Bug 145014 - Pasting text from IRC into a reply crashed Evolution
Pasting text from IRC into a reply crashed Evolution
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: evolution (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthew Barnes
:
Depends On:
Blocks: 171126
  Show dependency treegraph
 
Reported: 2005-01-13 14:20 EST by Michael Waite
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-02 19:11:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michael Waite 2005-01-13 14:20:34 EST
Description of problem:
Pasting text from IRC into a reply crashed Evolution

Version-Release number of selected component (if applicable):
evolution-2.0.2-3
gtkhtml3-3.3.2-3

How reproducible:
occasional

Steps to Reproduce:
1. Reply to a message
2. Paste text from other app
3. Cross fingers
  
Actual results:
(gdb) bt
#0  0x001957a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x003fb42b in __waitpid_nocancel () from /lib/tls/libpthread.so.0
#2  0x03e13f50 in libgnomeui_module_info_get () from
/usr/lib/libgnomeui-2.so.0
#3  0x080637e0 in e_sidebar_new ()
#4  <signal handler called>
#5  0x0427b401 in html_text_calc_part_width (text=0x934c340,
    painter=0x8efe070,
    start=0x934b090 "<arjan> so the autoresolver cannot find
it\nwrote:\nI\n\n8\n\n\uffff\b\201\n\n\n\031On Thu, 2005-01-13 at
13:38 -0500, Jon Orris wrote:",
    offset=0, len=3, asc=0x934af1c, dsc=0x934af20) at htmltext.c:972
#6  0x0427b8ea in calc_preferred_width (self=0x934af00, painter=0x8efe070)
    at htmltext.c:998
#7  0x04264aa0 in html_object_calc_preferred_width (o=0x934af00,
    painter=0x8b0ae10) at htmlobject.c:953
#8  0x0427695c in html_text_real_calc_size (self=0x0, painter=0x8b0ae10,
    changed_objs=0xbff37b6c) at htmltext.c:740
#9  0x04263591 in html_object_calc_size (o=0x934af00, painter=0x8b0ae10,
    changed_objs=0x8b0ae10) at htmlobject.c:889
#10 0x0423598d in html_clue_flow_real_calc_size (o=0x934adc0,
    painter=0x8efe070, changed_objs=0xbff37b6c) at htmlclueflow.c:830
#11 0x04263591 in html_object_calc_size (o=0x934adc0, painter=0x8b0ae10,
    changed_objs=0x8b0ae10) at htmlobject.c:889
#12 0x042385cb in html_cluev_do_layout (o=0x92be668, painter=0x8efe070,
---Type <return> to continue, or q <return> to quit---q
calc_sizQuit
) at htmlcluev.c:205
#13 0x04263591 in html_object_calc_size (o=0x92be668, painter=0x8b0ae10,
    changed_objs=0x8b0ae10) at htmlobject.c:889
#14 0x04251fe2 in html_engine_calc_size (e=0x8d85cc8,
changed_objs=0xbff37b6c)
    at htmlengine.c:4882
#15 0x04259b63 in thaw_idle (data=0x8b0ae10) at htmlengine.c:5469
#16 0x00553b5a in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
#17 0x005507bb in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#18 0x00552242 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
#19 0x005524ef in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#20 0x03bfbdd5 in bonobo_main () from /usr/lib/libbonobo-2.so.0
#21 0x08063af9 in main ()
(gdb) up 5
#5  0x0427b401 in html_text_calc_part_width (text=0x934c340,
    painter=0x8efe070,
    start=0x934b090 "<arjan> so the autoresolver cannot find
it\nwrote:\nI\n\n8\n\n\uffff\b\201\n\n\n\031On Thu, 2005-01-13 at
13:38 -0500, Jon Orris wrote:",
    offset=0, len=3, asc=0x934af1c, dsc=0x934af20) at htmltext.c:972
972                             if (len > 0 && (need_ascent_descent)
&& (pi->entries [idx].item->analysis.font != font || pi->entries
[idx].item->analysis.language != language)) {
(gdb) print entries
No symbol "entries" in current context.
(gdb) print idx
$1 = 1
(gdb) print pi->entries[idx]
$2 = {item = 0x0, widths = 0xd9}

(reading through NULL item pointer here causes segfault)


Expected results:
No crash

Additional info:
Comment 3 Ed Hill 2005-02-28 21:39:51 EST
I'm also seeing evolution crashes about twice a week.  They happen when editing
new emails and are most frequent when pasting text from, for instance, emacs
sessions.  The crashes appear to be more frequent with code snippets (that is,
text conaining parentheses) but this may just be a coincidence.  [evo 2.0.2-3 on
fc3]

Are there any plans to upgrade to the more recent upstream evolution 2.0.x
series which may fix some of these bugs?
Comment 5 Dave Malcolm 2005-06-24 20:10:18 EDT
Looks like pasting text containing the characters < and > might be the culprit
here.  Does that help with isolating a way of reproducing it?
Comment 7 Ed Hill 2005-06-24 20:31:29 EDT
I don't have any reproducable examples but all of the crashes that I'm seeing
happen when I edit emails that contain parens and I do some text hilighting and
deleting within the parens.  It may be a coincidence but I really think
something very wroing is happening when there are parens in the text.
Comment 10 Matthew Miller 2006-07-10 17:36:08 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 11 Matěj Cepl 2007-08-31 11:21:12 EDT
The distribution against which this bug was reported is no longer supported,
could you please reproduce this with the updated version of the currently
supported distribution (Fedora Core 6, or Fedora 7, or Rawhide)? If this issue
turns out to still be reproducible, please let us know in this bug report.  If
after a month's time we have not heard back from you, we will have to close this
bug as INSUFFICIENT_DATA.

Setting status to NEEDINFO, and awaiting information from the reporter.

Thanks in advance.
Comment 12 Ed Hill 2007-09-02 13:42:30 EDT
Please close this bug.  I don't mean to sound like a wise-guy (Evolution 
served me well for a few years) but the "fix" for me was to switch to 
Sylpheed-claws (now "claws-mail").
Comment 13 Matthew Barnes 2007-09-02 19:11:02 EDT
Closing as requested.

Note You need to log in before you can comment on or make changes to this bug.