Bug 666342 – Crash in content_info_from_db

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 666342 - Crash in content_info_from_db


Summary:	Crash in content_info_from_db


Status:	RESOLVED OBSOLETE

Product:	evolution-data-server
Classification:	Platform
Component:	Mailer
Version:	3.6.x (obsolete)
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	690526 (view as bug list)
Depends on:
Blocks:

Reported:	2011-12-16 06:10 UTC by Milan Crha
Modified:	2018-12-11 16:56 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Milan Crha 2011-12-16 06:10:58 UTC

Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=768019

libreport version: 2.0.7
abrt_version:   2.0.6
backtrace_rating: 4
cmdline:        /usr/bin/evolution
crash_function: _int_free
executable:     /usr/bin/evolution
kernel:         3.1.4-1.fc16.i686.PAE
reason:         Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)
time:           Thu 15 Dec 2011 01:23:37 PM GMT

Core was generated by `/usr/bin/evolution'.
Program terminated with signal 11, Segmentation fault.

+ Trace 229287

Thread 7 (Thread 0xb78be8c0 (LWP 11111))

#0 __kernel_vsyscall
#1 __lll_lock_wait_private
at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S line 98
#2 _L_lock_11266
at malloc.c line 5223
#3 __GI___libc_malloc
at malloc.c line 2925
#4 _cairo_gstate_save
at cairo-gstate.c line 254
#5 INT_cairo_save
at cairo.c line 561
#6 render_background_internal
at gtkthemingengine.c line 1399
#7 adwaita_engine_render_background
at adwaita_engine.c line 480
#8 gtk_render_background
at gtkstylecontext.c line 3740
#9 gtk_window_draw
at gtkwindow.c line 7449
#10 _gtk_marshal_BOOLEAN__BOXED
at gtkmarshalers.c line 85
#11 gtk_widget_draw_marshaller
at gtkwidget.c line 819
#12 g_type_class_meta_marshal
at gclosure.c line 885
#13 g_closure_invoke
at gclosure.c line 774
#14 signal_emit_unlocked_R
at gsignal.c line 3310
#15 g_signal_emit_valist
at gsignal.c line 3013
#16 g_signal_emit
at gsignal.c line 3060
#17 _gtk_widget_draw_internal
at gtkwidget.c line 5722
#18 _gtk_widget_draw_internal
at gtkwidget.c line 5698
#19 gtk_widget_send_expose
at gtkwidget.c line 5969
#20 gtk_main_do_event
at gtkmain.c line 1801
#21 _gdk_event_emit
at gdkevents.c line 71
#22 _gdk_window_process_updates_recurse
at gdkwindow.c line 3857
#23 gdk_x11_window_process_updates_recurse
at gdkwindow-x11.c line 4672
#24 gdk_window_process_updates_internal
at gdkwindow.c line 4013
#25 gdk_window_process_all_updates
at gdkwindow.c line 4144
#26 gdk_window_update_idle
at gdkwindow.c line 3747
#27 gdk_threads_dispatch
at gdk.c line 754
#28 g_idle_dispatch
at gmain.c line 4785
#29 g_main_dispatch
at gmain.c line 2425
#30 g_main_context_dispatch
at gmain.c line 2995
#31 g_main_context_iterate
at gmain.c line 3073
#32 g_main_loop_run
at gmain.c line 3281
#33 gtk_main
at gtkmain.c line 1362
#34 main
at main.c line 696

Thread 4 (Thread 0xb76bdb40 (LWP 11112))

#0 __kernel_vsyscall
#1 read
at ../sysdeps/unix/syscall-template.S line 82
#2 read
at /usr/include/bits/unistd.h line 45
#3 unix_signal_helper_thread
at gmain.c line 4551
#4 g_thread_create_proxy
at gthread.c line 1962
#5 start_thread
at pthread_create.c line 309
#6 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 133

Comment 1 Milan Crha 2013-03-12 14:07:08 UTC

*** Bug 690526 has been marked as a duplicate of this bug. ***

Comment 2 Milan Crha 2013-03-12 14:08:26 UTC

The above bug is from 3.6, thus updating the version. This seems like a use-after-free in IMAP (not IMAP+) provider, which is removed in 3.8.x.

Comment 3 Milan Crha 2018-12-11 16:56:53 UTC

I'm closing this as obsolete, but feel free to reopen or comment in case you can reproduce with the current 3.30.x stable series.