Edit > Preferences also suffers the same crash. Produced from the shell:

(evolution:31383): Gtk-CRITICAL **: gtk_tree_sortable_set_sort_column_id:
assertion `GTK_IS_TREE_SORTABLE (sortable)' failed
evolution: symbol lookup error: /usr/lib/libglade-2.0.so.0: undefined symbol:
atk_relation_set_add_relation_by_type

Here is a gdb trace of a crash when trying to do a forward:

(gdb) where
#0  0x00000036e0921334 in g_type_check_instance_cast ()
   from /usr/lib64/libgobject-2.0.so.0
#1  0x000000391ff1045f in e_name_selector_dialog_init (
    name_selector_dialog=0x2aaab2953e40) at e-name-selector-dialog.c:141
#2  0x00000036e0926290 in g_type_create_instance ()
   from /usr/lib64/libgobject-2.0.so.0
#3  0x00000036e090e050 in g_object_thaw_notify ()
   from /usr/lib64/libgobject-2.0.so.0
#4  0x00000036e090eb18 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
#5  0x00000036e090f4f6 in g_object_new_valist ()
   from /usr/lib64/libgobject-2.0.so.0
#6  0x00000036e090f705 in g_object_new () from /usr/lib64/libgobject-2.0.so.0
#7  0x000000391ff0efef in e_name_selector_peek_dialog (
    name_selector=0x2aaab2954980) at e-name-selector.c:156
#8  0x00002aaaaf954d00 in e_msg_composer_hdrs_new (uic=Variable "uic" is not
available.
)
    at e-msg-composer-hdrs.c:140
#9  0x00002aaaaf95df09 in create_composer (visible_mask=159)
    at e-msg-composer.c:3406
#10 0x00002aaaaf95f9b8 in e_msg_composer_new_with_type (type=1)
    at e-msg-composer.c:3587
#11 0x00002aaaaf90ec60 in create_new_composer (
    subject=0x2aaab2921dd0 "[Fwd: Confirmation of Order]",
    fromuri=0x1921700 "imap://tjb.unh.edu/Current/Inbox")
---Type <return> to continue, or q <return> to quit---
    at em-composer-utils.c:585
#12 0x00002aaaaf90f050 in forward_attached (folder=Variable "folder" is not
available.
) at em-composer-utils.c:787
#13 0x00002aaaaf90f0a6 in forward_attached_cb (folder=0xffffffffb295b930,
    messages=0x84eb90, part=0x36e1288c48, subject=0x0, user_data=0x1921700)
    at em-composer-utils.c:802
#14 0x00002aaaaf943f3c in do_build_attachment (folder=0x9e94a0, uids=Variable
"uids" is not available.
)
    at mail-ops.c:1168
#15 0x00002aaaaf941237 in mail_msgport_replied (source=Variable "source" is not
available.
) at mail-mt.c:447
#16 0x00000036e112499e in g_main_context_dispatch ()
   from /usr/lib64/libglib-2.0.so.0
#17 0x00000036e1127644 in g_main_context_check ()
   from /usr/lib64/libglib-2.0.so.0
#18 0x00000036e1127b30 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#19 0x00000036e3b2d3bb in bonobo_main () from /usr/lib64/libbonobo-2.so.0
#20 0x000000000041b4da in main (argc=Variable "argc" is not available.
) at main.c:610
(gdb)
(gdb)

What's the command in gdb to do a traceback on all threads?

Another crash log:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496373056 (LWP 25023)]
0x00000036e0921334 in g_type_check_instance_cast ()
   from /usr/lib64/libgobject-2.0.so.0
(gdb) w
Ambiguous command "w": watch, wh, whatis, where, while, while-stepping,
winheight, ws.
(gdb) where
#0  0x00000036e0921334 in g_type_check_instance_cast ()
   from /usr/lib64/libgobject-2.0.so.0
#1  0x000000391ff1045f in e_name_selector_dialog_init (
    name_selector_dialog=0x2aaab30734b0) at e-name-selector-dialog.c:141
#2  0x00000036e0926290 in g_type_create_instance ()
   from /usr/lib64/libgobject-2.0.so.0
#3  0x00000036e090e050 in g_object_thaw_notify ()
   from /usr/lib64/libgobject-2.0.so.0
#4  0x00000036e090eb18 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
#5  0x00000036e090f4f6 in g_object_new_valist ()
   from /usr/lib64/libgobject-2.0.so.0
#6  0x00000036e090f705 in g_object_new () from /usr/lib64/libgobject-2.0.so.0
#7  0x000000391ff0efef in e_name_selector_peek_dialog (
    name_selector=0x2aaab3073950) at e-name-selector.c:156
#8  0x00002aaaaf954d00 in e_msg_composer_hdrs_new (uic=Variable "uic" is not
available.
)
    at e-msg-composer-hdrs.c:140
#9  0x00002aaaaf95df09 in create_composer (visible_mask=159)
    at e-msg-composer.c:3406
#10 0x00002aaaaf95f9b8 in e_msg_composer_new_with_type (type=1)
    at e-msg-composer.c:3587
#11 0x00002aaaaf910244 in em_utils_reply_to_message (folder=0x2aaab14f3ac0,
    uid=0x1d22ca0 "521", message=0x9da278, mode=Variable "mode" is not available.
) at em-composer-utils.c:1176
#12 0x00002aaaaf91089c in reply_to_message (folder=0xffffffffb307d760,
---Type <return> to continue, or q <return> to quit---
    uid=0x83bbd0 "", message=0x36e1288c48, user_data=0x0)
    at em-composer-utils.c:1664
#13 0x00002aaaaf941237 in mail_msgport_replied (source=Variable "source" is not
available.
) at mail-mt.c:447
#14 0x00000036e112499e in g_main_context_dispatch ()
   from /usr/lib64/libglib-2.0.so.0
#15 0x00000036e1127644 in g_main_context_check ()
   from /usr/lib64/libglib-2.0.so.0
#16 0x00000036e1127b30 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#17 0x00000036e3b2d3bb in bonobo_main () from /usr/lib64/libbonobo-2.so.0
#18 0x000000000041b4da in main (argc=Variable "argc" is not available.
) at main.c:610
(gdb)

Created attachment 115888 [details]
e-d-s crash log

Here's an e-d-s crash log I got when replying.

I have resolved the problem: there was an old version of atk on my system.
Apparently it would not update since I had the dependency atk-devel. Evolution
2.2.2 should be made to require atk >= 1.9.

I've got atk-1.9.1 and evolution crashes about 50% of the time on any reply. Any
progress on this? I see I need to attach some more logs to this bug which may help.

Created attachment 116538 [details]
crash log from evolution

crash log from evolution when replying to an email.

Created attachment 116598 [details]
another e-d-s crash log

another e-d-s crash log

Created attachment 116654 [details]
another evolution crash log

Is there any action on this? I still experience these bugs daily. I've updated
to the versions in updates-testing but that didn't really help at all.

I'm having the same issue.  I'm running FC4 X86_64 on a Dell Precision 670N. 
Evolution seems to crash every time on Reply to All and every other time on Reply.

Created attachment 117755 [details]
evolution crash log

Running evolution-2.2.3-2.fc4 and evolution-data-server-1.2.3-2.fc4, I got the
included reply crash today.

I've been experiencing the same problems on x86_64 fc4 -- intermittent crashes
when hitting reply/reply to all.  The segfaults usually have the same stack
trace as listed above in comments 2 & 3.  

After poking around in gdb a bit it began to appear to me that the crashes
occurred when gtk_cell_renderer_text_new returned an address bigger than 32
bits.  I applied the patches below to evolution-data-server and gtk2 in order to
confirm.

[gavin@boll SOURCES]$ cat evolution-debug.patch
--- evolution-data-server-1.2.3.orig/libedataserverui/e-name-selector-dialog.c
2005-08-19 10:55:36.000000000 -0500
+++ evolution-data-server-1.2.3/libedataserverui/e-name-selector-dialog.c     
2005-08-19 10:56:57.000000000 -0500
@@ -87,6 +87,7 @@
 {
        GtkTreeSelection  *contact_selection;
        GtkTreeViewColumn *column;
+       GtkCellRenderer   *cell_renderer_pre;
        GtkCellRenderer   *cell_renderer;
        GtkWidget         *widget;
        GtkWidget         *container;
@@ -138,7 +139,10 @@
        /* Set up contacts view */

        column = gtk_tree_view_column_new ();
-       cell_renderer = GTK_CELL_RENDERER (gtk_cell_renderer_text_new ());
+       cell_renderer_pre = gtk_cell_renderer_text_new ();
+       if (((long int) cell_renderer_pre) & 0xffffffff00000000)
+               g_warning ("Likely to crash - %p", cell_renderer_pre);
+       cell_renderer = GTK_CELL_RENDERER (cell_renderer_pre);
        gtk_tree_view_column_pack_start (column, cell_renderer, TRUE);
        gtk_tree_view_column_set_cell_data_func (column, cell_renderer,
                                                 (GtkTreeCellDataFunc)
contact_column_formatter,
[gavin@boll SOURCES]$ cat gtk-debug.patch
--- gtk+-2.6.7.orig/gtk/gtkcellrenderertext.c   2005-08-19 15:09:28.000000000 -0500
+++ gtk+-2.6.7/gtk/gtkcellrenderertext.c        2005-08-19 15:10:38.000000000 -0500
@@ -1252,7 +1252,13 @@
 GtkCellRenderer *
 gtk_cell_renderer_text_new (void)
 {
-  return g_object_new (GTK_TYPE_CELL_RENDERER_TEXT, NULL);
+  GtkCellRenderer *retval;
+
+  retval = g_object_new (GTK_TYPE_CELL_RENDERER_TEXT, NULL);
+  if (((long int) retval) & 0xffffffff00000000)
+    g_warning ("gtk_cell_renderer_text likely to crash - %p", retval);
+
+  return retval;
 }

 static void


The warnings above produce output like:

(evolution:9191): Gtk-WARNING **: gtk_cell_renderer_text likely to crash -
0x2acaafca3ec0

(evolution:9191): e-data-server-ui-WARNING **: Likely to crash - 0xffffffffafca3ec0

This looks like a compiler bug to me.  A complete gdb session follows.  I think
the offending assembler code is this bit:

0x00000035e2210687 <e_name_selector_dialog_init+400>:	callq  0x35e220a1c8
0x00000035e221068c <e_name_selector_dialog_init+405>:	movslq %eax,%rbx

The use of eax is discarding the top bits of the pointer, which is in rax.

Current directory is /usr/bin/
GNU gdb Red Hat Linux (6.3.0.0-1.24rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/evolution 
[Thread debugging using libthread_db enabled]
[New Thread 46912496360768 (LWP 9191)]
es menu class init
Detaching after fork from child process 9195.
adding hook target 'source'
[New Thread 1084229984 (LWP 9196)]

(evolution:9191): evolution-mail-WARNING **: couldn't get service : No provider
available for protocol `'

[New Thread 1094719840 (LWP 9197)]
[New Thread 1105209696 (LWP 9198)]
[Thread 1105209696 (LWP 9198) exited]
[New Thread 1105209696 (LWP 9200)]
[New Thread 1115699552 (LWP 9203)]
[New Thread 1126189408 (LWP 9204)]
update flow align
BBDB spinning up...
[New Thread 1136679264 (LWP 9206)]
[New Thread 1136945504 (LWP 9207)]
[New Thread 1147435360 (LWP 9210)]
[Thread 1147435360 (LWP 9210) exited]
[New Thread 1147435360 (LWP 9213)]
[Thread 1147435360 (LWP 9213) exited]

(evolution:9191): Gtk-WARNING **: gtk_cell_renderer_text likely to crash -
0x2acaafca3ec0

(evolution:9191): e-data-server-ui-WARNING **: Likely to crash - 0xffffffffafca3ec0

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46912496360768 (LWP 9191)]
IA__g_type_check_instance_cast (type_instance=0xffffffffafca3ec0, 
    iface_type=8689808) at gtype.c:3155
(gdb) where
#0  IA__g_type_check_instance_cast (type_instance=0xffffffffafca3ec0, 
    iface_type=8689808) at gtype.c:3155
#1  0x00000035e22106b2 in e_name_selector_dialog_init (
    name_selector_dialog=0x2acaafca0890) at e-name-selector-dialog.c:145
#2  0x0000003f84026290 in IA__g_type_create_instance (type=Variable "type" is
not available.
) at gtype.c:1596
#3  0x0000003f8400e050 in g_object_constructor (type=Variable "type" is not
available.
) at gobject.c:1045
#4  0x0000003f8400eb18 in IA__g_object_newv (object_type=12124640, 
    n_parameters=5706680, parameters=0x2acaafc97bb8) at gobject.c:942
#5  0x0000003f8400f4f6 in IA__g_object_new_valist (object_type=12124640, 
    first_property_name=0x0, var_args=0x7fffffb41d40) at gobject.c:985
#6  0x0000003f8400f705 in IA__g_object_new (object_type=12124640, 
    first_property_name=0x0) at gobject.c:823
#7  0x00000035e220f1b4 in e_name_selector_peek_dialog (
    name_selector=0x2acaafc9eb70) at e-name-selector.c:228
#8  0x00002aaaaf517d10 in e_msg_composer_hdrs_new (uic=Variable "uic" is not
available.
)
    at e-msg-composer-hdrs.c:140
#9  0x00002aaaaf520f19 in create_composer (visible_mask=159)
    at e-msg-composer.c:3406
#10 0x00002aaaaf5229c8 in e_msg_composer_new_with_type (type=1)
    at e-msg-composer.c:3587
#11 0x00002aaaaf4d3244 in em_utils_reply_to_message (folder=0xaa2900, 
    uid=0xf14680 "8172", message=0x2acaafc39648, mode=Variable "mode" is not
available.
)
    at em-composer-utils.c:1176
#12 0x00002aaaaf4d389c in reply_to_message (folder=0xffffffffafca3ec0, 
    uid=0x849890 "", message=0x20, user_data=0x0) at em-composer-utils.c:1664
#13 0x00002aaaaf504247 in mail_msgport_replied (source=Variable "source" is not
available.
) at mail-mt.c:447
#14 0x0000003f83c2499e in IA__g_main_context_dispatch (context=0x566480)
    at gmain.c:1933
#15 0x0000003f83c27644 in g_main_context_iterate (context=0x566480, block=1, 
    dispatch=1, self=Variable "self" is not available.
) at gmain.c:2564
#16 0x0000003f83c27b30 in IA__g_main_loop_run (loop=0x6bdb50) at gmain.c:2768
#17 0x0000003601f2d3bb in bonobo_main () from /usr/lib64/libbonobo-2.so.0
#18 0x000000000041b4ea in main (argc=Variable "argc" is not available.
) at main.c:611
(gdb) up
#1  0x00000035e22106b2 in e_name_selector_dialog_init (
    name_selector_dialog=0x2acaafca0890) at e-name-selector-dialog.c:145
(gdb) p $rip
$1 = (void (*)()) 0x35e22106b2 <e_name_selector_dialog_init+443>
(gdb) disassemble
Dump of assembler code for function e_name_selector_dialog_init:
0x00000035e22104f7 <e_name_selector_dialog_init+0>:	push   %r15
0x00000035e22104f9 <e_name_selector_dialog_init+2>:	push   %r14
0x00000035e22104fb <e_name_selector_dialog_init+4>:	push   %r13
0x00000035e22104fd <e_name_selector_dialog_init+6>:	push   %r12
0x00000035e22104ff <e_name_selector_dialog_init+8>:	push   %rbp
0x00000035e2210500 <e_name_selector_dialog_init+9>:	push   %rbx
0x00000035e2210501 <e_name_selector_dialog_init+10>:	sub    $0x18,%rsp
0x00000035e2210505 <e_name_selector_dialog_init+14>:	mov    %rdi,%rbp
0x00000035e2210508 <e_name_selector_dialog_init+17>:	xor    %edx,%edx
0x00000035e221050a <e_name_selector_dialog_init+19>:	xor    %esi,%esi
0x00000035e221050c <e_name_selector_dialog_init+21>:	lea    45861(%rip),%rdi   
    # 0x35e221b838
0x00000035e2210513 <e_name_selector_dialog_init+28>:	callq  0x35e220a078
0x00000035e2210518 <e_name_selector_dialog_init+33>:	mov    %rax,%rdi
0x00000035e221051b <e_name_selector_dialog_init+36>:	mov    %rax,0x128(%rbp)
0x00000035e2210522 <e_name_selector_dialog_init+43>:	lea    45105(%rip),%rsi   
    # 0x35e221b55a
0x00000035e2210529 <e_name_selector_dialog_init+50>:	callq  0x35e2209a08
0x00000035e221052e <e_name_selector_dialog_init+55>:	mov    %rax,%rbx
0x00000035e2210531 <e_name_selector_dialog_init+58>:	test   %rax,%rax
0x00000035e2210534 <e_name_selector_dialog_init+61>:	je     0x35e22109a8
<e_name_selector_dialog_init+1201>
0x00000035e221053a <e_name_selector_dialog_init+67>:	lea    0x10(%rsp),%rdi
0x00000035e221053f <e_name_selector_dialog_init+72>:	xor    %esi,%esi
0x00000035e2210541 <e_name_selector_dialog_init+74>:	callq  0x35e2209588
0x00000035e2210546 <e_name_selector_dialog_init+79>:	test   %eax,%eax
0x00000035e2210548 <e_name_selector_dialog_init+81>:	je     0x35e2210975
<e_name_selector_dialog_init+1150>
0x00000035e221054e <e_name_selector_dialog_init+87>:	mov    %rbx,%rdi
0x00000035e2210551 <e_name_selector_dialog_init+90>:	callq  0x35e220a308
0x00000035e2210556 <e_name_selector_dialog_init+95>:	callq  0x35e220ab58
0x00000035e221055b <e_name_selector_dialog_init+100>:	mov    %rax,(%rsp)
0x00000035e221055f <e_name_selector_dialog_init+104>:	mov    0x58(%rbx),%rdi
0x00000035e2210563 <e_name_selector_dialog_init+108>:	mov    %rax,%rsi
0x00000035e2210566 <e_name_selector_dialog_init+111>:	callq  0x35e220aab8
0x00000035e221056b <e_name_selector_dialog_init+116>:	mov    %rax,%rdi
0x00000035e221056e <e_name_selector_dialog_init+119>:	mov    %rbx,%rsi
0x00000035e2210571 <e_name_selector_dialog_init+122>:	callq  0x35e2209ca8
0x00000035e2210576 <e_name_selector_dialog_init+127>:	callq  0x35e2209d68
0x00000035e221057b <e_name_selector_dialog_init+132>:	mov    %rax,%r13
0x00000035e221057e <e_name_selector_dialog_init+135>:	callq  0x35e2209ec8
0x00000035e2210583 <e_name_selector_dialog_init+140>:	mov    %rax,%r14
0x00000035e2210586 <e_name_selector_dialog_init+143>:	mov    %rax,%rsi
0x00000035e2210589 <e_name_selector_dialog_init+146>:	mov    %rbp,%rdi
0x00000035e221058c <e_name_selector_dialog_init+149>:	callq  0x35e220aab8
0x00000035e2210591 <e_name_selector_dialog_init+154>:	mov    0xf0(%rax),%rdi
0x00000035e2210598 <e_name_selector_dialog_init+161>:	mov    %r13,%rsi
0x00000035e221059b <e_name_selector_dialog_init+164>:	callq  0x35e220aab8
0x00000035e22105a0 <e_name_selector_dialog_init+169>:	mov    %rax,%rdi
0x00000035e22105a3 <e_name_selector_dialog_init+172>:	xor    %r8d,%r8d
0x00000035e22105a6 <e_name_selector_dialog_init+175>:	mov    $0x1,%ecx
0x00000035e22105ab <e_name_selector_dialog_init+180>:	mov    $0x1,%edx
0x00000035e22105b0 <e_name_selector_dialog_init+185>:	mov    %rbx,%rsi
0x00000035e22105b3 <e_name_selector_dialog_init+188>:	callq  0x35e220a088
0x00000035e22105b8 <e_name_selector_dialog_init+193>:	mov    %rbx,%rdi
0x00000035e22105bb <e_name_selector_dialog_init+196>:	callq  0x35e220a398
0x00000035e22105c0 <e_name_selector_dialog_init+201>:	callq  0x35e220a818
0x00000035e22105c5 <e_name_selector_dialog_init+206>:	mov    %rax,%rbx
0x00000035e22105c8 <e_name_selector_dialog_init+209>:	mov    0x128(%rbp),%rdi
0x00000035e22105cf <e_name_selector_dialog_init+216>:	lea    44950(%rip),%rsi  
     # 0x35e221b56c
0x00000035e22105d6 <e_name_selector_dialog_init+223>:	callq  0x35e2209a08
0x00000035e22105db <e_name_selector_dialog_init+228>:	mov    %rax,%rdi
0x00000035e22105de <e_name_selector_dialog_init+231>:	mov    %rbx,%rsi
0x00000035e22105e1 <e_name_selector_dialog_init+234>:	callq  0x35e220aab8
0x00000035e22105e6 <e_name_selector_dialog_init+239>:	mov    %rax,0x130(%rbp)
0x00000035e22105ed <e_name_selector_dialog_init+246>:	callq  0x35e2209ee8
0x00000035e22105f2 <e_name_selector_dialog_init+251>:	mov    %rax,%r15
0x00000035e22105f5 <e_name_selector_dialog_init+254>:	mov    0x128(%rbp),%rdi
0x00000035e22105fc <e_name_selector_dialog_init+261>:	lea    44922(%rip),%rsi  
     # 0x35e221b57d
0x00000035e2210603 <e_name_selector_dialog_init+268>:	callq  0x35e2209a08
0x00000035e2210608 <e_name_selector_dialog_init+273>:	mov    %rax,%rdi
0x00000035e221060b <e_name_selector_dialog_init+276>:	mov    %r15,%rsi
0x00000035e221060e <e_name_selector_dialog_init+279>:	callq  0x35e220aab8
0x00000035e2210613 <e_name_selector_dialog_init+284>:	mov    %rax,0x138(%rbp)
0x00000035e221061a <e_name_selector_dialog_init+291>:	mov    0x128(%rbp),%rdi
0x00000035e2210621 <e_name_selector_dialog_init+298>:	lea    44900(%rip),%rsi  
     # 0x35e221b58c
0x00000035e2210628 <e_name_selector_dialog_init+305>:	callq  0x35e2209a08
0x00000035e221062d <e_name_selector_dialog_init+310>:	mov    %rax,%rdi
0x00000035e2210630 <e_name_selector_dialog_init+313>:	mov    %r13,%rsi
0x00000035e2210633 <e_name_selector_dialog_init+316>:	callq  0x35e220aab8
0x00000035e2210638 <e_name_selector_dialog_init+321>:	mov    %rax,0x140(%rbp)
0x00000035e221063f <e_name_selector_dialog_init+328>:	callq  0x35e220a3d8
0x00000035e2210644 <e_name_selector_dialog_init+333>:	mov    %rax,%rbx
0x00000035e2210647 <e_name_selector_dialog_init+336>:	mov    0x128(%rbp),%rdi
0x00000035e221064e <e_name_selector_dialog_init+343>:	lea    44871(%rip),%rsi  
     # 0x35e221b59c
0x00000035e2210655 <e_name_selector_dialog_init+350>:	callq  0x35e2209a08
0x00000035e221065a <e_name_selector_dialog_init+355>:	mov    %rax,%rdi
0x00000035e221065d <e_name_selector_dialog_init+358>:	mov    %rbx,%rsi
0x00000035e2210660 <e_name_selector_dialog_init+361>:	callq  0x35e220aab8
0x00000035e2210665 <e_name_selector_dialog_init+366>:	mov    %rax,0x148(%rbp)
0x00000035e221066c <e_name_selector_dialog_init+373>:	mov    $0x1,%edi
0x00000035e2210671 <e_name_selector_dialog_init+378>:	callq  0x35e2209ae8
0x00000035e2210676 <e_name_selector_dialog_init+383>:	mov    %rax,0x150(%rbp)
0x00000035e221067d <e_name_selector_dialog_init+390>:	callq  0x35e220a988
0x00000035e2210682 <e_name_selector_dialog_init+395>:	mov    %rax,%r12
0x00000035e2210685 <e_name_selector_dialog_init+398>:	xor    %eax,%eax
0x00000035e2210687 <e_name_selector_dialog_init+400>:	callq  0x35e220a1c8
0x00000035e221068c <e_name_selector_dialog_init+405>:	movslq %eax,%rbx
0x00000035e221068f <e_name_selector_dialog_init+408>:	mov   
$0xffffffff00000000,%rax
0x00000035e2210699 <e_name_selector_dialog_init+418>:	test   %rbx,%rax
0x00000035e221069c <e_name_selector_dialog_init+421>:	jne    0x35e22109e8
<e_name_selector_dialog_init+1265>
0x00000035e22106a2 <e_name_selector_dialog_init+427>:	callq  0x35e220a898
0x00000035e22106a7 <e_name_selector_dialog_init+432>:	mov    %rax,%rsi
0x00000035e22106aa <e_name_selector_dialog_init+435>:	mov    %rbx,%rdi
0x00000035e22106ad <e_name_selector_dialog_init+438>:	callq  0x35e220aab8
0x00000035e22106b2 <e_name_selector_dialog_init+443>:	mov    %rax,%rbx
0x00000035e22106b5 <e_name_selector_dialog_init+446>:	mov    $0x1,%edx
0x00000035e22106ba <e_name_selector_dialog_init+451>:	mov    %rax,%rsi
0x00000035e22106bd <e_name_selector_dialog_init+454>:	mov    %r12,%rdi
0x00000035e22106c0 <e_name_selector_dialog_init+457>:	callq  0x35e2209548
0x00000035e22106c5 <e_name_selector_dialog_init+462>:	xor    %r8d,%r8d
0x00000035e22106c8 <e_name_selector_dialog_init+465>:	mov    %rbp,%rcx
0x00000035e22106cb <e_name_selector_dialog_init+468>:	lea    832(%rip),%rdx    
   # 0x35e2210a12 <contact_column_formatter>
0x00000035e22106d2 <e_name_selector_dialog_init+475>:	mov    %rbx,%rsi
0x00000035e22106d5 <e_name_selector_dialog_init+478>:	mov    %r12,%rdi
0x00000035e22106d8 <e_name_selector_dialog_init+481>:	callq  0x35e220ace8
0x00000035e22106dd <e_name_selector_dialog_init+486>:	mov    0x130(%rbp),%rdi
0x00000035e22106e4 <e_name_selector_dialog_init+493>:	mov    %r12,%rsi
0x00000035e22106e7 <e_name_selector_dialog_init+496>:	callq  0x35e220aa08
0x00000035e22106ec <e_name_selector_dialog_init+501>:	mov    0x130(%rbp),%rdi
0x00000035e22106f3 <e_name_selector_dialog_init+508>:	mov    $0x2,%r9d
0x00000035e22106f9 <e_name_selector_dialog_init+514>:	xor    %r8d,%r8d
0x00000035e22106fc <e_name_selector_dialog_init+517>:	mov    %rbp,%rcx
0x00000035e22106ff <e_name_selector_dialog_init+520>:	lea    -2165(%rip),%rdx  
     # 0x35e220fe91 <contact_activated>
0x00000035e2210706 <e_name_selector_dialog_init+527>:	lea    44561(%rip),%rsi  
     # 0x35e221b51e
0x00000035e221070d <e_name_selector_dialog_init+534>:	callq  0x35e2209858
0x00000035e2210712 <e_name_selector_dialog_init+539>:	mov    0x130(%rbp),%rdi
0x00000035e2210719 <e_name_selector_dialog_init+546>:	callq  0x35e220a828
0x00000035e221071e <e_name_selector_dialog_init+551>:	mov    %rax,%rdi
0x00000035e2210721 <e_name_selector_dialog_init+554>:	mov    $0x2,%r9d
0x00000035e2210727 <e_name_selector_dialog_init+560>:	xor    %r8d,%r8d
0x00000035e221072a <e_name_selector_dialog_init+563>:	mov    %rbp,%rcx
0x00000035e221072d <e_name_selector_dialog_init+566>:	lea    -3482(%rip),%rdx  
     # 0x35e220f99a <contact_selection_changed>
0x00000035e2210734 <e_name_selector_dialog_init+573>:	lea    45846(%rip),%rsi  
     # 0x35e221ba51
0x00000035e221073b <e_name_selector_dialog_init+580>:	callq  0x35e2209858
0x00000035e2210740 <e_name_selector_dialog_init+585>:	callq  0x35e220a748
0x00000035e2210745 <e_name_selector_dialog_init+590>:	mov    %rax,0x118(%rbp)
0x00000035e221074c <e_name_selector_dialog_init+597>:	mov    $0x20,%edx
0x00000035e2210751 <e_name_selector_dialog_init+602>:	xor    %esi,%esi
0x00000035e2210753 <e_name_selector_dialog_init+604>:	xor    %edi,%edi
0x00000035e2210755 <e_name_selector_dialog_init+606>:	callq  0x35e220a318
0x00000035e221075a <e_name_selector_dialog_init+611>:	mov    %rax,0x158(%rbp)
0x00000035e2210761 <e_name_selector_dialog_init+618>:	mov    0x10(%rsp),%rax
0x00000035e2210766 <e_name_selector_dialog_init+623>:	mov    %rax,0x110(%rbp)
0x00000035e221076d <e_name_selector_dialog_init+630>:	mov    %rbp,%rdi
0x00000035e2210770 <e_name_selector_dialog_init+633>:	callq  0x35e221032e
<setup_name_selector_model>
0x00000035e2210775 <e_name_selector_dialog_init+638>:	mov    0x110(%rbp),%rdi
0x00000035e221077c <e_name_selector_dialog_init+645>:	callq  0x35e2209ff8
0x00000035e2210781 <e_name_selector_dialog_init+650>:	mov    %rax,%rbx
0x00000035e2210784 <e_name_selector_dialog_init+653>:	mov    $0x2,%r9d
0x00000035e221078a <e_name_selector_dialog_init+659>:	xor    %r8d,%r8d
0x00000035e221078d <e_name_selector_dialog_init+662>:	mov    %rbp,%rcx
0x00000035e2210790 <e_name_selector_dialog_init+665>:	lea    -3800(%rip),%rdx  
     # 0x35e220f8bf <source_selected>
0x00000035e2210797 <e_name_selector_dialog_init+672>:	lea    44570(%rip),%rsi  
     # 0x35e221b5b8
0x00000035e221079e <e_name_selector_dialog_init+679>:	mov    %rax,%rdi
0x00000035e22107a1 <e_name_selector_dialog_init+682>:	callq  0x35e2209858
0x00000035e22107a6 <e_name_selector_dialog_init+687>:	mov    0x128(%rbp),%rdi
0x00000035e22107ad <e_name_selector_dialog_init+694>:	lea    44564(%rip),%rsi  
     # 0x35e221b5c8
0x00000035e22107b4 <e_name_selector_dialog_init+701>:	callq  0x35e2209a08
0x00000035e22107b9 <e_name_selector_dialog_init+706>:	mov    %rax,%rdi
0x00000035e22107bc <e_name_selector_dialog_init+709>:	mov    %r15,%rsi
0x00000035e22107bf <e_name_selector_dialog_init+712>:	callq  0x35e220aab8
0x00000035e22107c4 <e_name_selector_dialog_init+717>:	mov    %rax,%rdi
0x00000035e22107c7 <e_name_selector_dialog_init+720>:	mov    %rbx,%rsi
0x00000035e22107ca <e_name_selector_dialog_init+723>:	callq  0x35e2209d48
0x00000035e22107cf <e_name_selector_dialog_init+728>:	mov    %rbx,%rdi
0x00000035e22107d2 <e_name_selector_dialog_init+731>:	callq  0x35e2209708
0x00000035e22107d7 <e_name_selector_dialog_init+736>:	mov    0x128(%rbp),%rdi
0x00000035e22107de <e_name_selector_dialog_init+743>:	lea    44532(%rip),%rsi  
     # 0x35e221b5d9
0x00000035e22107e5 <e_name_selector_dialog_init+750>:	callq  0x35e2209a08
0x00000035e22107ea <e_name_selector_dialog_init+755>:	mov    %rax,%rdi
0x00000035e22107ed <e_name_selector_dialog_init+758>:	mov    %r13,%rsi
0x00000035e22107f0 <e_name_selector_dialog_init+761>:	callq  0x35e220aab8
0x00000035e22107f5 <e_name_selector_dialog_init+766>:	mov    %rax,%rdi
0x00000035e22107f8 <e_name_selector_dialog_init+769>:	xor    %r8d,%r8d
0x00000035e22107fb <e_name_selector_dialog_init+772>:	mov    $0x1,%ecx
0x00000035e2210800 <e_name_selector_dialog_init+777>:	mov    $0x1,%edx
0x00000035e2210805 <e_name_selector_dialog_init+782>:	mov    %rbx,%rsi
0x00000035e2210808 <e_name_selector_dialog_init+785>:	callq  0x35e220a088
0x00000035e221080d <e_name_selector_dialog_init+790>:	mov    0x128(%rbp),%rdi
0x00000035e2210814 <e_name_selector_dialog_init+797>:	lea    44417(%rip),%rsi  
     # 0x35e221b59c
0x00000035e221081b <e_name_selector_dialog_init+804>:	callq  0x35e2209a08
0x00000035e2210820 <e_name_selector_dialog_init+809>:	mov    %rax,%rdi
0x00000035e2210823 <e_name_selector_dialog_init+812>:	mov    $0x2,%r9d
0x00000035e2210829 <e_name_selector_dialog_init+818>:	xor    %r8d,%r8d
0x00000035e221082c <e_name_selector_dialog_init+821>:	mov    %rbp,%rcx
0x00000035e221082f <e_name_selector_dialog_init+824>:	lea    -3908(%rip),%rdx  
     # 0x35e220f8f2 <search_changed>
0x00000035e2210836 <e_name_selector_dialog_init+831>:	lea    45588(%rip),%rsi  
     # 0x35e221ba51
0x00000035e221083d <e_name_selector_dialog_init+838>:	callq  0x35e2209858
0x00000035e2210842 <e_name_selector_dialog_init+843>:	mov    0x110(%rbp),%rdi
0x00000035e2210849 <e_name_selector_dialog_init+850>:	callq  0x35e220ac18
0x00000035e221084e <e_name_selector_dialog_init+855>:	mov    %rax,%rbx
0x00000035e2210851 <e_name_selector_dialog_init+858>:	test   %rax,%rax
0x00000035e2210854 <e_name_selector_dialog_init+861>:	je     0x35e2210870
<e_name_selector_dialog_init+889>
0x00000035e2210856 <e_name_selector_dialog_init+863>:	mov    (%rbx),%rdi
0x00000035e2210859 <e_name_selector_dialog_init+866>:	callq  0x35e220a758
0x00000035e221085e <e_name_selector_dialog_init+871>:	test   %rax,%rax
0x00000035e2210861 <e_name_selector_dialog_init+874>:	jne    0x35e2210a0a
<e_name_selector_dialog_init+1299>
0x00000035e2210867 <e_name_selector_dialog_init+880>:	mov    0x8(%rbx),%rbx
0x00000035e221086b <e_name_selector_dialog_init+884>:	test   %rbx,%rbx
0x00000035e221086e <e_name_selector_dialog_init+887>:	jne    0x35e2210856
<e_name_selector_dialog_init+863>
0x00000035e2210870 <e_name_selector_dialog_init+889>:	xor    %esi,%esi
0x00000035e2210872 <e_name_selector_dialog_init+891>:	mov    %rbp,%rdi
0x00000035e2210875 <e_name_selector_dialog_init+894>:	callq  0x35e220f8bf
<source_selected>
0x00000035e221087a <e_name_selector_dialog_init+899>:	mov    %r14,%rsi
0x00000035e221087d <e_name_selector_dialog_init+902>:	mov    %rbp,%rdi
0x00000035e2210880 <e_name_selector_dialog_init+905>:	callq  0x35e220aab8
0x00000035e2210885 <e_name_selector_dialog_init+910>:	mov    %rax,%rdi
0x00000035e2210888 <e_name_selector_dialog_init+913>:	xor    %ecx,%ecx
0x00000035e221088a <e_name_selector_dialog_init+915>:	mov    $0xfffffff9,%edx
0x00000035e221088f <e_name_selector_dialog_init+920>:	lea    44371(%rip),%rsi  
     # 0x35e221b5e9
0x00000035e2210896 <e_name_selector_dialog_init+927>:	xor    %eax,%eax
0x00000035e2210898 <e_name_selector_dialog_init+929>:	callq  0x35e2209a68
0x00000035e221089d <e_name_selector_dialog_init+934>:	mov    %r14,%rsi
0x00000035e22108a0 <e_name_selector_dialog_init+937>:	mov    %rbp,%rdi
0x00000035e22108a3 <e_name_selector_dialog_init+940>:	callq  0x35e220aab8
0x00000035e22108a8 <e_name_selector_dialog_init+945>:	mov    %rax,%rdi
0x00000035e22108ab <e_name_selector_dialog_init+948>:	mov    $0xfffffff9,%esi
0x00000035e22108b0 <e_name_selector_dialog_init+953>:	callq  0x35e2209be8
0x00000035e22108b5 <e_name_selector_dialog_init+958>:	callq  0x35e2209e18
0x00000035e22108ba <e_name_selector_dialog_init+963>:	mov    %rax,%r12
0x00000035e22108bd <e_name_selector_dialog_init+966>:	mov    %rax,%rsi
0x00000035e22108c0 <e_name_selector_dialog_init+969>:	mov    %rbp,%rdi
0x00000035e22108c3 <e_name_selector_dialog_init+972>:	callq  0x35e220aab8
0x00000035e22108c8 <e_name_selector_dialog_init+977>:	mov    %rax,%rdi
0x00000035e22108cb <e_name_selector_dialog_init+980>:	xor    %esi,%esi
0x00000035e22108cd <e_name_selector_dialog_init+982>:	callq  0x35e2209c68
0x00000035e22108d2 <e_name_selector_dialog_init+987>:	mov    %r12,%rsi
0x00000035e22108d5 <e_name_selector_dialog_init+990>:	mov    %rbp,%rdi
0x00000035e22108d8 <e_name_selector_dialog_init+993>:	callq  0x35e220aab8
0x00000035e22108dd <e_name_selector_dialog_init+998>:	mov    %rax,%rdi
0x00000035e22108e0 <e_name_selector_dialog_init+1001>:	mov    $0x200,%edx
0x00000035e22108e5 <e_name_selector_dialog_init+1006>:	mov    $0x1d8,%esi
0x00000035e22108ea <e_name_selector_dialog_init+1011>:	callq  0x35e2209d58
0x00000035e22108ef <e_name_selector_dialog_init+1016>:	mov    %r12,%rsi
0x00000035e22108f2 <e_name_selector_dialog_init+1019>:	mov    %rbp,%rdi
0x00000035e22108f5 <e_name_selector_dialog_init+1022>:	callq  0x35e220aab8
0x00000035e22108fa <e_name_selector_dialog_init+1027>:	mov    %rax,%rdi
0x00000035e22108fd <e_name_selector_dialog_init+1030>:	mov    $0x1,%esi
0x00000035e2210902 <e_name_selector_dialog_init+1035>:	callq  0x35e2209968
0x00000035e2210907 <e_name_selector_dialog_init+1040>:	mov    %r14,%rsi
0x00000035e221090a <e_name_selector_dialog_init+1043>:	mov    %rbp,%rdi
0x00000035e221090d <e_name_selector_dialog_init+1046>:	callq  0x35e220aab8
0x00000035e2210912 <e_name_selector_dialog_init+1051>:	mov    %rax,%rdi
0x00000035e2210915 <e_name_selector_dialog_init+1054>:	xor    %esi,%esi
0x00000035e2210917 <e_name_selector_dialog_init+1056>:	callq  0x35e220aba8
0x00000035e221091c <e_name_selector_dialog_init+1061>:	mov    (%rsp),%rsi
0x00000035e2210920 <e_name_selector_dialog_init+1065>:	mov    %rbp,%rdi
0x00000035e2210923 <e_name_selector_dialog_init+1068>:	callq  0x35e220aab8
0x00000035e2210928 <e_name_selector_dialog_init+1073>:	mov    %rax,%rdi
0x00000035e221092b <e_name_selector_dialog_init+1076>:	mov    $0x4,%esi
0x00000035e2210930 <e_name_selector_dialog_init+1081>:	callq  0x35e220a0f8
0x00000035e2210935 <e_name_selector_dialog_init+1086>:	mov    $0x5,%edx
0x00000035e221093a <e_name_selector_dialog_init+1091>:	lea    44967(%rip),%rsi 
      # 0x35e221b8e8
0x00000035e2210941 <e_name_selector_dialog_init+1098>:	lea    41418(%rip),%rdi 
      # 0x35e221ab12
0x00000035e2210948 <e_name_selector_dialog_init+1105>:	callq  0x35e220a638
0x00000035e221094d <e_name_selector_dialog_init+1110>:	mov    %rax,%rbx
0x00000035e2210950 <e_name_selector_dialog_init+1113>:	mov    %r12,%rsi
0x00000035e2210953 <e_name_selector_dialog_init+1116>:	mov    %rbp,%rdi
0x00000035e2210956 <e_name_selector_dialog_init+1119>:	callq  0x35e220aab8
0x00000035e221095b <e_name_selector_dialog_init+1124>:	mov    %rax,%rdi
0x00000035e221095e <e_name_selector_dialog_init+1127>:	mov    %rbx,%rsi
0x00000035e2210961 <e_name_selector_dialog_init+1130>:	callq  0x35e2209fd8
0x00000035e2210966 <e_name_selector_dialog_init+1135>:	add    $0x18,%rsp
0x00000035e221096a <e_name_selector_dialog_init+1139>:	pop    %rbx
0x00000035e221096b <e_name_selector_dialog_init+1140>:	pop    %rbp
0x00000035e221096c <e_name_selector_dialog_init+1141>:	pop    %r12
0x00000035e221096e <e_name_selector_dialog_init+1143>:	pop    %r13
0x00000035e2210970 <e_name_selector_dialog_init+1145>:	pop    %r14
0x00000035e2210972 <e_name_selector_dialog_init+1147>:	pop    %r15
0x00000035e2210974 <e_name_selector_dialog_init+1149>:	retq   
0x00000035e2210975 <e_name_selector_dialog_init+1150>:	lea    44852(%rip),%rdx 
      # 0x35e221b8b0
0x00000035e221097c <e_name_selector_dialog_init+1157>:	mov    $0x10,%esi
0x00000035e2210981 <e_name_selector_dialog_init+1162>:	lea    41317(%rip),%rdi 
      # 0x35e221aaed
0x00000035e2210988 <e_name_selector_dialog_init+1169>:	callq  0x35e220a8a8
0x00000035e221098d <e_name_selector_dialog_init+1174>:	mov    0x128(%rbp),%rdi
0x00000035e2210994 <e_name_selector_dialog_init+1181>:	callq  0x35e220a398
0x00000035e2210999 <e_name_selector_dialog_init+1186>:	add    $0x18,%rsp
0x00000035e221099d <e_name_selector_dialog_init+1190>:	pop    %rbx
0x00000035e221099e <e_name_selector_dialog_init+1191>:	pop    %rbp
0x00000035e221099f <e_name_selector_dialog_init+1192>:	pop    %r12
0x00000035e22109a1 <e_name_selector_dialog_init+1194>:	pop    %r13
0x00000035e22109a3 <e_name_selector_dialog_init+1196>:	pop    %r14
0x00000035e22109a5 <e_name_selector_dialog_init+1198>:	pop    %r15
0x00000035e22109a7 <e_name_selector_dialog_init+1200>:	retq   
0x00000035e22109a8 <e_name_selector_dialog_init+1201>:	lea    44753(%rip),%rdx 
      # 0x35e221b880
0x00000035e22109af <e_name_selector_dialog_init+1208>:	mov    $0x10,%esi
0x00000035e22109b4 <e_name_selector_dialog_init+1213>:	lea    41266(%rip),%rdi 
      # 0x35e221aaed
0x00000035e22109bb <e_name_selector_dialog_init+1220>:	xor    %eax,%eax
0x00000035e22109bd <e_name_selector_dialog_init+1222>:	callq  0x35e220a8a8
0x00000035e22109c2 <e_name_selector_dialog_init+1227>:	mov    0x128(%rbp),%rdi
0x00000035e22109c9 <e_name_selector_dialog_init+1234>:	callq  0x35e220a398
0x00000035e22109ce <e_name_selector_dialog_init+1239>:	movq   $0x0,0x128(%rbp)
0x00000035e22109d9 <e_name_selector_dialog_init+1250>:	add    $0x18,%rsp
0x00000035e22109dd <e_name_selector_dialog_init+1254>:	pop    %rbx
0x00000035e22109de <e_name_selector_dialog_init+1255>:	pop    %rbp
0x00000035e22109df <e_name_selector_dialog_init+1256>:	pop    %r12
0x00000035e22109e1 <e_name_selector_dialog_init+1258>:	pop    %r13
0x00000035e22109e3 <e_name_selector_dialog_init+1260>:	pop    %r14
0x00000035e22109e5 <e_name_selector_dialog_init+1262>:	pop    %r15
0x00000035e22109e7 <e_name_selector_dialog_init+1264>:	retq   
0x00000035e22109e8 <e_name_selector_dialog_init+1265>:	mov    %rbx,%rcx
0x00000035e22109eb <e_name_selector_dialog_init+1268>:	lea    43953(%rip),%rdx 
      # 0x35e221b5a3
0x00000035e22109f2 <e_name_selector_dialog_init+1275>:	mov    $0x10,%esi
0x00000035e22109f7 <e_name_selector_dialog_init+1280>:	lea    41199(%rip),%rdi 
      # 0x35e221aaed
0x00000035e22109fe <e_name_selector_dialog_init+1287>:	xor    %eax,%eax
0x00000035e2210a00 <e_name_selector_dialog_init+1289>:	callq  0x35e220a8a8
0x00000035e2210a05 <e_name_selector_dialog_init+1294>:	jmpq   0x35e22106a2
<e_name_selector_dialog_init+427>
0x00000035e2210a0a <e_name_selector_dialog_init+1299>:	mov    (%rax),%rsi
0x00000035e2210a0d <e_name_selector_dialog_init+1302>:	jmpq   0x35e2210872
<e_name_selector_dialog_init+891>
End of assembler dump.
(gdb) quit
The program is running.  Exit anyway? (y or n) y

An alternate stack trace (same root cause) is:

Thread 1 (Thread 46912496360768 (LWP 8686)):
#0  IA__g_type_check_instance_cast (type_instance=0xffffffffafcce6c0, 
    iface_type=5754208) at gtype.c:3155
#1  0x00000035e220facd in add_section (name_selector_dialog=0x2acaafccccf0, 
    name=Variable "name" is not available.
) at e-name-selector-dialog.c:419
#2  0x00000035e220fe7f in model_section_added (
    name_selector_dialog=0x2acaafccccf0, name=0x2acaafcce370 "_To:")
    at e-name-selector-dialog.c:497
#3  0x0000003f8400a27d in IA__g_closure_invoke (closure=0xeacb20, 
    return_value=0x0, n_param_values=2, param_values=0x7fffffeaf3a0, 
    invocation_hint=0x7fffffeaf260) at gclosure.c:437
#4  0x0000003f840172e2 in signal_emit_unlocked_R (node=0xb75cd0, detail=0, 
    instance=0x2acaafccb150, emission_return=0x0, 
    instance_and_params=0x7fffffeaf3a0) at gsignal.c:2488
#5  0x0000003f8401880c in IA__g_signal_emit_valist (instance=0x2acaafccb150, 
    signal_id=Variable "signal_id" is not available.
) at gsignal.c:2247
#6  0x0000003f84018bb7 in IA__g_signal_emit (instance=Variable "instance" is not
available.
) at gsignal.c:2291
#7  0x00000035e2214867 in e_name_selector_model_add_section (
    name_selector_model=0x2acaafccb150, name=0x2aaaaf530b86 "_To:", 
    pretty_name=0x2aaaaf530b86 "_To:", destination_store=0x0)
    at e-name-selector-model.c:410
#8  0x00002aaaaf5172c4 in header_new_recipient (hdrs=0x2acaafccaf00, 
    name=0x2aaaaf530b86 "_To:", tip=Variable "tip" is not available.
) at e-msg-composer-hdrs.c:442
#9  0x00002aaaaf518255 in e_msg_composer_hdrs_new (uic=Variable "uic" is not
available.
)
    at e-msg-composer-hdrs.c:608
#10 0x00002aaaaf520f19 in create_composer (visible_mask=159)
    at e-msg-composer.c:3406
#11 0x00002aaaaf5229c8 in e_msg_composer_new_with_type (type=1)
    at e-msg-composer.c:3587
#12 0x00002aaaaf4d3244 in em_utils_reply_to_message (folder=0xa8adb0, 
    uid=0xf1c2d0 "8172", message=0xa6b860, mode=Variable "mode" is not available.
) at em-composer-utils.c:1176
#13 0x00002aaaaf4d389c in reply_to_message (folder=0xffffffffafcce6c0, 
    uid=0x57cd60 "", message=0x0, user_data=0x0) at em-composer-utils.c:1664
#14 0x00002aaaaf504247 in mail_msgport_replied (source=Variable "source" is not
available.
) at mail-mt.c:447
#15 0x0000003f83c2499e in IA__g_main_context_dispatch (context=0x566480)
    at gmain.c:1933
#16 0x0000003f83c27644 in g_main_context_iterate (context=0x566480, block=1, 
    dispatch=1, self=Variable "self" is not available.
) at gmain.c:2564
#17 0x0000003f83c27b30 in IA__g_main_loop_run (loop=0x6bdb50) at gmain.c:2768
#18 0x0000003601f2d3bb in bonobo_main () from /usr/lib64/libbonobo-2.so.0
#19 0x000000000041b4ea in main (argc=Variable "argc" is not available.
) at main.c:611

Thanks very much for this detailed debug information.

My first thought is that there's a missing function declaration, to which the C
compiler unhelpfully assumes an "int" return type when a pointer return type is
needed (works on 32 bit where they're the same size; fails on 64-bit due to
losing the upper 32 bits).  I'll dig into this...

Also: is everyone seeing this running a 64-bit platform?  Are we seeing two
separate bugs here?

Ahh, you're exactly right Dave.  From building evolution-data-server:

 gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../addressbook -I../addressbook
-DG_LOG_DOMAIN=\"e-data-server-ui\"
-DE_DATA_SERVER_UI_GLADEDIR=\"/usr/share/evolution-data-server-1.2/glade\"
-DORBIT2=1 -pthread -DXTHREADS -D_REENTRANT -DXUSE_MTSAFE_API
-I/usr/include/libxml2 -I/usr/include/libbonobo-2.0 -I/usr/include/glib-2.0
-I/usr/lib64/glib-2.0/include -I/usr/include/orbit-2.0
-I/usr/include/bonobo-activation-2.0 -I/usr/include/libgnome-2.0
-I/usr/include/gconf/2 -I/usr/include/gnome-vfs-2.0
-I/usr/lib64/gnome-vfs-2.0/include -I/usr/include/gtk-2.0
-I/usr/lib64/gtk-2.0/include -I/usr/X11R6/include -I/usr/include/atk-1.0
-I/usr/include/pango-1.0 -I/usr/include/freetype2
-I/usr/include/freetype2/config -I/usr/include/libgnomeui-2.0
-I/usr/include/libgnomecanvas-2.0 -I/usr/include/libart-2.0
-I/usr/include/libbonoboui-2.0 -I/usr/include/libglade-2.0 -I/usr/include/et -O2
-g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m64 -mtune=nocona -fPIC
-I/usr/include/et -Wall -Wmissing-prototypes -Wno-sign-compare -MT
e-name-selector-dialog.lo -MD -MP -MF .deps/e-name-selector-dialog.Tpo -c
e-name-selector-dialog.c  -fPIC -DPIC -o .libs/e-name-selector-dialog.o
In file included from ../addressbook/libebook/e-destination.h:33,
                 from ../libedataserverui/e-destination-store.h:27,
                 from e-name-selector-dialog.c:35:
../addressbook/libebook/e-contact.h:267: warning: type qualifiers ignored on
function return type
e-name-selector-dialog.c: In function 'e_name_selector_dialog_init':
e-name-selector-dialog.c:142: warning: implicit declaration of function
'gtk_cell_renderer_text_new'
e-name-selector-dialog.c:142: warning: assignment makes pointer from integer
without a cast
e-name-selector-dialog.c: In function 'e_name_selector_dialog_finalize':
e-name-selector-dialog.c:227: warning: unused variable 'name_selector_dialog'
e-name-selector-dialog.c: In function 'escape_sexp_string':
e-name-selector-dialog.c:268: warning: implicit declaration of function
'e_sexp_encode_string'
e-name-selector-dialog.c: In function 'add_section':
e-name-selector-dialog.c:419: warning: implicit declaration of function
'gtk_hbox_new'
e-name-selector-dialog.c:419: warning: cast to pointer from integer of different
size
e-name-selector-dialog.c:425: warning: passing argument 1 of
'gtk_widget_get_accessible' from incompatible pointer type
e-name-selector-dialog.c:435: warning: cast to pointer from integer of different
size
e-name-selector-dialog.c: In function 'source_selected':
e-name-selector-dialog.c:541: warning: unused variable 'l'
e-name-selector-dialog.c:540: warning: unused variable 'books'
e-name-selector-dialog.c:539: warning: unused variable 'last_source'
e-name-selector-dialog.c:538: warning: unused variable 'contact_store'
e-name-selector-dialog.c: In function 'contact_selection_changed':
e-name-selector-dialog.c:589: warning: implicit declaration of function
'gtk_tree_selection_get_selected'
e-name-selector-dialog.c: In function 'transfer_button_clicked':
e-name-selector-dialog.c:722: warning: unused variable 'destination'
e-name-selector-dialog.c: In function 'setup_name_selector_model':
e-name-selector-dialog.c:771: warning: unused variable 'book_query'
e-name-selector-dialog.c:770: warning: unused variable 'contact_selection'

Looks like e-name-selector-dialog.c isn't including <gtk/gtk.h>; patching that
ought to fix it...

Is a release imminent or should I attempt to build this myself? (My office mates
are beginning to question my sanity due to uncontrollable cursing each time it
happens!)

I'm sorry that I've haven't put an update out yet; I focussed on fixing this
problem in rawhide first (and managed to temporarily break various things in the
process...)

I'm rebuilding evolution with -Werror-implicit-function-declaration which should
trap all of these problems (including any we haven't found yet...) and require
them to be fixed at compile time.  I can't guarantee things right now (depends
how broken things are) but hope to release an update later today; please stay sane.

Gah, I should have said "evolution-data-server" above

I rebuilt eds with that simple patch and am trying it now. 

I've built a fix for this as evolution-data-server-1.2.3-3.fc4 which should
shortly be available as a test update.

My build has worked without crashing all afternoon yesterday and all morning
today. I will switch to yours when my local mirror is updated.

Test update now available:
https://www.redhat.com/archives/fedora-test-list/2005-August/msg00292.html

Does this fix things for you?

I installed it and have had no crashes in the last week. (Sorry about the slow
reply. I thought I had replied minutes after you posted about the new version
but apparently never hit the "Save Changes" button. Session Saver was the only
way I even got the hint that I never finished.)

I've pushed the e-d-s update as a full update for FC4:
https://www.redhat.com/archives/fedora-announce-list/2005-September/msg00049.html

Resolving as CURRENTRELEASE.

Evolution crashes for me daily, I am running 32bit FC4. Evolution will hang a
minute or two after startup. Following version are installed:
evolution-data-server-1.2.3-3.fc4
evolution-connector-2.2.3-1.fc4
evolution-2.2.3-2.fc4

Problem seem s to occur when I try to view my calendar on the exchange server.