Bug 771190

Summary: Evolution crashes on SIGABRT when searching in HTML attachment
Product: Red Hat Enterprise Linux 6 Reporter: David Jaša <djasa>
Component: gtkhtml3Assignee: Matthew Barnes <mbarnes>
Status: CLOSED WORKSFORME QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: djasa, jkoten, mcrha, tpelka
Target Milestone: alpha   
Target Release: 6.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: evolution-2.32.3-14.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-12 14:19:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
backtrace
none
valgrind log none

Description David Jaša 2012-01-02 11:40:09 UTC 
Created attachment 550238 [details]
backtrace

Description of problem:
SSIA.

Version-Release number of selected component (if applicable):
evolution-2.28.3-24.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. have a message with HTML attachment
2. expand the attachment
3. enter the search string into the search field
4. hit "next" (hit again if the crash does not occur on first hit)
  
Actual results:
evolution receives sigabrt

Expected results:


Additional info:
part of backtrace:

Thread 1 (Thread 0x7f4df368d940 (LWP 6942)):
#0  0x0000003247632885 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003247634065 in abort () at abort.c:92
#2  0x000000347be5ea7f in IA__g_assertion_message (domain=<value optimized out>, file=0x31595922b0 "gtklayout.c", line=<value optimized out>, func=0x31595924d0 "gtk_layout_move_internal", message=0x158b520 "assertion failed: (child)")
    at gtestutils.c:1302
#3  0x000000347be5f020 in IA__g_assertion_message_expr (domain=0x3159503137 "Gtk", file=0x31595922b0 "gtklayout.c", line=394, func=0x31595924d0 "gtk_layout_move_internal", expr=<value optimized out>) at gtestutils.c:1313
#4  0x00000031593436e6 in gtk_layout_move_internal (layout=0xecb5d0 [GtkHTML], widget=0x38860c0 [GtkScrolledWindow], change_x=1, x=7, change_y=1, y=9) at gtklayout.c:394
#5  0x000000315fc4eba5 in draw (o=0x16dfc40, p=0xdd00e0 [HTMLGdkPainter], x=<value optimized out>, y=<value optimized out>, width=<value optimized out>, height=<value optimized out>, tx=7, ty=310) at htmlembedded.c:84
#6  0x000000315fc97a0f in draw (o=0x16dfc40, p=0xdd00e0 [HTMLGdkPainter], x=409, y=-230, width=474, height=230, tx=7, ty=310) at htmliframe.c:184
#7  0x000000315fc42c30 in draw (o=0x11f4500, p=0xdd00e0, x=410, y=-228, width=474, height=230, tx=7, ty=310) at htmlclue.c:267
---Type <return> to continue, or q <return> to quit---
#8  0x000000315fc46e62 in draw (self=0x11f4500, painter=0xdd00e0 [HTMLGdkPainter], x=410, y=-228, width=474, height=230, tx=6, ty=308) at htmlclueflow.c:1370
#9  0x000000315fc42c30 in draw (o=0xb20730, p=0xdd00e0, x=410, y=74, width=474, height=230, tx=6, ty=308) at htmlclue.c:267
#10 0x000000315fc4a99b in draw (o=0xb20730, p=0xdd00e0 [HTMLGdkPainter], x=410, y=74, width=474, height=230, tx=6, ty=6) at htmlcluev.c:395
#11 0x000000315fc42c30 in draw (o=0x10879f0, p=0xdd00e0, x=416, y=80, width=474, height=230, tx=6, ty=6) at htmlclue.c:267
#12 0x000000315fc4a99b in draw (o=0x10879f0, p=0xdd00e0 [HTMLGdkPainter], x=416, y=80, width=474, height=230, tx=0, ty=0) at htmlcluev.c:395
#13 0x000000315fc668ae in html_engine_draw_real (e=0xd63cb0 [HTMLEngine], x=<value optimized out>, y=<value optimized out>, width=812, height=230, expose=1) at htmlengine.c:5088
#14 0x000000315fc3b1d8 in expose (widget=0xecb5d0 [GtkHTML], event=0x7fff25f36da0) at gtkhtml.c:1229
Comment 1 Milan Crha 2012-01-03 10:39:49 UTC 
Thanks for a bug report. I found these two relevant upstream bug reports:
   https://bugzilla.gnome.org/show_bug.cgi?id=574764
   https://bugzilla.gnome.org/show_bug.cgi?id=344076
The older contains a link to a commit which may fix the issue. I'll give it a try and update this bug report when I know more.
Comment 2 Milan Crha 2012-01-03 12:12:14 UTC 
I was unable to reproduce this myself, but I created a test package [1] with the upstream patch included, to test whether it's fixing the issue. Please give it a try and report back. Thanks in advance.

[1] https://brewweb.devel.redhat.com/taskinfo?taskID=3915272
Comment 5 Milan Crha 2012-01-10 12:38:27 UTC 
Could you try to catch a valgrind log for it, please? Maybe it'll show something useful. Make sure you've installed debuginfo packages for evolution, gtkhtml3 and evolution-data-server of the same version as their corresponding binary packages, and then invoke this command:
 $ G_SLICE=always-malloc valgrind --num-callers=50 evolution --offline &>log.txt
and then try to reproduce the issue. Even if it'll not crash (valgrind can avoid certain types of crashes caused by incorrect memory manipulation), the log can contain an information about the issue.

Note that the command runs evolution in offline, thus when you run it again it will still be in offline, thus do not forget to switch it to online after testing.

Thanks in advance.
Comment 6 David Jaša 2012-01-11 12:29:54 UTC 
Created attachment 552099 [details]
valgrind log

Crash occured in valgrind, log attached (with messages added to log file via >> redirect from shell before I did action in GUI).
Comment 7 Milan Crha 2012-01-11 13:13:45 UTC 
Hmm, strangely nothing interesting in it. I suppose it's due to no memory issue during the crash. I'll let you know if/when I'll have any better idea what to try.
Comment 9 Suzanne Logcher 2012-02-14 23:26:09 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 10 Milan Crha 2013-06-27 09:30:51 UTC 
I still cannot reproduce this, but the rebased version contains a fix from the upstream bug [1], thus I suppose this could be fixed. Could you retest, please?

[1] https://bugzilla.gnome.org/show_bug.cgi?id=344076#c31
Comment 11 David Jaša 2013-07-12 15:57:37 UTC 
I didn't notice this bug since the rebase but that may be caused by abrt logs flooded by some repetitive unrelated crashes. I'll filter these out and report if the crashes do occur in the few following days.
Comment 12 Jiri Koten 2013-08-12 13:40:41 UTC 
I was able to reproduce using the Wide View and Preview set to Vertical view.

No crash in evolution-2.32.3-14.el6.x86_64.
Comment 13 Milan Crha 2013-08-12 14:19:54 UTC 
Thanks for the testing. Let's call this "fixed by rebase".