Description of problem: When composing a message in evolution, I came across a reproducible way to crash evolution (actually my wife did). It's crashing in gtkhtml3. Version-Release number of selected component (if applicable): gtkhtml3-3.3.0-2 evolution-1.5.92.2-2 How reproducible: 100% Steps to Reproduce: 1. Start evolution, compose new message 2. Start Mozilla: http://www.imdb.com/news/wenn/2004-08-12 3. Highlight the Bjork story, from the beginning of the headline to the end of the story ("Bjork" [...] "event.") 4. Click in the evolution message being composed 5. Middle-click to paste the selection 6. Put the cursor before the "I" of "Iceland". 7. Press backspace twice. Actual results: Backtrace attached.
Created attachment 102690 [details] gtkhtml3-backtrace
I've checked a fix into CVS.
Fixed package is 3.3.0-3.
I'm not the maintainer of this package upstream or downstream, but I'm maintaining the 3.3.x branch upstream, and as such, am a bit upset that a patch went into our package without being reported or fixed upstream. I don't think the patch solves the root problem, I'm going to investigate a bit more to try to figure out if it's 3.3.x branch related or a general bug.
This is: http://bugzilla.ximian.com/show_bug.cgi?id=50052 I think what is really happening is that the first press of delete corrupts the internal structures of GtkHTML, and then the second delete dies in the assertion failure. I'll leave your patch in the RPM, but I bet small variations of the procedure will still crash. If you look through the GtkHTML bugs, it's clear that there are a lot of outstanding editor crashers...