After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 696673 - [abrt] Crash during message highlight
[abrt] Crash during message highlight
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
3.8.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
evolution[webkit]
: 697466 697804 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2013-03-27 07:47 UTC by Milan Crha
Modified: 2013-04-12 14:44 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
test message (2.41 KB, text/plain)
2013-04-10 12:21 UTC, Milan Crha 		  Details
Proposed patch (3.28 KB, patch)
2013-04-11 14:56 UTC, Tomas Popela 		reviewed Details | Review
Version utilizing WebKit (4.83 KB, patch)
2013-04-12 09:08 UTC, Tomas Popela 		accepted-commit_now Details | Review

Description Milan Crha 2013-03-27 07:47:39 UTC 
Moving this from a downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=928200

Description of problem:
Changed search filter to 'Message contains...', and Evo crashed.

Version-Release number of selected component:
evolution-3.8.0-1.fc19

Additional info:
backtrace_rating: 4
cmdline:        evolution
crash_function: strstr
executable:     /usr/bin/evolution
kernel:         3.9.0-0.rc4.git0.1.fc19.x86_64

var_log_messages contains:

Mar 26 23:26:10 adam /etc/gdm/Xsession[1562]: ** (evolution:17069): CRITICAL **: gchar* webkit_dom_character_data_get_data(WebKitDOMCharacterData*): assertion `WEBKIT_DOM_IS_CHARACTER_DATA(self)' failed

+ Trace 231688

Thread 1 (Thread 0x7f6f9109ba00 (LWP 17069))

  • #0 __strstr_sse42
    at ../sysdeps/x86_64/multiarch/strstr.c line 174
  • #1 replace_text
    at e-web-view.c line 384
  • #2 replace_text
    at e-web-view.c line 443
  • #3 replace_text
    at e-web-view.c line 443
  • #4 replace_text
    at e-web-view.c line 443
  • #5 web_view_update_document_highlights
    at e-web-view.c line 482
  • #6 e_web_view_add_highlight
    at e-web-view.c line 2421
  • #7 mail_paned_view_set_search_strings
    at e-mail-paned-view.c line 755
  • #8 mail_shell_view_execute_search
    at e-mail-shell-view.c line 757
  • #9 g_closure_invoke
    at gclosure.c line 777
  • #10 signal_emit_unlocked_R
    at gsignal.c line 3514
  • #11 g_signal_emit_valist
    at gsignal.c line 3328
  • #12 g_signal_emit
    at gsignal.c line 3384
  • #13 g_closure_invoke
    at gclosure.c line 777
  • #14 signal_emit_unlocked_R
    at gsignal.c line 3584
  • #15 g_signal_emit_valist
    at gsignal.c line 3328
  • #16 g_signal_emit
    at gsignal.c line 3384
  • #17 gtk_radio_action_activate
    at gtkradioaction.c line 374
  • #18 g_closure_invoke
    at gclosure.c line 777
  • #19 signal_emit_unlocked_R
    at gsignal.c line 3514
  • #20 g_signal_emit_valist
    at gsignal.c line 3328
  • #21 g_signal_emit
    at gsignal.c line 3384
  • #22 _gtk_action_emit_activate
    at gtkaction.c line 801
  • #23 gtk_check_menu_item_activate
    at gtkcheckmenuitem.c line 501
  • #24 g_closure_invoke
    at gclosure.c line 777
  • #25 signal_emit_unlocked_R
    at gsignal.c line 3514
  • #26 g_signal_emit_valist
    at gsignal.c line 3328
  • #27 g_signal_emit
    at gsignal.c line 3384
  • #28 gtk_widget_activate
    at gtkwidget.c line 6745
  • #29 gtk_menu_shell_activate_item
    at gtkmenushell.c line 1429
  • #30 gtk_menu_shell_button_release
    at gtkmenushell.c line 830
  • #31 _gtk_marshal_BOOLEAN__BOXEDv
    at gtkmarshalers.c line 130
  • #32 _g_closure_invoke_va
    at gclosure.c line 840
  • #33 g_signal_emit_valist
    at gsignal.c line 3234
  • #34 g_signal_emit
    at gsignal.c line 3384
  • #35 gtk_widget_event_internal
    at gtkwidget.c line 6714
  • #36 gtk_widget_event
    at gtkwidget.c line 6371
  • #37 propagate_event_up
    at gtkmain.c line 2393
  • #38 propagate_event
    at gtkmain.c line 2501
  • #39 gtk_main_do_event
    at gtkmain.c line 1716
  • #40 gdk_event_source_dispatch
    at gdkeventsource.c line 364
  • #41 g_main_dispatch
    at gmain.c line 3054
  • #42 g_main_context_dispatch
    at gmain.c line 3630
  • #43 g_main_context_iterate
    at gmain.c line 3701
  • #44 g_main_loop_run
    at gmain.c line 3895
  • #45 gtk_main
    at gtkmain.c line 1156
  • #46 main
    at main.c line 698 






Comment 1


Milan Crha





          2013-03-27 07:49:58 UTC
        



I cannot reproduce the crash, it seems like it's related to certain message structure, but I just got a busy loop when searching for "Message contains" "a", the highlight phase, basically the same backtrace, doesn't want to stop and eats whole CPU.






Comment 2


Fabio Durán Verdugo





          2013-04-06 23:47:29 UTC
        



*** Bug 697466 has been marked as a duplicate of this bug. ***






Comment 3


Fabio Durán Verdugo





          2013-04-06 23:48:15 UTC
        



I can reproduce with this steps:

- Select a folder.
- try to search with subjects or address contains
- press enter and display the results.
- change the search options to body contains
- crash






Comment 4


Tomas Popela





          2013-04-08 07:56:31 UTC
        



Sorry I can't reproduce it too (even with steps that you provided). Is it possible to send me that email that crashes evolution?






Comment 5


Fabio Durán Verdugo





          2013-04-08 12:20:00 UTC
        



this is my evolution version.
evolution-3.8.0-1.fc19.i686
evolution-mapi-3.8.0-1.fc19.i686
evolution-data-server-3.8.0-1.fc19.i686






Comment 6


Matthew Barnes





          2013-04-08 13:23:56 UTC
        



(In reply to comment #5)
> this is my evolution version.
> evolution-3.8.0-1.fc19.i686
> evolution-mapi-3.8.0-1.fc19.i686
> evolution-data-server-3.8.0-1.fc19.i686

Can you also list your webkitgtk3 version?

I'm seeing what Milan saw: no crash, but CPU pegged and the stack track is somewhere deep in WebCore while recursing over the DOM node tree.

For me, "pkg-config --modversion webkitgtk-3.0" ==> 1.10.1






Comment 7


Fabio Durán Verdugo





          2013-04-08 13:43:15 UTC
        



my webkit version is:

webkitgtk3-2.0.0-1.fc19.i686
webkitgtk-1.10.2-6.fc19.i686
qtwebkit-2.3.0-2.fc19.i686
webkitgtk3-debuginfo-2.0.0-1.fc19.i686






Comment 8


Milan Crha





          2013-04-09 11:34:48 UTC
        



That's it. I can reproduce the crash with webkitgtk3 2.0.0.






Comment 9


Milan Crha





          2013-04-10 12:21:42 UTC
        



Created attachment 241142 [details]
test message

Tomas gave me a webkit 2.0.0 with some patch, which fixed the crash, but then I get into a busy lock, 1 core on 100% usage. It doesn't do every message, but I found one which does, it's this attached. My steps are basically the same as those above, but let me clarify some details:
a) import the message to any On This Computer folder (it might not matter
   where it is imported, can be basically anywhere).
b) enter the folder and set search to "Subject or Addresses contain"
c) into Search field enter: rhyth
d) press Enter and wait until the "Generating message list" is finished
e) select the imported message, make sure preview panel is on
f) change search type to Body contains

And now I get either the crash (with vanilla webkigtk3 2.0.0) or a busy lock.






Comment 10


Matthew Barnes





          2013-04-10 12:52:18 UTC
        



Might be worthwhile to verify there aren't cycles in the DOM node tree.  Not sure if that's even possible, but the recursion code in e-web-view.c assumes there isn't.  That's the only way that I can see how we'd be causing the busy loop.






Comment 11


Tomas Popela





          2013-04-11 14:56:31 UTC
        



Created attachment 241259 [details] [review]
Proposed patch

Fixes crash/busylock in highlighting also fixes clearing of highlights.






Comment 12


Milan Crha





          2013-04-11 15:12:47 UTC
        



Review of attachment 241259 [details] [review]:

One thing also found, not every highlight is removed (showed "online"). Good thing is no crash and no busy-loop.

::: e-util/e-web-view.c
@@ +2457,3 @@
+	gulong iframes_count, highlights_count;
+	gulong i, j;
+

This new block produces:
e-web-view.c: In function 'e_web_view_clear_highlights':
e-web-view.c:2454:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]






Comment 13


Milan Crha





          2013-04-11 15:18:29 UTC
        



Just for a completeness, I tested with webkitgtk3-2.0.0 and webkitgtk3-1.10.2






Comment 14


Tomas Popela





          2013-04-12 09:08:51 UTC
        



Created attachment 241328 [details] [review]
Version utilizing WebKit

This patch drops our implementation of highlighting and utilizes WebKit highlighting.






Comment 15


Milan Crha





          2013-04-12 12:44:52 UTC
        



Review of attachment 241328 [details] [review]:

Looks good, and doesn't crash. Please commit to master and gnome-3-8, thus it's part of 3.8.1 on Monday.






Comment 16


Matthew Barnes





          2013-04-12 13:19:14 UTC
        



Review of attachment 241328 [details] [review]:

+100  That's way better.  Nice one, Tomas.






Comment 17


Milan Crha





          2013-04-12 14:23:43 UTC
        



*** Bug 697804 has been marked as a duplicate of this bug. ***