Bug 228281
| Summary: | Segmentation fault when opening large folder | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Luke Macken <lmacken> |
| Component: | thunderbird | Assignee: | Martin Stransky <stransky> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | rawhide | CC: | caillon, fedora, marius.andreiana, pfrields, stransky |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-04-13 09:32:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
confirmed -- same problem here on x86_64 after updateing to rawhide today (worked fine on FC6 before) Still happens with thunderbird-1.5.0.10-1.fc7 Can you investigate this, Martin? sure. How big are your mail boxes? Can you attach the output of "ls -l" from directory where they are located? (I have them at ~/.thunderbird/csds9tdm.default/Mail/Local Folders) (In reply to comment #5) > How big are your mail boxes? IMAP Mailboxes for me; a particular folder where it crashes is my send folder: -rw-r--r-- 1 thl ctred 2797871 7. Mär 14:03 Sent.msf I tried to delete that file; thunderbird synced the folder fine (7290 mails afaics), created the file anew, and then crashed again. How big is the "Sent" file? Sent.msf is only an index file (or something like that) there is only a Sent.msf The send folder is btw the one where thunderbird crashes always. Some other folders work often, but not always; for example this one -rw-r--r-- 1 thl ctred 1557065 7. Mär 07:08 kernel-commits.msf or the trash. Can you send my any of these folder? (In reply to comment #9) > Can you send my any of these folder? Hmmm, the kernel-commits stuff should not contain any private data, so I maybe could package it up and send it to you. But I'm at home now and the machine is at work. What do you need? The folder contents, the *msf files? I assume both... Luke, btw, does the problem happen for you with IMAP, too? I don't think deleting msf files is sufficient. I'd recommend a new profile to truly see if its profile related. Also, disabling accessibility in GTK+ might be a workaround, just by looking at the stack. I have a local IMAP server so something what I can place there. An inbox with messages would be great. (In reply to comment #12) > Also, disabling accessibility in GTK+ might be a workaround, just by looking at > the stack. Hmm, how does one actually disable it? But it seems to do the trick afaics: everything works fine if I "ssh localhost thunderbird" (that disables accessibility afaics, too). Maybe this bug is somehow related to the stuff that is discussed in Bug 227828 Comment 10 and later? (In reply to comment #10) > Luke, btw, does the problem happen for you with IMAP, too? Yeah, I was experiencing this with IMAP. I am currently unable to duplicate this issue anymore due to hitting email quota limits and having cleaned up a bit since. Martin, I created a local folder and copied the contents of a IMAP folder into it. Thunderbird often (but not always) crashes when I click on the folder after I had looked into some other folders first (but it works fine with the workaround in Comment 14). Find the two thunderbird files with the files (copied from .thunderbird/default/foo/Mail/Local\ Folders/) as compresses tar file at: http://www.leemhuis.info/files/fedorarpms/MISC.fdr/thl-tb-folder.tar.bz2 Cool, I'll check it. btw. Do you use any accessibility feature? I think it's disabled by default (at least on FC-6). (In reply to comment #18) > btw. Do you use any accessibility feature? Seems so -- I disabled them completely using gnome-at-properties and now everything works fine Do you remember which ones did you use? (In reply to comment #20) > Do you remember which ones did you use? I unchecked the first box in gnome-at-properties named "Enable assistive technologies" and logged out and in again. Wow, I can reproduce it, on FC-6 and I've got really big backtrace:
(Gecko:4515): GLib-GObject-WARNING **: gsignal.c:1019: unable to lookup signal
"activate" of unloaded type `MaiAtkObject'
(Gecko:4515): GLib-GObject-CRITICAL **: g_signal_emit_valist: assertion
`signal_id > 0' failed
[New Thread -1274582128 (LWP 4533)]
Program received signal SIGSEGV, Segmentation fault.
#0 0x08d1f7f1 in ?? ()
#1 0x47138150 in main_arena () from /lib/libc.so.6
#2 0x00be549b in nsAccessNode::Release (this=0x8998ab8) at nsAccessNode.cpp:84
#3 0x00bf4758 in nsAccessible::Release (this=0x8998ab8) at nsAccessible.cpp:110
#4 0x0016f5bd in ~nsCOMPtr_base (this=<value optimized out>) at nsCOMPtr.cpp:81
#5 0x00be755a in ~nsCOMPtr (this=0xbf9441a8) at
../dist/include/xpcom/nsCOMPtr.h:542
#6 0x00bf5ae2 in nsAccessible::GetIndexInParent (this=0x89910c0,
aIndexInParent=0xbf9441ec)
at nsAccessible.cpp:635
#7 0x00c0a1b6 in getIndexInParentCB (aAtkObj=0x8ca0c00) at nsAccessibleWrap.cpp:877
#8 0x462f8372 in atk_object_get_index_in_parent () from /usr/lib/libatk-1.0.so.0
#9 0x462f9830 in atk_object_get_name () from /usr/lib/libatk-1.0.so.0
#10 0x00c0a5be in refStateSetCB (aAtkObj=0x8ca0c00) at nsAccessibleWrap.cpp:885
#11 0x462f83f9 in atk_object_ref_state_set () from /usr/lib/libatk-1.0.so.0
#12 0x002596f1 in spi_accessible_new () from /usr/lib/libspi.so.0
#13 0x00255c26 in _ORBIT_skel_small_Accessibility_Accessible_getState () from
/usr/lib/libspi.so.0
#14 0x463576c7 in IOP_start_profiles () from /usr/lib/libORBit-2.so.0
#15 0x4635d835 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0
#16 0x4634abdc in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0
#17 0x4635b3f6 in ORBit_recv_buffer_return_sys_exception () from
/usr/lib/libORBit-2.so.0
#18 0x4635baa2 in ORBit_recv_buffer_return_sys_exception () from
/usr/lib/libORBit-2.so.0
#19 0x4635c5f3 in ORBit_skel_class_register () from /usr/lib/libORBit-2.so.0
#20 0x4635d9d2 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0
#21 0x46346a67 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0
#22 0x463645cd in link_connection_state_changed () from /usr/lib/libORBit-2.so.0
#23 0x463674ae in link_io_add_watch_fd () from /usr/lib/libORBit-2.so.0
#24 0x45bb1442 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#25 0x45bb441f in g_main_context_check () from /lib/libglib-2.0.so.0
#26 0x45bb4985 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#27 0x46362da7 in link_main_iteration () from /usr/lib/libORBit-2.so.0
#28 0x46346247 in giop_recv_buffer_get () from /usr/lib/libORBit-2.so.0
#29 0x4634a48d in ORBit_small_invoke_stub () from /usr/lib/libORBit-2.so.0
#30 0x4634a68e in ORBit_small_invoke_stub_n () from /usr/lib/libORBit-2.so.0
#31 0x463578f2 in ORBit_c_stub_invoke () from /usr/lib/libORBit-2.so.0
#32 0x00247674 in Accessibility_EventListener_notifyEvent () from
/usr/lib/libspi.so.0
#33 0x001197dd in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so
#34 0x0011a6c9 in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so
#35 0x45d4320e in g_signal_chain_from_overridden () from /lib/libgobject-2.0.so.0
#36 0x45d44957 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
#37 0x45d44b19 in g_signal_emit () from /lib/libgobject-2.0.so.0
#38 0x462f992e in atk_object_get_name () from /usr/lib/libatk-1.0.so.0
#39 0x45d3f819 in g_cclosure_marshal_VOID__PARAM () from /lib/libgobject-2.0.so.0
#40 0x45d31589 in g_value_set_static_boxed () from /lib/libgobject-2.0.so.0
#41 0x45d32e7d in g_closure_invoke () from /lib/libgobject-2.0.so.0
#42 0x45d438ca in g_signal_chain_from_overridden () from /lib/libgobject-2.0.so.0
#43 0x45d44957 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
#44 0x45d44b19 in g_signal_emit () from /lib/libgobject-2.0.so.0
#45 0x45d37171 in g_object_class_override_property () from /lib/libgobject-2.0.so.0
#46 0x45d33b5f in g_enum_register_static () from /lib/libgobject-2.0.so.0
#47 0x45d38d22 in g_object_notify () from /lib/libgobject-2.0.so.0
#48 0x462f82eb in atk_object_set_name () from /usr/lib/libatk-1.0.so.0
#49 0x00c0ab5d in getNameCB (aAtkObj=0x8ca0c00) at nsAccessibleWrap.cpp:741
#50 0x462f8949 in atk_object_get_name () from /usr/lib/libatk-1.0.so.0
#51 0x0011a655 in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so
#52 0x45d4320e in g_signal_chain_from_overridden () from /lib/libgobject-2.0.so.0
#53 0x45d44957 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
#54 0x45d44b19 in g_signal_emit () from /lib/libgobject-2.0.so.0
#55 0x462f992e in atk_object_get_name () from /usr/lib/libatk-1.0.so.0
#56 0x45d3f819 in g_cclosure_marshal_VOID__PARAM () from /lib/libgobject-2.0.so.0
#57 0x45d31589 in g_value_set_static_boxed () from /lib/libgobject-2.0.so.0
#58 0x45d32d9b in g_closure_invoke () from /lib/libgobject-2.0.so.0
#59 0x45d438ca in g_signal_chain_from_overridden () from /lib/libgobject-2.0.so.0
#60 0x45d44957 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
#61 0x45d44b19 in g_signal_emit () from /lib/libgobject-2.0.so.0
#62 0x45d37171 in g_object_class_override_property () from /lib/libgobject-2.0.so.0
#63 0x45d33b5f in g_enum_register_static () from /lib/libgobject-2.0.so.0
#64 0x45d38d22 in g_object_notify () from /lib/libgobject-2.0.so.0
#65 0x462f8180 in atk_object_set_parent () from /usr/lib/libatk-1.0.so.0
#66 0x00c0ad6e in getParentCB (aAtkObj=0x8ca0c00) at nsAccessibleWrap.cpp:823
#67 0x462f8849 in atk_object_get_parent () from /usr/lib/libatk-1.0.so.0
#68 0x00766b9a in gnome_accessibility_module_init () from
/usr/lib/gtk-2.0/modules/libgail.so
#69 0x462ffa0c in atk_focus_tracker_notify () from /usr/lib/libatk-1.0.so.0
#70 0x00c0b32c in nsDocAccessibleWrap::FireToolkitEvent (this=0x8559c18,
aEvent=32773,
aAccessible=0x89910d4, aEventData=0x0) at nsDocAccessibleWrap.cpp:109
#71 0x00bf60ac in nsAccessible::FireToolkitEvent (this=0x89910c0, aEvent=32773,
aTarget=0x89910d4,
aData=0x0) at nsAccessible.cpp:1672
#72 0x00bfe3eb in nsRootAccessible::HandleEvent (this=0x8559c18, aEvent=0x8d2bb18)
at nsRootAccessible.cpp:871
#73 0x00bfb921 in nsRootAccessible::Select (this=0x8559c18, aEvent=0x8d2bb18)
at nsRootAccessible.cpp:972
#74 0x011957e1 in nsEventListenerManager::HandleEvent (this=0x85125d8,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aCurrentTarget=0x8576bfc, aFlags=4,
aEventStatus=0xbf946e1c) at nsEventListenerManager.cpp:141
#75 0x01250424 in nsXULDocument::HandleDOMEvent (this=0x8576b48,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=4, aEventStatus=0xbf946e1c)
at nsXULDocument.cpp:1235
#76 0x0123ec82 in nsXULElement::HandleDOMEvent (this=0x8512698,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2136
#77 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x87450e0,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#78 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x8745160,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#79 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x8770760,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#80 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x87707d0,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#81 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x8770828,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#82 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x87708c8,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#83 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x87709f0,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#84 0x0123ec4c in nsXULElement::HandleDOMEvent (this=0x857a050,
aPresContext=0x85914b8,
aEvent=0xbf946df4, aDOMEvent=0xbf946d88, aFlags=<value optimized out>,
aEventStatus=0xbf946e1c)
at nsXULElement.cpp:2131
#85 0x012b1c59 in nsTreeSelection::FireOnSelectHandler (this=0x9115910) at
nsTreeSelection.cpp:788
#86 0x012b222c in nsTreeSelection::Select (this=0x9115910, aIndex=4084) at
nsTreeSelection.cpp:377
#87 0x001c7c41 in XPTC_InvokeByIndex () at dist/include/xpcom/xptcstubsdef.inc:251
#88 0x0052addb in XPCWrappedNative::CallMethod (ccx=@0xbf9470ec,
mode=XPCWrappedNative::CALL_METHOD) at xpcwrappednative.cpp:2156
#89 0x0052ead1 in XPC_WN_CallMethod (cx=0x85eefc0, obj=0x8567dd8, argc=1,
argv=0x8d0fdac,
vp=0xbf94720c) at xpcwrappednativejsops.cpp:1451
#90 0x009fba2b in js_Invoke (cx=0x85eefc0, argc=1, flags=0) at jsinterp.c:1187
#91 0x00a029ee in js_Interpret (cx=0x85eefc0, pc=0x8d4a3e6 ":", result=0xbf9474d8)
at jsinterp.c:3609
#92 0x009fba84 in js_Invoke (cx=0x85eefc0, argc=1, flags=2) at jsinterp.c:1207
#93 0x00a07535 in js_InternalInvoke (cx=0x85eefc0, obj=0x8698ce0,
fval=139886352, flags=2, argc=1,
argv=0xbf94772c, rval=0xbf94771c) at jsinterp.c:1284
#94 0x009d6a55 in JS_CallFunctionValue (cx=0x85eefc0, obj=0x8698ce0,
fval=139886352, argc=1,
argv=0xbf94772c, rval=0xbf94771c) at jsapi.c:4185
#95 0x012676d1 in nsJSContext::CallEventHandler (this=0x85ee9c0, aTarget=0x8698ce0,
aHandler=0x8567f10, argc=1, argv=0xbf94772c, rval=0xbf94771c) at
nsJSEnvironment.cpp:1456
#96 0x012a0084 in nsJSEventListener::HandleEvent (this=0x879b448, aEvent=0x8d2b8f0)
at nsJSEventListener.cpp:186
#97 0x012324ab in nsXBLPrototypeHandler::ExecuteHandler (this=0x89318e8,
aReceiver=0x89cd7b0,
aEvent=0x8d2b8f0) at nsXBLPrototypeHandler.cpp:512
#98 0x0122dea4 in nsXBLEventHandler::HandleEvent (this=0x8939208, aEvent=0x8d2b8f0)
at nsXBLEventHandler.cpp:84
#99 0x011944a3 in nsEventListenerManager::HandleEventSubType (this=0x8771c08,
aListenerStruct=0x88fa7a0, aDOMEvent=0x8d2b8f0, aCurrentTarget=0x89cd7b0,
aSubType=1,
aPhaseFlags=7) at nsEventListenerManager.cpp:1687
#100 0x01195837 in nsEventListenerManager::HandleEvent (this=0x8771c08,
aPresContext=0x85914b8,
aEvent=0xbf9482a8, aDOMEvent=0xbf947f1c, aCurrentTarget=0x89cd7b0, aFlags=7,
aEventStatus=0xbf948100) at nsEventListenerManager.cpp:1788
#101 0x0123ed24 in nsXULElement::HandleDOMEvent (this=0x8771bd0,
aPresContext=0x85914b8,
aEvent=0xbf9482a8, aDOMEvent=0xbf947f1c, aFlags=7, aEventStatus=0xbf948100)
at nsXULElement.cpp:2153
#102 0x01001d01 in PresShell::HandleEventInternal (this=0x8591fe0,
aEvent=0xbf9482a8,
aView=0x89a51c0, aFlags=1, aStatus=0xbf948100) at nsPresShell.cpp:6425
#103 0x0100b58d in PresShell::HandleEvent (this=0x8591fe0, aView=0x89a51c0,
aEvent=0xbf9482a8,
aEventStatus=0xbf948100, aForceHandle=0, aHandled=@0xbf9480f8) at
nsPresShell.cpp:6261
#104 0x0125cdea in nsViewManager::HandleEvent (this=0x8591cd0, aView=0x89a51c0,
aEvent=0xbf9482a8,
aCaptured=0) at nsViewManager.cpp:2557
#105 0x01260ccc in nsViewManager::DispatchEvent (this=0x8591cd0, aEvent=0xbf9482a8,
aStatus=0xbf948210) at nsViewManager.cpp:2246
#106 0x01257f61 in HandleEvent (aEvent=0xbf9482a8) at nsView.cpp:171
#107 0x0057349c in nsCommonWidget::DispatchEvent (this=0x89a5218,
aEvent=0xbf9482a8,
aStatus=@0xbf9482f8) at nsCommonWidget.cpp:219
#108 0x0056e0ff in nsWindow::OnButtonPressEvent (this=0x89a5218, aWidget=0x84100c8,
aEvent=0x86540a0) at nsWindow.cpp:1573
#109 0x0056e1c2 in button_press_event_cb (widget=0x84100c8, event=0x86540a0) at
nsWindow.cpp:3729
#110 0x49293a60 in gtk_marshal_BOOLEAN__VOID () from /usr/lib/libgtk-x11-2.0.so.0
#111 0x45d32d9b in g_closure_invoke () from /lib/libgobject-2.0.so.0
#112 0x45d43433 in g_signal_chain_from_overridden () from /lib/libgobject-2.0.so.0
#113 0x45d4471f in g_signal_emit_valist () from /lib/libgobject-2.0.so.0
#114 0x45d44b19 in g_signal_emit () from /lib/libgobject-2.0.so.0
#115 0x493a8508 in gtk_widget_get_default_style () from /usr/lib/libgtk-x11-2.0.so.0
#116 0x4928ce33 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#117 0x4928e037 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#118 0x495b212a in gdk_add_client_message_filter () from
/usr/lib/libgdk-x11-2.0.so.0
#119 0x45bb1442 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#120 0x45bb441f in g_main_context_check () from /lib/libglib-2.0.so.0
#121 0x45bb47c9 in g_main_loop_run () from /lib/libglib-2.0.so.0
#122 0x4928e4b4 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#123 0x00571fc7 in nsAppShell::Run (this=0x841c3d0) at nsAppShell.cpp:139
#124 0x005fb9ce in nsAppStartup::Run (this=0x841e438) at nsAppStartup.cpp:150
#125 0x0804f67d in XRE_main (argc=1, argv=0xbf948ed4, aAppData=0x8065500) at
nsAppRunner.cpp:2380
#126 0x0804ab90 in main (argc=13039644, argv=0xc6f8c0) at nsMailApp.cpp:62
#127 0x47013f2c in __libc_start_main () from /lib/libc.so.6
#128 0x0804aae1 in _start ()
Okay, So here is the conclusion: GTK calls "atk_object_get_index_in_parent" for an AtkObject and tries to determine a position of a given AtkObject in a stream of a child which belongs to a superrior object. Then it's called (via. nsAccessibleWrap) nsAccessible::GetIndexInParent. GetIndexInParent goes through all siblings of the superrior object (via. GetNextSibling) and adds those siblings to Accessibility Cache (via. nsIAccessibleTreeCache::GetCachedTreeitemAccessible). And that's where the problem is. Every single sibling stored in Accessibility Cache (when it's created and moved to cache) holds a reference to the superrior object. Number of those siblings is quite large (~30 000 and more, 7-8 for any mail stored in a mail folder) so the short int mRefCnt can overflow to negative range and the parent object holds a wrong ref. count. Unfortunately, accessibility extensions are newly enabled by default in FC-7. Filed here - https://bugzilla.mozilla.org/show_bug.cgi?id=377376 fixed in Thunderbird 2.0.0.0 rc1 |
Description of problem: I'm getting the following backtrace when trying to open a large folder (damn you, fedora-extras-list). #0 0x00fbb2a8 in main_arena () from /lib/libc.so.6 #1 0x01338695 in nsAccessibleWrap::GetAtkObject (this=0xba2c9b0) at nsAccessibleWrap.cpp:251 #2 0x01339e40 in refChildCB (aAtkObj=0xab28228, aChildIndex=-1) at nsAccessibleWrap.cpp:864 #3 0x006d48c0 in atk_object_ref_accessible_child () from /usr/lib/libatk-1.0.so.0 #4 0x005df62c in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so #5 0x0073620e in ?? () from /lib/libgobject-2.0.so.0 #6 0x00737957 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #7 0x00739cee in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #8 0x0133a852 in nsDocAccessibleWrap::FireToolkitEvent (this=0x9a71e00, aEvent=32772, aAccessible=0xba2c9c4, aEventData=0x0) at nsDocAccessibleWrap.cpp:389 #9 0x01318b96 in nsDocAccessible::FlushPendingEvents (this=0x9a71e00) at nsDocAccessible.cpp:976 #10 0x013172d9 in nsDocAccessible::FlushEventsCallback (aTimer=0x9a6db90, aClosure=0x9a71e40) at nsDocAccessible.cpp:987 #11 0x00a5ad77 in nsTimerImpl::Fire (this=0x9a6db90) at nsTimerImpl.cpp:394 #12 0x00a5ae38 in handleTimerEvent (event=0xb1600498) at nsTimerImpl.cpp:459 #13 0x00a56c61 in PL_HandleEvent (self=0xb1600498) at plevent.c:688 #14 0x00a56eea in PL_ProcessPendingEvents (self=0x97ae718) at plevent.c:623 #15 0x00a58717 in nsEventQueueImpl::ProcessPendingEvents (this=0x97ae6d0) at nsEventQueue.cpp:417 #16 0x07951b42 in event_processor_callback (source=0x99562d0, condition=G_IO_IN, data=0xba2c9b0) at nsAppShell.cpp:67 #17 0x008e1bad in ?? () from /lib/libglib-2.0.so.0 #18 0x008b8442 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #19 0x008bb41f in ?? () from /lib/libglib-2.0.so.0 #20 0x008bb7c9 in g_main_loop_run () from /lib/libglib-2.0.so.0 #21 0x00bfd604 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #22 0x07951f2f in nsAppShell::Run (this=0x9884ee8) at nsAppShell.cpp:139 #23 0x0505d9ce in nsAppStartup::Run (this=0x988e438) at nsAppStartup.cpp:150 #24 0x0804f685 in XRE_main (argc=1, argv=0xbf814e94, aAppData=0x80654c0) at nsAppRunner.cpp:2380 #25 0x0804aba0 in main (argc=16495048, argv=0xfbb1c8) at nsMailApp.cpp:62 #26 0x00e82ef0 in __libc_start_main () from /lib/libc.so.6 #27 0x0804aaf1 in _start () Version-Release number of selected component (if applicable): thunderbird-1.5.0.9-7.fc7