Bug 247745
Summary: | Evolution crashes system with malloc loop. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Woodhouse <dwmw2> | ||||
Component: | evolution | Assignee: | Matthew Barnes <mbarnes> | ||||
Status: | CLOSED WORKSFORME | QA Contact: | desktop-bugs <desktop-bugs> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 8 | CC: | beland, james, mcrha | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-12-10 15:40:56 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 235705 | ||||||
Attachments: |
|
Description
David Woodhouse
2007-07-11 08:23:05 UTC
Created attachment 158926 [details]
autosave file.
To reproduce... start evo, select 'recover'.
Place cursor after 'in mind?' in the penultimate quoted paragraph.
Hit enter a few times to make space; delete the '>' marks. Select the entire
sentence in parentheses from a little further up ('It would actually...') with
the left button. Paste it into your new space with the right button. Delete the
starting parenthesis, start typing 'I agree. To that end...'
Actually it started going AWOL for me when I mistyped 'that'. Perhaps it has
something to do with the spell checker. I'll keep an eye out for that in the
future.
Backtrace would be nicer if I had a _matching_ gtkhtml3-debuginfo installed. So I updated to gtkhtml3-3.14.3-1.fc7. Some backtraces from interrupting it while it's chewing memory (1.4G RSS at this point)... Program received signal SIGINT, Interrupt. [Switching to Thread 4155187200 (LWP 17392)] 0x0fe81b30 in malloc () from /lib/libc.so.6 (gdb) bt #0 0x0fe81b30 in malloc () from /lib/libc.so.6 #1 0x0ef4094c in g_malloc () from /lib/libglib-2.0.so.0 #2 0x0e8490e8 in spell_error_new (off=497, len=11) at htmltext.c:3010 #3 0x0e84bff0 in copy (s=0x117ddd98, d=0x11445348) at htmltext.c:180 #4 0x0e82ec2c in html_object_copy (self=0x8, dest=0xb) at htmlobject.c:1043 #5 0x0e832f70 in html_object_dup (object=0x117ddd98) at htmlobject.c:891 #6 0x0e84f450 in object_split (self=0x117ddd98, e=0x1036c230, child=<value optimized out>, offset=15, level=1, left=0xffef0b7c, right=0xffef0b78) at htmltext.c:690 #7 0x0e830b08 in html_object_split (self=0x8, e=0xb, child=0xff955cc, offset=0, level=8, left=0x3aa04b68, right=0x0) at htmlobject.c:939 #8 0x0e805fa4 in split_and_add_empty_texts (e=0xb, level=8, left=0x3aa04b68, right=0x0) at htmlengine-edit-cut-and-paste.c:369 #9 0x0e806508 in insert_object_for_undo (e=0x1036c230, obj=0x157c9ae0, len=1, position_after=1553, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:884 #10 0x0e8068e4 in insert_object (e=0x1036c230, obj=0x157c9ae0, len=1, position_after=1610612736, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:1128 #11 0x0e8088a8 in html_engine_insert_text_with_extra_attributes (e=0x1036c230, text=0x114452b8 "t", len=1, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1373 #12 0x0e808bb8 in html_engine_paste_text_with_extra_attributes (e=0x1036c230, text=0x114452b8 "t", len=4294967295, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1404 #13 0x0e808c18 in html_engine_paste_text (e=0x8, text=0xb <Address 0xb out of bounds>, len=267998668) at htmlengine-edit-cut-and-paste.c:1411 #14 0x0e7e3890 in gtk_html_im_commit_cb (context=<value optimized out>, str=0xb <Address 0xb out of bounds>, html=0x119ff2a0) at gtkhtml.c:3232 #15 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #16 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #17 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #18 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #19 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #20 0xf7c4b0c8 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #21 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #22 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #23 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #24 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #25 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #26 0xf7c494cc in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #27 0xf7c49d94 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #28 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #29 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #30 0x0e7ebf60 in key_press_event (widget=0x119ff2a0, event=0x112bdd40) at gtkhtml.c:974 #31 0xf7c72c54 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #32 0x0edbbbcc in ?? () from /lib/libgobject-2.0.so.0 #33 0x0edbd904 in g_closure_invoke () from /lib/libgobject-2.0.so.0 #34 0x0edd1d70 in ?? () from /lib/libgobject-2.0.so.0 #35 0x0edd2d04 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #36 0x0edd3148 in g_signal_emit () from /lib/libgobject-2.0.so.0 #37 0xf7db7ca0 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #38 0xf7dcae34 in gtk_window_propagate_key_event () from /usr/lib/libgtk-x11-2.0.so.0 #39 0xf7dcefa4 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #40 0x0088c56c in ?? () from /usr/lib/libbonoboui-2.so.0 #41 0xf7c72c54 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #42 0x0edbbbcc in ?? () from /lib/libgobject-2.0.so.0 #43 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #44 0x0edd1d70 in ?? () from /lib/libgobject-2.0.so.0 #45 0x0edd2d04 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #46 0x0edd3148 in g_signal_emit () from /lib/libgobject-2.0.so.0 #47 0xf7db7ca0 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #48 0xf7c6a4cc in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #49 0xf7c6bda0 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #50 0x0eb20208 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #51 0x0ef37eb4 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #52 0x0ef3bbbc in ?? () from /lib/libglib-2.0.so.0 #53 0x0ef3c024 in g_main_loop_run () from /lib/libglib-2.0.so.0 #54 0xf7f8060c in bonobo_main () from /usr/lib/libbonobo-2.so.0 #55 0x1001846c in main (argc=<value optimized out>, argv=0xffef2664) at main.c:586 (gdb) c Continuing. Program received signal SIGINT, Interrupt. 0x0ef533f4 in ?? () from /lib/libglib-2.0.so.0 (gdb) bt #0 0x0ef533f4 in ?? () from /lib/libglib-2.0.so.0 #1 0x0ef54058 in g_slice_alloc () from /lib/libglib-2.0.so.0 #2 0x0ef34e28 in g_list_copy () from /lib/libglib-2.0.so.0 #3 0x0e84bfc4 in copy (s=0x117ddd98, d=0x2f338280) at htmltext.c:176 #4 0x0e82ec2c in html_object_copy (self=0x42e9e540, dest=0x4) at htmlobject.c:1043 #5 0x0e832f70 in html_object_dup (object=0x117ddd98) at htmlobject.c:891 #6 0x0e84f450 in object_split (self=0x117ddd98, e=0x1036c230, child=<value optimized out>, offset=16, level=1, left=0xffef0b7c, right=0xffef0b78) at htmltext.c:690 #7 0x0e830b08 in html_object_split (self=0x42e9e540, e=0x4, child=0x42e9e5e8, offset=8, level=8, left=0xe, right=0x4) at htmlobject.c:939 #8 0x0e805fa4 in split_and_add_empty_texts (e=0x4, level=8, left=0xe, right=0x4) at htmlengine-edit-cut-and-paste.c:369 #9 0x0e806508 in insert_object_for_undo (e=0x1036c230, obj=0x2f3381f8, len=1, position_after=1554, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:884 #10 0x0e8068e4 in insert_object (e=0x1036c230, obj=0x2f3381f8, len=1, position_after=0, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:1128 #11 0x0e8088a8 in html_engine_insert_text_with_extra_attributes (e=0x1036c230, text=0x26a136c8 " ", len=1, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1373 #12 0x0e808bb8 in html_engine_paste_text_with_extra_attributes (e=0x1036c230, text=0x26a136c8 " ", len=4294967295, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1404 #13 0x0e808c18 in html_engine_paste_text (e=0x42e9e540, text=0x4 <Address 0x4 out of bounds>, len=1122625000) at htmlengine-edit-cut-and-paste.c:1411 #14 0x0e7e3890 in gtk_html_im_commit_cb (context=<value optimized out>, str=0x4 <Address 0x4 out of bounds>, html=0x119ff2a0) at gtkhtml.c:3232 #15 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #16 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #17 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #18 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #19 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #20 0xf7c4b0c8 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #21 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #22 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #23 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #24 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #25 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #26 0xf7c494cc in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #27 0xf7c49d94 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #28 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #29 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #30 0x0e7ebf60 in key_press_event (widget=0x119ff2a0, event=0x10e512d8) at gtkhtml.c:974 #31 0xf7c72c54 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #32 0x0edbbbcc in ?? () from /lib/libgobject-2.0.so.0 #33 0x0edbd904 in g_closure_invoke () from /lib/libgobject-2.0.so.0 #34 0x0edd1d70 in ?? () from /lib/libgobject-2.0.so.0 #35 0x0edd2d04 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #36 0x0edd3148 in g_signal_emit () from /lib/libgobject-2.0.so.0 #37 0xf7db7ca0 in gtk_toggle_button_set_active () ---Type <return> to continue, or q <return> to quit--- from /usr/lib/libgtk-x11-2.0.so.0 #38 0xf7dcae34 in gtk_window_propagate_key_event () from /usr/lib/libgtk-x11-2.0.so.0 #39 0xf7dcefa4 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #40 0x0088c56c in ?? () from /usr/lib/libbonoboui-2.so.0 #41 0xf7c72c54 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #42 0x0edbbbcc in ?? () from /lib/libgobject-2.0.so.0 #43 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #44 0x0edd1d70 in ?? () from /lib/libgobject-2.0.so.0 #45 0x0edd2d04 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #46 0x0edd3148 in g_signal_emit () from /lib/libgobject-2.0.so.0 #47 0xf7db7ca0 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #48 0xf7c6a4cc in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #49 0xf7c6bda0 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #50 0x0eb20208 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #51 0x0ef37eb4 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #52 0x0ef3bbbc in ?? () from /lib/libglib-2.0.so.0 #53 0x0ef3c024 in g_main_loop_run () from /lib/libglib-2.0.so.0 #54 0xf7f8060c in bonobo_main () from /usr/lib/libbonobo-2.so.0 #55 0x1001846c in main (argc=<value optimized out>, argv=0xffef2664) at main.c:586 (gdb) c Continuing. Program received signal SIGINT, Interrupt. 0x0fe80320 in _int_malloc () from /lib/libc.so.6 (gdb) bt #0 0x0fe80320 in _int_malloc () from /lib/libc.so.6 #1 0x0fe80b34 in _int_memalign () from /lib/libc.so.6 #2 0x0fe81e1c in memalign () from /lib/libc.so.6 #3 0x0fe8207c in posix_memalign () from /lib/libc.so.6 #4 0x0ef534c0 in ?? () from /lib/libglib-2.0.so.0 #5 0x0ef54058 in g_slice_alloc () from /lib/libglib-2.0.so.0 #6 0x0ef34e28 in g_list_copy () from /lib/libglib-2.0.so.0 #7 0x0e84bfc4 in copy (s=0x117ddd98, d=0x2f337fe0) at htmltext.c:176 #8 0x0e82ec2c in html_object_copy (self=0x1245c4f8, dest=0x0) at htmlobject.c:1043 #9 0x0e832f70 in html_object_dup (object=0x117ddd98) at htmlobject.c:891 #10 0x0e84f450 in object_split (self=0x117ddd98, e=0x1036c230, child=<value optimized out>, offset=17, level=1, left=0xffef0b7c, right=0xffef0b78) at htmltext.c:690 #11 0x0e830b08 in html_object_split (self=0x1245c4f8, e=0x0, child=0xf8, offset=8, level=-1, left=0x6e0b6df8, right=0xff90a00) at htmlobject.c:939 #12 0x0e805fa4 in split_and_add_empty_texts (e=0x0, level=-1, left=0x6e0b6df8, right=0xff90a00) at htmlengine-edit-cut-and-paste.c:369 #13 0x0e806508 in insert_object_for_undo (e=0x1036c230, obj=0x13580c80, len=1, position_after=1555, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:884 #14 0x0e8068e4 in insert_object (e=0x1036c230, obj=0x13580c80, len=1, position_after=Cannot access memory at address 0xfffffffffffffffc ) at htmlengine-edit-cut-and-paste.c:1128 #15 0x0e8088a8 in html_engine_insert_text_with_extra_attributes (e=0x1036c230, text=0x1245cfe0 "e", len=1, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1373 #16 0x0e808bb8 in html_engine_paste_text_with_extra_attributes (e=0x1036c230, text=0x1245cfe0 "e", len=4294967295, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1404 #17 0x0e808c18 in html_engine_paste_text (e=0x1245c4f8, text=0x0, len=248) at htmlengine-edit-cut-and-paste.c:1411 #18 0x0e7e3890 in gtk_html_im_commit_cb (context=<value optimized out>, str=0x0, html=0x119ff2a0) at gtkhtml.c:3232 #19 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #20 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #21 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #22 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #23 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #24 0xf7c4b0c8 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #25 0x0edcd698 in g_cclosure_marshal_VOID__STRING () from /lib/libgobject-2.0.so.0 #26 0x0edbd7fc in g_closure_invoke () from /lib/libgobject-2.0.so.0 #27 0x0edd1c24 in ?? () from /lib/libgobject-2.0.so.0 #28 0x0edd2f7c in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 #29 0x0edd57dc in g_signal_emit_by_name () from /lib/libgobject-2.0.so.0 #30 0xf7c494cc in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #31 0xf7c49d94 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #32 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #33 0xf7c4875c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #34 0x0e7ebf60 in key_press_event (widget=0x119ff2a0, event=0x112bdc50) at gtkhtml.c:974 #35 0xf7c72c54 in gtk_toggle_button_set_active () from /usr/lib/libgtk-x11-2.0.so.0 #36 0x0edbbbcc in ?? () from /lib/libgobject-2.0.so.0 #37 0x0edbd904 in g_closure_invoke () from /lib/libgobject-2.0.so.0 #38 0x0edd1d70 in ?? () from /lib/libgobject-2.0.so.0 #39 0x0edd2d04 in g_signal_emit_valist () from /lib/libgobject-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- This seems to be the same syndrome as bug 234342, though you have a better theory of what causes it than I did. FWIW this happened again today in rawhide. Moving this to F8Target. I think Dan may be on to something. See bug #353121. *** Bug 234342 has been marked as a duplicate of this bug. *** Updating version to Fedora 8, which contains patch from bug #353121 since gtkhtml3-3.16.3-1.fc8 This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Any sign of this in Fedora 10? Looks obsolete to me. Closing as INSUFFICIENT_DATA due to lack of response. Evolution has not been exploding for me in Fedora 9, so I think it's been fixed. Thanks. Changing resolution to WORKSFORME. We'll say it's at least exploding in different ways now, yeah? ;) |