After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 691526 - [abrt] Memory corruption under e_book_backend_google_start_book_view()
[abrt] Memory corruption under e_book_backend_google_start_book_view()
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: Contacts
3.8.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-addressbook-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2013-01-11 07:42 UTC by Milan Crha
Modified: 2013-07-18 16:34 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
eds patch (4.23 KB, patch)
2013-07-18 16:31 UTC, Milan Crha
committed Details | Review

Description Milan Crha 2013-01-11 07:42:55 UTC
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=894208

Version-Release number of selected component:
evolution-data-server-3.6.2-3.fc18

Additional info:
backtrace_rating: 4
cmdline:        /usr/libexec/evolution-addressbook-factory
crash_function: slab_allocator_alloc_chunk
executable:     /usr/libexec/evolution-addressbook-factory
kernel:         3.6.10-4.fc18.i686

Core was generated by `/usr/libexec/evolution-addressbook-factory'.
Program terminated with signal 11, Segmentation fault.

Thread 2 (Thread 0xb77c7740 (LWP 1648))

  • #0 __kernel_vsyscall
  • #1 poll
    at ../sysdeps/unix/syscall-template.S line 81
  • #2 poll
    at /usr/include/bits/poll2.h line 46
  • #3 g_poll
    at gpoll.c line 132
  • #4 g_main_context_poll
    at gmain.c line 3584
  • #5 g_main_context_iterate
    at gmain.c line 3285
  • #6 g_main_loop_run
    at gmain.c line 3484
  • #7 dbus_server_run_server
    at e-dbus-server.c line 222
  • #8 ffi_call_SYSV
    at ../src/x86/sysv.S line 64
  • #9 ffi_call
    at ../src/x86/ffi.c line 303
  • #10 g_cclosure_marshal_generic_va
    at gclosure.c line 1550
  • #11 g_type_class_meta_marshalv
    at gclosure.c line 997
  • #12 _g_closure_invoke_va
    at gclosure.c line 840
  • #13 g_signal_emit_valist
    at gsignal.c line 3211
  • #14 g_signal_emit
    at gsignal.c line 3356
  • #15 e_dbus_server_run
    at e-dbus-server.c line 396
  • #16 main
    at evolution-addressbook-factory.c line 129

Comment 1 Milan Crha 2013-07-18 08:58:25 UTC
stream bug report about the same from 3.8.3:
https://bugzilla.redhat.com/show_bug.cgi?id=985552

Other threads are also busy with memory allocation and the same backend's processing start_view for other views.

Thread 1 (Thread 0xaa8fdb40 (LWP 20504))

  • #0 _int_malloc
    at malloc.c line 3502
  • #1 _int_realloc
    at malloc.c line 4211
  • #2 __GI___libc_realloc
    at malloc.c line 2988
  • #3 standard_realloc
    at gmem.c line 92
  • #4 g_realloc
    at gmem.c line 224
  • #5 g_string_maybe_expand
    at gstring.c line 107
  • #6 g_string_insert_unichar
    at gstring.c line 874
  • #7 g_string_append_unichar
    at gstring.c line 669
  • #8 read_attribute_value
    at e-vcard.c line 325
  • #9 read_attribute
    at e-vcard.c line 593
  • #10 parse
    at e-vcard.c line 682
  • #11 e_vcard_ensure_attributes
    at e-vcard.c line 723
  • #12 e_vcard_get_attribute
    at e-vcard.c line 2191
  • #13 e_contact_get
    at e-contact.c line 1666
  • #14 e_contact_get_const
    at e-contact.c line 1721
  • #15 e_book_backend_cache_get_contacts
  • #16 cache_get_contacts
    at e-book-backend-google.c line 204
  • #17 e_book_backend_google_start_view
    at e-book-backend-google.c line 1855
  • #18 e_book_backend_start_view
    at e-book-backend.c line 784
  • #19 bookview_start_thread
    at e-data-book-view.c line 235
  • #20 g_thread_proxy
    at gthread.c line 798
  • #21 start_thread
    at pthread_create.c line 308
  • #22 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 131

Comment 2 Milan Crha 2013-07-18 16:31:10 UTC
Created attachment 249544 [details] [review]
eds patch

for evolution-data-server;

I cannot reproduce this myself, but it seems to me that the issue is that multiple threads are in start_view and also multiple threads are updating the local cache, which is not thread safe, thus a "proper" thread interleaving can cause such damage. Thus a logic step is to add locking around the local cache object, when the backend reads or writes data from/to it.
Comment 3 Milan Crha 2013-07-18 16:34:51 UTC
Created commit 9dd16ed in eds master (3.9.5+)
Created commit 9b33d90 in eds gnome-3-8 (3.8.4+)