Bug 129844

Summary: Reproducible segfault in evolution
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: gtkhtml3Assignee: Owen Taylor <otaylor>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dmalcolm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 3.3.0-3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-03 17:18:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 123268    
Attachments:
Description Flags
gtkhtml3-backtrace none

Description Tim Waugh 2004-08-13 09:28:54 UTC 
Description of problem:
When composing a message in evolution, I came across a reproducible
way to crash evolution (actually my wife did).  It's crashing in gtkhtml3.

Version-Release number of selected component (if applicable):
gtkhtml3-3.3.0-2
evolution-1.5.92.2-2

How reproducible:
100%

Steps to Reproduce:
1. Start evolution, compose new message
2. Start Mozilla: http://www.imdb.com/news/wenn/2004-08-12
3. Highlight the Bjork story, from the beginning of the headline to
the end of the story ("Bjork" [...] "event.")
4. Click in the evolution message being composed
5. Middle-click to paste the selection
6. Put the cursor before the "I" of "Iceland".
7. Press backspace twice.

Actual results:
Backtrace attached.
Comment 1 Tim Waugh 2004-08-13 09:29:46 UTC 
Created attachment 102690 [details]
gtkhtml3-backtrace
Comment 2 Tim Waugh 2004-08-13 15:27:07 UTC 
I've checked a fix into CVS.
Comment 3 Tim Waugh 2004-08-13 16:00:05 UTC 
Fixed package is 3.3.0-3.
Comment 4 Owen Taylor 2004-09-03 15:47:28 UTC 
I'm not the maintainer of this package upstream or downstream,
but I'm maintaining the 3.3.x branch upstream, and as such,
am a bit upset that a patch went into our package without
being reported or fixed upstream.

I don't think the patch solves the root problem, I'm going to 
investigate a bit more to try to figure out if it's 3.3.x branch 
related or a general bug.
Comment 5 Owen Taylor 2004-09-03 17:18:06 UTC 
This is:

 http://bugzilla.ximian.com/show_bug.cgi?id=50052

I think what is really happening is that the first
press of delete corrupts the internal structures
of GtkHTML, and then the second delete dies in
the assertion failure. I'll leave your patch in
the RPM, but I bet small variations of the procedure
will still crash.

If you look through the GtkHTML bugs, it's clear that
there are a lot of outstanding editor crashers...