evolution crashed with SIGSEGV, while pasting from clipboard
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
WebKit |
Fix Released
|
Medium
|
|||
webkitgtk (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned |
Bug Description
* Impact
some webkitgtk consumers like the evolution composer hit segfault issues
* Test case
- Click New > Compose Email Message
- Enter any email address in 'To:'
- Enter anything into 'Subject"
- Go to any webpage, and highlight a few lines
- Click 'ctrl c'
- Place cursor into the body of the open Compose Message window
- Click 'ctrl v'
* Regression potential
it's a webkit update so could impact other clients of the library, check that the html rendering in those
-------
Guys,
Evolution on Xenial crashes most of times that I want to copy and paste stuff into Mail composer window.
From what I'm seeing, if the stuff inside of the clipboard is formatted, with big fonts, tables, etc, it crashes.
The workaround is to use "Diodon" to paste into Evolution without any formatting, or, to open an vim session on Terminal, paste into it first, then, copy it again from vim, and paste into Evolution, this way, it doesn't crash.
Looks very easy to reproduce!
Cheers!
Thiago
ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: evolution 3.18.5.2-0ubuntu1
ProcVersionSign
Uname: Linux 4.4.0-18-generic x86_64
ApportVersion: 2.20.1-0ubuntu1
Architecture: amd64
CrashCounter: 1
CurrentDesktop: Unity
Date: Wed Apr 13 18:35:02 2016
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evolution
InstallationDate: Installed on 2016-01-30 (74 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160130)
ProcCmdline: evolution
SegvAnalysis:
Segfault happened at: 0x7f9bdaf3d949: cmpq $0x0,0x18(%rax)
PC (0x7f9bdaf3d949) ok
source "$0x0" ok
destination "0x18(%rax)" (0x654e2073656d
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: evolution
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
Title: evolution crashed with SIGSEGV
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
Changed in webkit-open-source: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Changed in webkitgtk (Ubuntu): | |
status: | Fix Committed → Confirmed |
tags: | added: desktop-trello-import |
Changed in webkitgtk (Ubuntu): | |
status: | Confirmed → In Progress |
description: | updated |
Changed in webkitgtk (Ubuntu Xenial): | |
importance: | Undecided → High |
tags: | added: regression-update |
tags: | added: trusty |
Changed in webkitgtk (Ubuntu Trusty): | |
assignee: | nobody → Sebastien Bacher (seb128) |
Changed in webkitgtk (Ubuntu Trusty): | |
status: | Confirmed → Won't Fix |
assignee: | Sebastien Bacher (seb128) → nobody |
WebKitGTK+ 2.4.10 seems to have introduced a bug that is causing a crash when loading HTML images in Geary (See https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 763933). This didn't occur using earlier versions of WebKitGTK+.
Geary currently implements user-controlled image loading by what amounts to using a random scheme string for the IMG SRC attribute - when the user has assented to loading images for a specific message, it updates every IMG SRC attribute value to be prefixed with the random scheme. The crash occurs during this process, at random, when displaying a HTML message.
A workaround exists in removing the src element first using webkit_ dom_element_ remove_ attribute( ), causing the subsequent call to webkit_ dom_element_ set_attribute( ) not crash. Workarounds that do not work include cloning the IMG element and setting the SRC element on that instead, nor does casting the element and using webkit_ dom_html_ image_element_ set_src( ). I didn't try creating a new Attr instance, setting the value on that, then setting that on the IMG element.
I know you guys aren't interested in supporting 2.4.x, but I thought I'd log it since it's a regression with 2.4.10 (thanks for doing a new release, BTW!).
Thread 1 "geary" received signal SIGSEGV, Segmentation fault. :AXObjectCache: :handleAttribut eChanged (this=0x7fff919 1b500, attrName=..., element=0x5df8210) WebCore/ accessibility/ AXObjectCache. cpp:880 localName( ).string( ).startsWith( "aria-" )) :AXObjectCache: :handleAttribut eChanged( WebCore: :QualifiedName const&, WebCore::Element*) (this=0x7fff919 1b500, attrName=..., element=0x5df8210) at ../Source/ WebCore/ accessibility/ AXObjectCache. cpp:880 :Element: :attributeChang ed(WebCore: :QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore: :Element: :AttributeModif icationReason) (this=0x5df8210, name=..., oldValue=..., newValue=...) WebCore/ dom/Element. cpp:1137 :Element: :didModifyAttri bute(WebCore: :QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) (this=this@ entry=0x5df8210 , name=..., oldValue=..., newValue=...) at ../Source/ WebCore/ dom/Element. cpp:2851 :Element: :setAttributeIn ternal( unsigned int, WebCore: :QualifiedName const&, WTF::AtomicString const&, WebCore: :Element: :Synchronizatio nOfLazyAttribut e) (this=this@ entry=0x5df8210 , index=<optimised out>, name=..., newValue=..., inSynchronizati onOfLazyAttribu te=inSynchroniz ationOfLazyAttr ibute@entry= WebCore: :Element: :NotInSynchroni zationOfLazyAtt ribute) WebCore/ dom/Element. cpp:1075 :Element: :setAttribute( WTF::AtomicStri ng const&, WTF::AtomicString const&, int&) (this=this@ entry=0x5df8210 , localName=..., value=..., ec=@0x7fffffffddec: 0) at ../Source/ WebCore/ dom/Element. cpp:1027 dom_element_ set_attribute( WebKitDOMElemen t*, gchar const*, gchar const*, GError**) (self=self@ entry=0x5dcd0b0 [WebKitDOMHTMLI mageElement] , name=name@ entry=0x6ac5bc "src", value=value@ entry=0x5851a00 "glxaowi...
WebCore:
at ../Source/
880 if (!attrName.
(gdb) bt
#0 0x00007ffff4d8aae9 in WebCore:
#1 0x00007ffff4f8105a in WebCore:
at ../Source/
#2 0x00007ffff4f80530 in WebCore:
#3 0x00007ffff4f8777d in WebCore:
at ../Source/
#4 0x00007ffff4f8494f in WebCore:
#5 0x00007ffff5bd7a5c in webkit_