Ubuntu
evolution package

evolution crashed with SIGSEGV in malloc_consolidate()

Bug #358223 reported by Matej Kenda
234
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Evolution
Fix Released
Critical
evolution (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs
Ubuntu ubuntu-9.04

Bug Description

Binary package hint: evolution

I clicked on a mail folder on Exchange server to see the contents of it.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 9.04
ExecutablePath: /usr/bin/evolution
Package: evolution 2.26.0-0ubuntu3
ProcCmdline: evolution
ProcEnviron:
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: evolution
StacktraceTop:
 malloc_consolidate (av=<value optimized out>) at malloc.c:4891
 _int_free (av=<value optimized out>,
 *__GI___libc_free (mem=<value optimized out>)
 IA__g_array_free (array=<value optimized out>,
 camel_object_unref (vo=<value optimized out>)
Title: evolution crashed with SIGSEGV in malloc_consolidate()
Uname: Linux 2.6.28-11-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy kvm lpadmin netdev plugdev powerdev sambashare scanner video

Related branches

lp:ubuntu/lucid/evolution
Revision history for this message
Matej Kenda (matejken) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:malloc_consolidate (av=0x3fe7b6da00) at malloc.c:4891
_int_free (av=0x3fe7b6da00, mem=0x2e6e350)
*__GI___libc_free (mem=0x2e6e350) at malloc.c:3625
IA__g_array_free (array=0x2c45a80,
camel_object_unref (vo=<value optimized out>)

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in evolution (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please try to obtain a valgrind log following the instructions at https://wiki.ubuntu.com/Valgrind and attach the file to the bug report. This will greatly help us in tracking down your problem.

Changed in evolution (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
status: New → Incomplete
Revision history for this message
Matej Kenda (matejken) wrote :

I created Valgrind log, however I did not manage to reproduce the crash. The timing under Valgrind is different.

I attached the log nevertheless.

Revision history for this message
Matej Kenda (matejken) wrote :

Happened again. Unfortunately not with valgrind.

Revision history for this message
Sebastien Bacher (seb128) wrote :

the valgrind error

==17206== Invalid read of size 1
==17206== at 0x4A0A034: strlen (mc_replace_strmem.c:242)
==17206== by 0x3A19C4975D: vfprintf (in /lib/libc-2.9.so)
==17206== by 0x3A19CFED7F: __vasprintf_chk (in /lib/libc-2.9.so)
==17206== by 0x3A1B86F34A: g_vasprintf (in /usr/lib/libglib-2.0.so.0.2000.0)
==17206== by 0x3A1B85CB6D: g_string_append_vprintf (in /usr/lib/libglib-2.0.so.0.2000.0)
==17206== by 0x3A1B85CC87: g_string_append_printf (in /usr/lib/libglib-2.0.so.0.2000.0)
==17206== by 0x913977C: em_format_describe_part (em-format.c:1167)
==17206== by 0x91335A4: efhd_format_attachment (em-format-html-display.c:2502)
==17206== by 0x913A8ED: em_format_part_as (em-format.c:634)
==17206== by 0x913AA61: em_format_part (em-format.c:653)
==17206== by 0x913B38B: emf_multipart_mixed (em-format.c:1259)
==17206== by 0x913A98F: em_format_part_as (em-format.c:626)
==17206== by 0x913AA61: em_format_part (em-format.c:653)
==17206== by 0x9136EEB: efh_format_message (em-format-html.c:2088)
==17206== by 0x9135C4F: efh_format_exec (em-format-html.c:1274)
==17206== by 0x915BA39: mail_msg_proxy (mail-mt.c:520)
==17206== by 0x3A1B864EB6: (within /usr/lib/libglib-2.0.so.0.2000.0)
==17206== by 0x3A1B863953: (within /usr/lib/libglib-2.0.so.0.2000.0)
==17206== by 0x3A1A8073B9: start_thread (in /lib/libpthread-2.9.so)
==17206== by 0x3A19CE5FCC: clone (in /lib/libc-2.9.so)
==17206== Address 0x8aae999 is not stack'd, malloc'd or (recently) free'd

Revision history for this message
Sebastien Bacher (seb128) wrote :

Could be http://bugzilla.gnome.org/show_bug.cgi?id=578685

Changed in evolution (Ubuntu):
status: Incomplete → Confirmed
Sebastien Bacher (seb128)
Changed in evolution (Ubuntu):
milestone: none → ubuntu-9.04
status: Confirmed → Triaged
Revision history for this message
Sebastien Bacher (seb128) wrote :

there is a fixed candidate waiting for approval now

Changed in evolution (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Sebastien Bacher (seb128) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evolution - 2.26.0-0ubuntu5

---------------
evolution (2.26.0-0ubuntu5) jaunty; urgency=low

  * debian/patches/92_incorrect_free_crasher.patch:
    - don't try to free a static string should fix lot of recent crashers
      (lp: #358104, #358223, #358615)

 -- Sebastien Bacher <email address hidden> Sat, 11 Apr 2009 15:39:19 +0200

Changed in evolution (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
status: Unknown → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.