkbutton.c line 1794
  • #20 _gtk_marshal_BOOLEAN__BOXEDv
    at gtkmarshalers.c line 130
  • #21 _g_closure_invoke_va
    at gclosure.c line 840
  • #22 g_signal_emit_valist
    at gsignal.c line 3211
  • #23 g_signal_emit
    at gsignal.c line 3356
  • #24 gtk_widget_event_internal
    at gtkwidget.c line 6301
  • #25 gtk_widget_event
    at gtkwidget.c line 5958
  • #26 propagate_event_up
    at gtkmain.c line 2397
  • #27 propagate_event
    at gtkmain.c line 2497
  • #28 gtk_main_do_event
    at gtkmain.c line 1720
  • #29 gdk_event_source_dispatch
    at gdkeventsource.c line 358
  • #30 g_main_dispatch
    at gmain.c line 2715
  • #31 g_main_context_dispatch
    at gmain.c line 3219
  • #32 g_main_context_iterate
    at gmain.c line 3290
  • #33 g_main_context_iteration
    at gmain.c line 3351
  • #34 g_application_run
    at gapplication.c line 1624
  • #35 main
    at notify-main.c line 116

Comment 7 Milan Crha 2013-06-25 12:12:49 UTC
One way to reproduce this for me:

a) Make sure that Edit->Preferences->Calendar and Tasks->Reminders tab,
   [ ] Display alarms in notification area only
   is not checked
b) run /usr/libexec/evolution/X.Y/evolution-alarm-notify on a console,
   if not running already
c) in Evolution's Calendar view add a new On This Computer calendar, name
   it anyhow, like 'test', and when created then select it in the left tree
   and make sure it's checked for Alarm notification on the same tab as a)
d) switch to a day view and create a new event with these values:
   Calendar: test
   Summary: alarm 1
   Time: today, not more than 60 minutes from current time
         (like if it's 2:10 PM, then at 2:30 PM)
   Set an alarm on it: 1 hour before the appointment
   [Save]
e) a notification window with the appointment alarm is shown; left it as is
   and switch back to evolution. Create the second alarm event same as the one
   at d), only make the time for it's start one minute later than the alarm 1;
   Name it "alarm 2"
   [Save]
f) a notification for "alarm 2" is shown, the new event is added to the
   previously opened notification window, below the alarm 1
g) in the notification window select "alarm 2" and click "Dismiss";
   the notification window contains only one event now, the "alarm 1".
h) keep the notification window as is and switch to evolution;
   right click the "test" calendar and "Delete" it
i) switch to the notification window and close it with [x] at the right
   top corner (or whenever your window manager shows the button to close
   the window)
The evolution-alarm-notify process crashed at remove_queued_alarm()
Comment 8 Milan Crha 2013-06-25 12:32:32 UTC
Created attachment 247724 [details] [review]
evo patch

for evolution;

Instead of crashing, the events from removed calendar are removed also from the notification dialog, which can lead to the dialog close too. The patch also fixes a memory leak and makes sure that GtkTreeIter-s are accessed only if they are valid.
Comment 9 Milan Crha 2013-06-25 12:35:40 UTC
Created commit f6f4a73 in evo master (3.9.4+)
Created commit 02a8f3e in evo gnome-3-8 (3.8.4+)