Bug 731770 – Sometimes crashes when trying to load images in e-mails

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 731770 - Sometimes crashes when trying to load images in e-mails


Summary:	Sometimes crashes when trying to load images in e-mails


Status:	RESOLVED FIXED

Product:	evolution
Classification:	Applications
Component:	Mailer
Version:	3.12.x (obsolete)
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	evolution-mail-maintainers
QA Contact:	Evolution QA team

URL:
Whiteboard:

Duplicates:	732766 (view as bug list)
Depends on:
Blocks:

Reported:	2014-06-17 10:21 UTC by Ankur Sinha (FranciscoD)
Modified:	2014-07-08 16:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Complete multi thread backtrace (105.10 KB, text/x-log) 2014-06-17 10:21 UTC, Ankur Sinha (FranciscoD)	Details

Description Ankur Sinha (FranciscoD) 2014-06-17 10:21:36 UTC

Created attachment 278582 [details]
Complete multi thread backtrace

Hi,

I've noticed that evolution sometimes crashes when trying to load images in e-mails, especially if I've just opened evolution and selected such an e-mail to display images (using ctrl I).

This is what the gdm dump said when it crashed:

Program received signal SIGSEGV, Segmentation fault.
0x00007fff9b9722ac in mail_display_plugin_widget_resize (widget=0x7fff8c01d890 [EAttachmentBar], dummy=<optimized out>, display=0x30e09c0 [EMailDisplay])
    at e-mail-display.c:364
364             if (!WEBKIT_DOM_IS_ELEMENT (parent_element)) {

The *complete* back trace is attached. 

[asinha@ankur-laptop  ~]$ rpm -qa \*evolution\*
evolution-help-3.12.3-1.fc20.noarch
evolution-data-server-3.12.3-1.fc20.x86_64
evolution-3.12.3-1.fc20.x86_64
evolution-debuginfo-3.12.3-1.fc20.x86_64
evolution-ews-3.12.3-1.fc20.x86_64
evolution-data-server-debuginfo-3.12.3-1.fc20.x86_64
[asinha@ankur-laptop  ~]$

Thanks,
Warm regards,
Ankur

Comment 1 Jürg Billeter 2014-06-18 05:22:15 UTC

I see the same issue here, also with evolution 3.12.3 on Linux x86-64. Increasing severity to critical as it's a crash bug.

Comment 2 Milan Crha 2014-06-18 09:36:51 UTC

Thanks for a bug report. I paste the backtrace inline, for easier searching.

+ Trace 233708

Thread 1 (Thread 0x7ffff7f9ba40 (LWP 13092))

#0 mail_display_plugin_widget_resize
at e-mail-display.c line 364
#1 g_closure_invoke
at gclosure.c line 768
#2 signal_emit_unlocked_R
at gsignal.c line 3551
#3 g_signal_emit_valist
at gsignal.c line 3307
#4 g_signal_emit
at gsignal.c line 3363
#5 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#6 gtk_box_size_allocate_no_center
at gtkbox.c line 789
#7 g_cclosure_marshal_VOID__BOXEDv
at gmarshal.c line 1160
#8 _g_closure_invoke_va
at gclosure.c line 831
#9 g_signal_emit_valist
at gsignal.c line 3215
#10 g_signal_emit
at gsignal.c line 3363
#11 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#12 WebCore::GtkPluginWidget::frameRectsChanged
from /lib64/libwebkitgtk-3.0.so.0
#13 WebCore::ScrollView::frameRectsChanged
from /lib64/libwebkitgtk-3.0.so.0
#14 WebCore::ScrollView::setFrameRect
from /lib64/libwebkitgtk-3.0.so.0
#15 WebCore::FrameView::setFrameRect
from /lib64/libwebkitgtk-3.0.so.0
#16 resizeWebViewFromAllocation
from /lib64/libwebkitgtk-3.0.so.0
#17 webkit_web_view_size_allocate
from /lib64/libwebkitgtk-3.0.so.0
#18 g_cclosure_marshal_VOID__BOXEDv
at gmarshal.c line 1160
#19 _g_closure_invoke_va
at gclosure.c line 831
#20 g_signal_emit_valist
at gsignal.c line 3215
#21 g_signal_emit
at gsignal.c line 3363
#22 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#23 gtk_widget_size_allocate
at gtkwidget.c line 5688
#24 gtk_scrolled_window_allocate_child
at gtkscrolledwindow.c line 1797
#25 gtk_scrolled_window_size_allocate
at gtkscrolledwindow.c line 2003
#26 g_closure_invoke
at gclosure.c line 768
#27 signal_emit_unlocked_R
at gsignal.c line 3481
#28 g_signal_emit_valist
at gsignal.c line 3307
#29 g_signal_emit
at gsignal.c line 3363
#30 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#31 gtk_box_size_allocate_no_center
at gtkbox.c line 789
#32 g_closure_invoke
at gclosure.c line 768
#33 signal_emit_unlocked_R
at gsignal.c line 3481
#34 g_signal_emit_valist
at gsignal.c line 3307
#35 g_signal_emit
at gsignal.c line 3363
#36 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#37 gtk_box_size_allocate_no_center
at gtkbox.c line 789
#38 g_closure_invoke
at gclosure.c line 768
#39 signal_emit_unlocked_R
at gsignal.c line 3481
#40 g_signal_emit_valist
at gsignal.c line 3307
#41 g_signal_emit
at gsignal.c line 3363
#42 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#43 gtk_widget_size_allocate
at gtkwidget.c line 5688
#44 gtk_window_size_allocate
at gtkwindow.c line 7116
#45 g_closure_invoke
at gclosure.c line 768
#46 signal_emit_unlocked_R
at gsignal.c line 3481
#47 g_signal_emit_valist
at gsignal.c line 3307
#48 g_signal_emit
at gsignal.c line 3363
#49 gtk_widget_size_allocate_with_baseline
at gtkwidget.c line 5621
#50 gtk_widget_size_allocate
at gtkwidget.c line 5688
#51 gtk_window_move_resize
at gtkwindow.c line 9651
#52 gtk_window_check_resize
at gtkwindow.c line 8108
#53 _g_closure_invoke_va
at gclosure.c line 831
#54 g_signal_emit_valist
at gsignal.c line 3215
#55 g_signal_emit
at gsignal.c line 3363
#56 gtk_container_idle_sizer
at gtkcontainer.c line 1757
#57 _g_closure_invoke_va
at gclosure.c line 831
#58 g_signal_emit_valist
at gsignal.c line 3215
#59 g_signal_emit_by_name
at gsignal.c line 3403
#60 gdk_frame_clock_paint_idle
at gdkframeclockidle.c line 408
#61 gdk_threads_dispatch
at gdk.c line 635
#62 g_timeout_dispatch
at gmain.c line 4472
#63 g_main_dispatch
at gmain.c line 3064
#64 g_main_context_dispatch
at gmain.c line 3663
#65 g_main_context_iterate
at gmain.c line 3734
#66 g_main_loop_run
at gmain.c line 3928
#67 gtk_main
at gtkmain.c line 1192
#68 main
at main.c line 680

Comment 3 Milan Crha 2014-06-18 12:17:37 UTC

Nice, so this is after my recent changes to not react on false change/notify notifications from GSettings/GObject properties. Namely mail_display_uri_changed() was not called when Ctrl+I was called (which also invokes view rebuild), thus the internal cache of plugin widgets were not clean-up, thus there happened use-after-free for "parent_element" on the widget on resize of the view. Basically, the widget survived longer than its element. Using GWeakRef instead of the g_object_ref() fixes the problem.

Created commit 9840648 in evo master (3.13.3+) [1]
Created commit dd041b9 in evo evolution-3-12 (3.12.4+)

[1] https://git.gnome.org/browse/evolution/commit/?id=9840648

Comment 4 Ankur Sinha (FranciscoD) 2014-06-19 05:29:41 UTC

Thanks Milan. 

I'll test the package when the COPR is updated to 3.12.4 and confirm the fix.

Warm regards,
Ankur

Comment 5 Ankur Sinha (FranciscoD) 2014-07-01 02:12:11 UTC

Hi Milan,

I've just updated to gnome 3.13 from the Fedora 20 copr. Unfortunately evolution and e-d-s aren't 3.13 in rawhide or in the copr yet - they're still at 3.12.3. Can you please update the packages when you have some free cycles? 

Thanks,
Warm regards,
Ankur

Comment 6 Milan Crha 2014-07-01 10:44:30 UTC

(In reply to comment #5)
> I've just updated to gnome 3.13 from the Fedora 20 copr. Unfortunately
> evolution and e-d-s aren't 3.13 in rawhide or in the copr yet - they're still
> at 3.12.3. Can you please update the packages when you have some free cycles? 

Rawhide is not going to get 3.13.x till Fedora branches for f21. The 3.14.0 of evolution will be released in spring 2015.

Comment 7 Milan Crha 2014-07-08 16:32:37 UTC

*** Bug 732766 has been marked as a duplicate of this bug. ***