GNOME Bugzilla – Bug 769010
Geary crashes when archiving, deleting, selecting a different message
Last modified: 2017-03-05 14:51:35 UTC
Starting 7/20/2016, Geary crashes when attempting to delete message from IMAP inbox. I'll be happy to supply whatever debugging aids if you tell me how to do so. Contact me at pbuck at his.com
To clarify, problems occur with only about 5-10% of the messages, but at least some messages cause Geary to crash every time I try to delete them. I can delete those messages in an online email client.
Hi Peter, thanks for reporting this bug. To debug this, I'll need you to obtain and attach a stack trace per the instructions here: https://wiki.gnome.org/Apps/Geary/ReportingABug#Stack_Trace I'll also some information about your system: Distro and version, desktop environment and version, GTK and WebKitGTK library versions.
Created attachment 331897 [details] Debugging session including stack trace of geary crash Thanks, Michael. Attached is the stack trace from trying to delete one of the messages that cause the crash. I'm running ubuntu 16.04, pretty vanilla. I don't know how to gather the version information you requested. Please advise me if you need more details than I've provided.
I've got the same problem of Peter. Since the previous version of geary every time I try to delete messages from the inbox section, the program stucks and then crashes. If I delte only a message and then i navigate through my other email account everything goes right but if I try to delete 2 or 3 messages in a row it crashes... I use geary on elementary os 0.3 Any suggestion??? please notify by email your suggestion (monsterlord@live.it)
Peter, thanks for the stack trace. From that, since the crash is occurring in WebKitGTK, it might be the same issue as Bug 750048. I occasionally see something like this as well, and am pretty sure it is indeed a WebKitGTK bug. If so, you can work around it by selecting a different message that you also want to delete first, then selecting this problematic message, and then deleting them both.
Luca, thanks for the extra information. Does the workaround I just above in comment 5 help?
*** Bug 750048 has been marked as a duplicate of this bug. ***
The crash is a bug in WebKitGTK. It is triggered in ConversationViewer, by both conversation_viewer_clear and conversation_viewer_remove_message. It occurs when the message's root DOM node is removed from the web view, and seems to depend on something specific to the messages involved. After trying a few obvious workarounds (setting the parent node's inner_html to "", moving the node to a different parent instead of removing it) it is still crashing. Some investigation into the specific nature of the messages that are causing the crash is probably needed to work out what the actual issue is. I'll attach a few here in case someone wants to try to work out what they have in common. If nothing else, this will be fixed when Bug 765516 lands for 0.12, but a fix for this would be great to have for 0.11.x as well.
Created attachment 332498 [details] Example message that reliably triggers this bug.
Created attachment 332499 [details] Decoded HTML from message in Bug 750048 that reportedly also causes the crash
Created attachment 332500 [details] Decoded HTML from example that reliably triggers the bug Decode the Q-P encoding for clarity.
Created attachment 332501 [details] Decoded HTML from message in Bug 750048 that reportedly also causes the crash Clean up line endings for clarity
*** Bug 751656 has been marked as a duplicate of this bug. ***
The stack trace from Bug 751656 indicates one instance of the crash is occurring in WebCore::RenderTableCell::borderLeft(), which is called from WebCore::RenderBoxModelObject::localCaretRectForEmptyElement() so it may have something to do with borders on table cells, and/or maybe on empty table cells?
Turns out WebKitGTK+ 2.4.x at least will crash if you remove an element that has nested tables, and the nested table has cells with some border set. Removing the cell's contents in reverse order will prevent the crash from occurring. A workaround has been pushed to master as 36a35f9. It fixes the crash for the message that was causing the crash for me. If anyone can also test it out, please let me know if it also fixes the problem for you. I'll cherry pick this for the geary-0.11 branch a bit later once it hasn't shown to cause any performance regressions.
This has been pushed to the stable geary-0.11 branch as 52fe9b6. Resolving as fixed.
*** Bug 779373 has been marked as a duplicate of this bug. ***