Bug 761883 – Freeze when editing a specific Draft: GLib-GObject-WARNING **: invalid cast from 'WebKitDOMText' to 'WebKitDOMElement'

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 761883 - Freeze when editing a specific Draft: GLib-GObject-WARNING **: invalid cast from 'WebKitDOMText' to 'WebKitDOMElement'


Summary:	Freeze when editing a specific Draft: GLib-GObject-WARNING **: invalid cast f...


Status:	RESOLVED FIXED

Product:	evolution
Classification:	Applications
Component:	Composer
Version:	3.18.x (obsolete)
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Tomas Popela
QA Contact:	Evolution QA team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-02-11 22:30 UTC by Christian Stadelmann
Modified:	2016-02-18 09:16 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
log file from gdb (60.60 KB, text/plain) 2016-02-11 22:30 UTC, Christian Stadelmann	Details

Description Christian Stadelmann 2016-02-11 22:30:28 UTC

Created attachment 320916 [details]
log file from gdb

Note: This looks similiar to https://bugzilla.gnome.org/show_bug.cgi?id=758851 but it is present in 3.18.4, so either those are unrelated or the fix didn't match all broken cases.

When editing a specific draft with 2 levels of citation in it, Evolution freezes and runs at 100% CPU on one core and leaks huge amounts of memory (several gigabytes per minute).

What I did to reproduce:
1. I opened a plaintext email draft for a reply email to milan crha regarding another evolution bug. What I found weird about this is that I didn't get coloured ">" signs for citation indentation but I got a vertical (coloured) line as if I were using HTML emails. Is this feature new to evolution? I haven't noticed it before.
2. In email composer, I tried deleting a single character at a specific position

What happened:
Evolution freezes, runs at 100% CPU on one core and spams syslog with millions of these messages:

(evolution:16623): GLib-GObject-WARNING **: invalid cast from 'WebKitDOMText' to 'WebKitDOMElement'

sending SIGTERM to evolution doesn't help, only SIGKILL does.

I attached gdb to evolution and tried again. Long backtrace and log file is attached. This is the backtrace with few details:

+ Trace 235965

#0 write
at ../sysdeps/unix/syscall-template.S line 84
#1 write_string
#2 g_log_default_handler
at gmessages.c line 1492
#3 g_logv
at gmessages.c line 1060
#4 g_log
at gmessages.c line 1119
#5 g_type_check_instance_cast
at gtype.c line 4072
#6 merge_siblings_if_necessary
at e-html-editor-view.c line 3264
#7 body_key_up_event_process_backspace_or_delete
at e-html-editor-view.c line 3450
#8 body_keyup_event_cb
at e-html-editor-view.c line 3530
#9 body_keyup_event_cb
at e-html-editor-view.c line 3520
#10 ffi_call_unix64
at ../src/x86/unix64.S line 76
#11 ffi_call
at ../src/x86/ffi64.c line 525
#12 g_cclosure_marshal_generic
at gclosure.c line 1487
#13 g_closure_invoke
at gclosure.c line 801
#14 WebCore::GObjectEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
at Source/WebCore/bindings/gobject/GObjectEventListener.cpp line 75
#15 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&)
at Source/WebCore/dom/EventTarget.cpp line 284
#16 WebCore::EventTarget::fireEventListeners(WebCore::Event*)
at Source/WebCore/dom/EventTarget.cpp line 232
#17 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const
at Source/WebCore/dom/EventContext.cpp line 54
#18 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>)
at Source/WebCore/dom/EventDispatcher.cpp line 275
#19 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>)
at Source/WebCore/dom/EventDispatcher.cpp line 333
#20 WebCore::Element::dispatchKeyEvent(WebCore::PlatformKeyboardEvent const&)
at Source/WebCore/dom/Element.cpp line 290
#21 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&)
at Source/WebCore/page/EventHandler.cpp line 2934
#22 WebKit::WebViewInputMethodFilter::sendSimpleKeyEvent(_GdkEventKey*, WTF::String, WebCore::GtkInputMethodFilter::EventFakedForComposition)
at Source/WebKit/gtk/WebCoreSupport/WebViewInputMethodFilter.cpp line 60
#23 WebCore::GtkInputMethodFilter::filterKeyEvent(_GdkEventKey*)
at Source/WebCore/platform/gtk/GtkInputMethodFilter.cpp line 202
#24 webkit_web_view_key_release_event(GtkWidget*, GdkEventKey*)
at Source/WebKit/gtk/webkit/webkitwebview.cpp line 744
#25 _gtk_marshal_BOOLEAN__BOXEDv
at gtkmarshalers.c line 131
#26 _g_closure_invoke_va
at gclosure.c line 864
#27 g_signal_emit_valist
at gsignal.c line 3292
#28 g_signal_emit
at gsignal.c line 3439
#29 gtk_widget_event_internal
at gtkwidget.c line 7692
#30 gtk_window_propagate_key_event
at gtkwindow.c line 7775
#31 gtk_window_key_release_event
at gtkwindow.c line 7826
#32 _gtk_marshal_BOOLEAN__BOXEDv
at gtkmarshalers.c line 131
#33 _g_closure_invoke_va
at gclosure.c line 864
#34 g_signal_emit_valist
at gsignal.c line 3292
#35 g_signal_emit
at gsignal.c line 3439
#36 gtk_widget_event_internal
at gtkwidget.c line 7692
#37 propagate_event
at gtkmain.c line 2610
#38 gtk_main_do_event
at gtkmain.c line 1850
#39 gdk_event_source_dispatch
at gdkeventsource.c line 90
#40 g_main_context_dispatch
at gmain.c line 3154
#41 g_main_context_dispatch
at gmain.c line 3769
#42 g_main_context_iterate
at gmain.c line 3840
#43 g_main_loop_run
at gmain.c line 4034
#44 gtk_main
at gtkmain.c line 1241
#45 main
at main.c line 660

Comment 1 Christian Stadelmann 2016-02-12 17:14:01 UTC

See https://git.gnome.org/browse/evolution/commit/?h=gnome-3-18&id=7fa9a99cce23041b90e07172ac2f961517b82408 for a fix in 3.18 git (to land in 3.18.5) and https://git.gnome.org/browse/evolution/commit/?id=572b2ba6863b3a3d0498d16042a1be8ecc49d49c for a fix in git master.

Comment 2 Milan Crha 2016-02-18 09:16:22 UTC

There was a typo in the above fix, an uninitialized variable had been used in the code, which could lead to a crash when the code was executed.

Created commit 77938fb in evo master (3.19.91+)
Created commit 8f67c06 in evo gnome-3-18 (3.18.5.1+)