[Bug 684175] New: e-destination.c:470: Segmentation fault due to address out of bounds

3 views
Skip to first unread message

Evolution

unread,
Sep 17, 2012, 3:38:57 AM9/17/12
to tel.conn...@gmail.com
https://bugzilla.gnome.org/show_bug.cgi?id=684175
Evolution | Calendar | 3.4.x

Summary: e-destination.c:470: Segmentation fault due to address
out of bounds
Classification: Applications
Product: Evolution
Version: 3.4.x
OS/Version: Linux
Status: UNCONFIRMED
Severity: major
Priority: Normal
Component: Calendar
AssignedTo: evolution-calen...@gnome.bugs
ReportedBy: paule...@users.sourceforge.net
QAContact: evolut...@gnome.bugs
GNOME version: ---


Evolution 3.4.3-1 crashes when accessing a group contact.

Program terminated with signal 11, Segmentation fault.
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:43
43 ../sysdeps/x86_64/multiarch/../strlen.S: Datei oder Verzeichnis nicht
gefunden.

A group contact was created and could be selected just fine when writing an
email. Wanting to change an address in the contact group by going to the
contacts and clicking on this group contact, Evolution crashes.

This is reproducible and some address seems to be out of bounds.

Thread 1 (Thread 0x7fbf5e0d1980 (LWP 7909)):
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:43
No locals.
#1 0x00007fbf5bdf5820 in g_strdup (str=str@entry=0xffffffffffffffff <Address
0xffffffffffffffff out of bounds>)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./glib/gstrfuncs.c:355
new_str = <optimized out>
length = <optimized out>
#2 0x00007fbf58e5ad7d in e_destination_set_email
(dest=dest@entry=0x7fbf6083f3a0,
email=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>) at
e-destination.c:720
changed = 0
__PRETTY_FUNCTION__ = "e_destination_set_email"
#3 0x00007fbf58e5ce35 in e_destination_set_contact
(dest=dest@entry=0x7fbf6083f550, contact=contact@entry=0x7fbf6088c030,
email_num=email_num@entry=0) at e-destination.c:470
addr = 0x7fbf608896d0
name = 0x7fbf6088c030 "p\f\006\060\277\177"
email = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>
raw = 0x7fbf60887700 ""
id = <optimized out>
email_num = <optimized out>
s_dest = 0x7fbf6083f3a0
parent_dest = 0x7fbf6083f550
type = 1
remove = <optimized out>
params = <optimized out>
param = <optimized out>
value = <optimized out>
parent_id = <optimized out>
list_length = 18
list_iterations = <optimized out>
lists_count = 0
attr = 0x7fbf60892220
attrs = 0x7fbf60892220
hash_table = 0x7fbf6085c9e0
__PRETTY_FUNCTION__ = "e_destination_set_contact"
#4 0x00007fbf42ba21b5 in render_contact_list_vertical (display=0x7fbf60606010,
contact=0x7fbf6088c030, buffer=0x7fbf6085ad20)
at eab-contact-display.c:536
destination = 0x7fbf6083f550
dest = <optimized out>
dests = <optimized out>
#5 render_contact_list (display=0x7fbf60606010, contact=0x7fbf6088c030,
buffer=0x7fbf6085ad20) at eab-contact-display.c:589
No locals.
#6 eab_contact_display_render_normal (display=display@entry=0x7fbf60606010,
contact=contact@entry=0x7fbf6088c030)
at eab-contact-display.c:876
orientation = GTK_ORIENTATION_VERTICAL
buffer = 0x7fbf6085ad20
#7 0x00007fbf42ba2f9b in eab_contact_display_set_contact
(display=0x7fbf60606010, contact=contact@entry=0x7fbf6088c030)
at eab-contact-display.c:1571
mode = EAB_CONTACT_DISPLAY_RENDER_NORMAL
__PRETTY_FUNCTION__ = "eab_contact_display_set_contact"
#8 0x00007fbf3f69db2b in e_book_shell_content_set_preview_contact
(book_shell_content=book_shell_content@entry=0x7fbf605ca260,
preview_contact=preview_contact@entry=0x7fbf6088c030) at
e-book-shell-content.c:676
preview_pane = <optimized out>
display = <optimized out>
web_view = 0x7fbf60606010
__PRETTY_FUNCTION__ = "e_book_shell_content_set_preview_contact"
#9 0x00007fbf3f6a1bbd in book_shell_view_selection_change_foreach (row=1,
book_shell_view=0x7fbf5fd6d910)
at e-book-shell-view-private.c:96
book_shell_content = 0x7fbf605ca260
view = <optimized out>
model = <optimized out>
contact = 0x7fbf6088c030
#10 0x00007fbf5da8d825 in e_bit_array_foreach (eba=0x7fbf5fd41870,
callback=0x7fbf3f6a1b70 <book_shell_view_selection_change_foreach>,
closure=0x7fbf5fd6d910) at e-bit-array.c:223
value = <optimized out>
i = <optimized out>
last = <optimized out>
#11 0x00007fbf5c0999a7 in _g_closure_invoke_va (closure=0x7fbf60696f70,
return_value=0x0, instance=0x7fbf44002310, args=0x7fff4585f1d8,
n_params=0, param_types=0x0) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:840
marshal = 0x7fbf5c09b5b0 <g_cclosure_marshal_VOID__VOIDv>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x7fbf60696f50
__PRETTY_FUNCTION__ = "_g_closure_invoke_va"
#12 0x00007fbf5c0b2006 in g_signal_emit_valist (instance=0x7fbf44002310,
signal_id=<optimized out>, detail=0,
var_args=var_args@entry=0x7fff4585f1d8) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3207
return_accu = <optimized out>
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x7fff4585f430, instance = 0x7fbf44002310, ihint =
{signal_id = 456, detail = 0,
run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type =
140459932372048}
signal_id = <optimized out>
instance_type = <optimized out>
emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
rtype = 4
static_scope = 0
closure = 0x7fbf60696f70
run_type = <optimized out>
hlist = 0x0
l = <optimized out>
fastpath = 4
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x7fbf60635380
i = <optimized out>
n_params = <optimized out>
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#13 0x00007fbf5c0b2852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3352
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff4585f2b0, reg_save_area = 0x7fff4585f1f0}}
#14 0x00007fbf5c0999a7 in _g_closure_invoke_va (closure=0x7fbf606a7730,
return_value=0x0, instance=0x7fbf606a8190, args=0x7fff4585f578,
n_params=0, param_types=0x0) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:840
marshal = 0x7fbf5c09b5b0 <g_cclosure_marshal_VOID__VOIDv>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x7fbf606a7710
__PRETTY_FUNCTION__ = "_g_closure_invoke_va"
#15 0x00007fbf5c0b2006 in g_signal_emit_valist (instance=0x7fbf606a8190,
signal_id=<optimized out>, detail=0,
var_args=var_args@entry=0x7fff4585f578) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3207
return_accu = <optimized out>
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission = {next = 0x7fff4585f7b0, instance = 0x7fbf606a8190, ihint =
{signal_id = 522, detail = 0,
run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type =
140459933046384}
signal_id = <optimized out>
instance_type = <optimized out>
emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
rtype = 4
static_scope = 0
closure = 0x7fbf606a7730
run_type = <optimized out>
hlist = 0x0
l = <optimized out>
fastpath = 4
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x7fbf606a4d70
i = <optimized out>
n_params = <optimized out>
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#16 0x00007fbf5c0b2852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3352
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff4585f650, reg_save_area = 0x7fff4585f590}}
#17 0x00007fbf5c0996e0 in g_closure_invoke (closure=0x7fbf60824830,
return_value=0x0, n_param_values=1, param_values=0x7fff4585f820,
invocation_hint=0x7fff4585f7c0) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:777
marshal = 0x7fbf5c09b510 <g_cclosure_marshal_VOID__VOID>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x7fbf60824810
__PRETTY_FUNCTION__ = "g_closure_invoke"
#18 0x00007fbf5c0aa750 in signal_emit_unlocked_R
(node=node@entry=0x7fbf607fe790, detail=detail@entry=0,
instance=instance@entry=0x7fbf44020320,
emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7fff4585f820)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3547
tmp = <optimized out>
handler = 0x7fbf6081b950
accumulator = 0x0
emission = {next = 0x7fff4585fd70, instance = 0x7fbf44020320, ihint =
{signal_id = 538, detail = 0,
run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type =
4}
class_closure = 0x7fbf607fe760
hlist = 0x7fbf6081bed0
handler_list = 0x7fbf6081bed0
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
signal_id = 538
max_sequential_handler_number = 3521
return_value_altered = 1
#19 0x00007fbf5c0b26bc in g_signal_emit_valist (instance=0x7fbf44020320,
signal_id=<optimized out>, detail=0,
var_args=var_args@entry=0x7fff4585fa68) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3296
instance_and_params = 0x7fff4585f820
signal_return_type = 4
param_values = 0x7fff4585f838
node = 0x7fbf607fe790
i = <optimized out>
n_params = 0
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#20 0x00007fbf5c0b2852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3352
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff4585fb40, reg_save_area = 0x7fff4585fa80}}
#21 0x00007fbf5b39ab35 in e_selection_model_do_something
(selection=selection@entry=0x7fbf44020320, row=row@entry=1, col=col@entry=0,
state=state@entry=GDK_MOD2_MASK) at e-selection-model.c:532
shift_p = 0
ctrl_p = 0
row_count = <optimized out>
__PRETTY_FUNCTION__ = "e_selection_model_do_something"
#22 0x00007fbf5b39ad25 in e_selection_model_maybe_do_something
(selection=0x7fbf44020320, row=1, col=0, state=GDK_MOD2_MASK)
at e-selection-model.c:580
__PRETTY_FUNCTION__ = "e_selection_model_maybe_do_something"
#23 0x00007fbf4e2b7fb5 in e_reflow_selection_event_real (reflow=0x7fbf60697210,
item=<optimized out>, event=<optimized out>)
at e-reflow.c:1489
return_val = 1
#24 0x00007fbf42ba902a in e_minicard_view_selection_event
(reflow=reflow@entry=0x7fbf60697210, item=0x7fbf5fd6ddc0, event=0x7fbf6083f280)
at e-minicard-view.c:442
view = 0x7fbf60697210
return_val = 0
#25 0x00007fbf5da971bc in e_marshal_INT__OBJECT_BOXED (closure=0x7fbf608203b0,
return_value=0x7fff4585fed0,
n_param_values=<optimized out>, param_values=0x7fff4585fde0,
invocation_hint=<optimized out>, marshal_data=<optimized out>)
at e-marshal.c:1018
callback = 0x7fbf42ba8fd0 <e_minicard_view_selection_event>
cc = <optimized out>
data1 = 0x7fbf60697210
data2 = <optimized out>
v_return = <optimized out>
__PRETTY_FUNCTION__ = "e_marshal_INT__OBJECT_BOXED"
#26 0x00007fbf5c0996e0 in g_closure_invoke (closure=0x7fbf608203b0,
return_value=0x7fff4585fed0, n_param_values=3,
param_values=0x7fff4585fde0, invocation_hint=0x7fff4585fd80)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:777
marshal = 0x7fbf5c098340 <g_type_class_meta_marshal>
marshal_data = 0xf8
in_marshal = 0
real_closure = 0x7fbf60820390
__PRETTY_FUNCTION__ = "g_closure_invoke"
#27 0x00007fbf5c0aa4d0 in signal_emit_unlocked_R
(node=node@entry=0x7fbf60820440, detail=detail@entry=0,
instance=instance@entry=0x7fbf60697210,
emission_return=emission_return@entry=0x7fff4585fed0,
instance_and_params=instance_and_params@entry=0x7fff4585fde0)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3585
accumulator = 0x0
emission = {next = 0x7fff45860340, instance = 0x7fbf60697210, ihint =
{signal_id = 531, detail = 0,
run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type =
140459934613424}
class_closure = 0x7fbf608203b0
hlist = 0x0
handler_list = 0x0
return_accu = 0x7fff4585fed0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
signal_id = 531
max_sequential_handler_number = 3521
return_value_altered = 0
#28 0x00007fbf5c0b22db in g_signal_emit_valist (instance=0x7fbf60697210,
signal_id=<optimized out>, detail=0,
var_args=var_args@entry=0x7fff45860058) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3306
return_value = {g_type = 24, data = {{v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
error = 0x0
rtype = 24
static_scope = 0
instance_and_params = 0x7fff4585fde0
signal_return_type = 24
param_values = 0x7fff4585fdf8
node = 0x7fbf60820440
i = <optimized out>
n_params = 2
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#29 0x00007fbf5c0b2852 in g_signal_emit (instance=<optimized out>,
signal_id=<optimized out>, detail=detail@entry=0)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3352
var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff45860130, reg_save_area = 0x7fff45860070}}
#30 0x00007fbf42ba74a2 in e_minicard_selected
(minicard=minicard@entry=0x7fbf5fd6ddc0, event=event@entry=0x7fbf6083f280)
at e-minicard.c:1132
signal_id = <optimized out>
ret_val = 0
item = 0x7fbf5fd6ddc0
#31 0x00007fbf42ba7959 in e_minicard_event (item=item@entry=0x7fbf5fd6ddc0,
event=0x7fbf6083f280) at e-minicard.c:566
ret_val = <optimized out>
mask = <optimized out>
e_minicard = <optimized out>
#32 0x00007fbf52056719 in gnome_canvas_marshal_BOOLEAN__BOXED
(closure=0x7fbf606a5390, return_value=0x7fff45860300,
n_param_values=<optimized out>, param_values=0x7fff458603b0,
invocation_hint=<optimized out>, marshal_data=<optimized out>)
at gnome-canvas-marshal.c:128
callback = 0x7fbf42ba74b0 <e_minicard_event>
cc = <optimized out>
data1 = 0x7fbf5fd6ddc0
data2 = <optimized out>
v_return = <optimized out>
__PRETTY_FUNCTION__ = "gnome_canvas_marshal_BOOLEAN__BOXED"
#33 0x00007fbf5c0996e0 in g_closure_invoke (closure=0x7fbf606a5390,
return_value=0x7fff45860300, n_param_values=2,
param_values=0x7fff458603b0, invocation_hint=0x7fff45860350)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:777
marshal = 0x7fbf5c098340 <g_type_class_meta_marshal>
marshal_data = 0xd0
in_marshal = 0
real_closure = 0x7fbf606a5370
__PRETTY_FUNCTION__ = "g_closure_invoke"
#34 0x00007fbf5c0aa4d0 in signal_emit_unlocked_R
(node=node@entry=0x7fbf606a52a0, detail=detail@entry=0,
instance=instance@entry=0x7fbf5fd6ddc0,
emission_return=emission_return@entry=0x7fff45860480,
instance_and_params=instance_and_params@entry=0x7fff458603b0)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3585
accumulator = 0x7fbf606a53e0
emission = {next = 0x7fff458609a0, instance = 0x7fbf5fd6ddc0, ihint =
{signal_id = 525, detail = 0,
run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type =
140459933064704}
class_closure = 0x7fbf606a5390
hlist = 0x0
handler_list = 0x0
return_accu = 0x7fff45860300
accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
signal_id = 525
max_sequential_handler_number = 3521
return_value_altered = 0
#35 0x00007fbf5c0b22db in g_signal_emit_valist
(instance=instance@entry=0x7fbf5fd6ddc0, signal_id=signal_id@entry=525,
detail=detail@entry=0, var_args=var_args@entry=0x7fff45860658)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3306
return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
error = 0x0
rtype = 20
static_scope = 0
instance_and_params = 0x7fff458603b0
signal_return_type = 20
param_values = 0x7fff458603c8
node = 0x7fbf606a52a0
i = <optimized out>
n_params = 1
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#36 0x00007fbf5c0b2d60 in g_signal_emit_by_name
(instance=instance@entry=0x7fbf5fd6ddc0,
detailed_signal=detailed_signal@entry=0x7fbf5b3b2444 "event")
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3389
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff45860790, reg_save_area = 0x7fff458606a0}}
detail = 0
signal_id = 525
__PRETTY_FUNCTION__ = "g_signal_emit_by_name"
#37 0x00007fbf5b37cb41 in canvas_emit_event (canvas=<optimized out>,
event=<optimized out>) at e-canvas.c:153
ev = 0x7fbf6083f280
finished = 0
item = 0x7fbf5fd6ddc0
parent = <optimized out>
mask = <optimized out>
#38 0x00007fbf5ca4939f in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x7fbf5f91bfc0,
return_value=0x7fff45860920, instance=0x7fbf606a8190,
args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized
out>, param_types=0x7fbf5f91bc00)
at /tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkmarshalers.c:130
cc = <optimized out>
data1 = <optimized out>
data2 = <optimized out>
callback = <optimized out>
arg0 = 0x7fbf6083f430
args_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area =
0x7fff45860bc0, reg_save_area = 0x7fff45860b00}}
v_return = <optimized out>
__PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXEDv"
#39 0x00007fbf5c0999a7 in _g_closure_invoke_va (closure=0x7fbf5f91bfc0,
return_value=0x7fff45860920, instance=0x7fbf606a8190,
args=0x7fff45860ae8, n_params=1, param_types=0x7fbf5f91bc00)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gclosure.c:840
marshal = 0x7fbf5c097d40 <g_type_class_meta_marshalv>
marshal_data = 0x180
in_marshal = 0
real_closure = 0x7fbf5f91bfa0
__PRETTY_FUNCTION__ = "_g_closure_invoke_va"
#40 0x00007fbf5c0b2006 in g_signal_emit_valist (instance=0x7fbf606a8190,
signal_id=<optimized out>, detail=0,
var_args=var_args@entry=0x7fff45860ae8) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3207
return_accu = <optimized out>
accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
accumulator = 0x7fbf5f91bea0
emission = {next = 0x0, instance = 0x7fbf606a8190, ihint = {signal_id =
31, detail = 0, run_type = G_SIGNAL_RUN_LAST},
state = EMISSION_RUN, chain_type = 140459933046384}
signal_id = <optimized out>
instance_type = <optimized out>
emission_return = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long
= 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long =
0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
rtype = 20
static_scope = 0
closure = 0x7fbf5f91bfc0
run_type = <optimized out>
hlist = 0x7fbf5f91bea0
l = <optimized out>
fastpath = 20
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = 0x7fbf5f91bff0
i = <optimized out>
n_params = <optimized out>
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#41 0x00007fbf5c0b2852 in g_signal_emit
(instance=instance@entry=0x7fbf606a8190, signal_id=<optimized out>,
detail=detail@entry=0)
at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./gobject/gsignal.c:3352
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff45860bc0, reg_save_area = 0x7fff45860b00}}
#42 0x00007fbf5cb7141e in gtk_widget_event_internal
(widget=widget@entry=0x7fbf606a8190, event=event@entry=0x7fbf6083f430)
at /tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkwidget.c:6380
signal_num = <optimized out>
return_val = 0
#43 0x00007fbf5cb71839 in gtk_widget_event (widget=widget@entry=0x7fbf606a8190,
event=event@entry=0x7fbf6083f430)
at /tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkwidget.c:6037
__PRETTY_FUNCTION__ = "gtk_widget_event"
#44 0x00007fbf5ca47305 in propagate_event_up (topmost=<optimized out>,
event=<optimized out>, widget=0x7fbf606a8190)
at /tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkmain.c:2400
tmp = <optimized out>
handled_event = <optimized out>
#45 propagate_event (widget=<optimized out>, event=0x7fbf6083f430,
captured=<optimized out>, topmost=0x0)
at /tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkmain.c:2500
handled_event = 0
propagate_func = 0x7fbf5cb717b0 <gtk_widget_event>
#46 0x00007fbf5ca48f73 in gtk_main_do_event (event=0x7fbf6083f430) at
/tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkmain.c:1713
event_widget = <optimized out>
grab_widget = 0x7fbf606a8190
topmost_widget = <optimized out>
window_group = <optimized out>
rewritten_event = <optimized out>
device = <optimized out>
tmp_list = <optimized out>
__PRETTY_FUNCTION__ = "gtk_main_do_event"
#47 0x00007fbf56dcf002 in gdk_event_source_dispatch
(source=source@entry=0x7fbf5f95bc00, callback=<optimized out>,
user_data=<optimized out>) at
/tmp/buildd/gtk+3.0-3.4.2/./gdk/x11/gdkeventsource.c:358
display = <optimized out>
event = 0x7fbf6083f430
#48 0x00007fbf5bdda205 in g_main_dispatch (context=0x7fbf5f95ce90)
at /build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./glib/gmain.c:2539
dispatch = 0x7fbf56dcefe0 <gdk_event_source_dispatch>
was_in_call = 0
user_data = 0x0
callback = 0
cb_funcs = 0x0
cb_data = 0x0
current_source_link = {data = 0x7fbf5f95bc00, next = 0x0}
need_destroy = <optimized out>
source = 0x7fbf5f95bc00
current = 0x7fbf5fd70e10
i = <optimized out>
#49 g_main_context_dispatch (context=context@entry=0x7fbf5f95ce90)
at /build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./glib/gmain.c:3075
No locals.
#50 0x00007fbf5bdda538 in g_main_context_iterate (context=0x7fbf5f95ce90,
block=block@entry=1, dispatch=dispatch@entry=1,
self=<error reading variable: Unhandled dwarf expression opcode 0xfa>)
at /build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./glib/gmain.c:3146
max_priority = 2147483647
timeout = 500
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x7fbf6037c3b0
#51 0x00007fbf5bdda932 in g_main_loop_run (loop=0x7fbf601ead70) at
/build/glib2.0-Tsvodv/glib2.0-2.33.12+really2.32.3/./glib/gmain.c:3340
__PRETTY_FUNCTION__ = "g_main_loop_run"
#52 0x00007fbf5ca482d5 in gtk_main () at
/tmp/buildd/gtk+3.0-3.4.2/./gtk/gtkmain.c:1161
loop = 0x7fbf601ead70
#53 0x00007fbf5e11f97a in main (argc=1, argv=0x7fff45860f88) at main.c:681
shell = 0x7fbf5f94b1a0
settings = <optimized out>
error = 0x0

The corresponding code is in the following.

if (type == CONTACT) {
CamelInternetAddress *addr;
const gchar *name, *email;
gchar *raw;

raw = e_vcard_attribute_get_value (attr->data);
addr = camel_internet_address_new ();
camel_address_unformat (CAMEL_ADDRESS (addr), raw);
camel_internet_address_get (addr, 0, &name, &email);

e_destination_set_name (s_dest, name);
→ e_destination_set_email (s_dest, email);

dest->priv->list_alldests = g_list_append
(dest->priv->list_alldests, s_dest);

g_object_unref (addr);
g_free (raw);
} else {
[…]

So `camel_internet_address_get()` some lines above seems to do something
incorrectly and the result should be checked somehow.

-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages evolution-data-server depends on:
ii evolution-data-server-common 3.4.3-1
ii gconf-service 3.2.5-1+build1
ii libatk1.0-0 2.4.0-2
ii libc6 2.13-35
ii libcairo-gobject2 1.12.2-2
ii libcairo2 1.12.2-2
ii libcamel-1.2-33 3.4.3-1
ii libcomerr2 1.42.5-1
ii libdb5.1 5.1.29-5
ii libdbus-glib-1-2 0.100-1
ii libebackend-1.2-2 3.4.3-1
ii libebook-1.2-13 3.4.3-1
ii libecal-1.2-11 3.4.3-1
ii libedata-book-1.2-13 3.4.3-1
ii libedata-cal-1.2-15 3.4.3-1
ii libedataserver-1.2-16 3.4.3-1
ii libgconf-2-4 3.2.5-1+build1
ii libgdata13 0.12.0-1
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.33.12+really2.32.3-1
ii libgoa-1.0-0 3.4.2-1
ii libgssapi-krb5-2 1.10.1+dfsg-2
ii libgtk-3-0 3.4.2-3
ii libgweather-3-0 3.4.1-1+build1
ii libical0 0.48-2
ii libk5crypto3 1.10.1+dfsg-2
ii libkrb5-3 1.10.1+dfsg-2
ii libldap-2.4-2 2.4.31-1
ii libnspr4 2:4.9.2-1
ii libnspr4-0d 2:4.9.2-1
ii libnss3 2:3.13.6-1
ii libnss3-1d 2:3.13.6-1
ii liboauth0 0.9.4-3+b1
ii libpango1.0-0 1.30.0-1
ii libsoup2.4-1 2.38.1-2
ii libsqlite3-0 3.7.13-1
ii libxml2 2.8.0+dfsg1-5
ii zlib1g 1:1.2.7.dfsg-13

evolution-data-server recommends no packages.

Versions of packages evolution-data-server suggests:
ii evolution 3.4.3-1
ii evolution-data-server-dbg 3.4.3-1

-- no debconf information

--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

Evolution

unread,
Sep 17, 2012, 5:00:59 AM9/17/12
to tel.conn...@gmail.com
André Klapper <a9016009> changed:

What |Removed |Added
----------------------------------------------------------------------------
Keywords| |STACKTRACE
Severity|major |critical

Evolution

unread,
Sep 17, 2012, 9:56:21 AM9/17/12
to tel.conn...@gmail.com
--- Comment #1 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-17 13:56:17 UTC ---
lindi- in #debian-gnome on irc.oftc.net advised me to get the following
information to figure out if GDB is not able to see that address.

(gdb) info register
rax 0xfffffffffffffff0 -16
rbx 0xffffffffffffffff -1
rcx 0x3f 63
rdx 0x7fbf60866290 140459934900880
rsi 0xffffffffffffffff -1
rdi 0xffffffffffffffff -1
rbp 0x7fbf6083f3c0 0x7fbf6083f3c0
rsp 0x7fff4585ed48 0x7fff4585ed48
r8 0x7fbf6083f3a0 140459934741408
r9 0x2c0 704
r10 0x0 0
r11 0x1 1
r12 0xffffffffffffffff -1
r13 0x7fbf6083f550 140459934741840
r14 0x7fbf60892220 140459935080992
r15 0x0 0
rip 0x7fbf5b86cc41 0x7fbf5b86cc41 <__strlen_sse2+49>
eflags 0x10286 [ PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/4i $rip
=> 0x7fbf5b86cc41 <__strlen_sse2+49>: pcmpeqb (%rax),%xmm0
0x7fbf5b86cc45 <__strlen_sse2+53>: mov $0xffffffff,%esi
0x7fbf5b86cc4a <__strlen_sse2+58>: sub %rax,%rcx
0x7fbf5b86cc4d <__strlen_sse2+61>: shl %cl,%esi

Evolution

unread,
Sep 17, 2012, 10:02:06 AM9/17/12
to tel.conn...@gmail.com
--- Comment #2 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-17 14:02:01 UTC ---
The message written to the Linux kernel ring buffer is the following.

[19830.065929] evolution[7909]: segfault at fffffffffffffff0 ip
00007fbf5b86cc41 sp 00007fff4585ed48 error 4 in
libc-2.13.so[7fbf5b7ed000+17d000]

Evolution

unread,
Sep 18, 2012, 8:22:59 AM9/18/12
to tel.conn...@gmail.com
--- Comment #3 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-18 12:22:54 UTC ---
Looking for the offending addressbook entry, I found a log file which
apparently was created when the crash happened.

$ ls -lh ~/.local/share/evolution/addressbook/system/log.0000000001
-rw-r----- 1 joeyh joeyh 10M Sep 16 17:23
evolution/addressbook/system/log.0000000001

`less` says it is a binary file, but I can see several VCARD entries in there.

Evolution

unread,
Sep 19, 2012, 5:24:36 AM9/19/12
to tel.conn...@gmail.com
--- Comment #4 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-19 09:24:31 UTC ---
Created an attachment (id=224720)
View: https://bugzilla.gnome.org/attachment.cgi?id=224720
Review: https://bugzilla.gnome.org/review?bug=684175&attachment=224720

[PATCH] Bug #684175 – Check for corrupt addressbook

For whatever reasons, addressbooks can be corrupt. Clicking on such an
entry in the Contacts overview crashes Evolution with a segmentation
fault. In the overview the first line of the excerpt is empty.

Therefore the return values have to be checked, which is also good
programming practice.

In case of #684175 [1] in

camel_address_unformat (CAMEL_ADDRESS (addr), raw);

according to GDB `raw` is `\000` and returns `FALSE`.

In `camel/camel-internet-address.c`

/**
* camel_internet_address_get:
* @addr: a #CamelInternetAddress object
* @index: address's array index
* @namep: holder for the returned name, or %NULL, if not required.
* @addressp: holder for the returned address, or %NULL, if not
required.
*
* Get the address at @index.
*
* Returns: %TRUE if such an address exists, or %FALSE otherwise
**/
gboolean
camel_internet_address_get (CamelInternetAddress *addr,
gint index,
const gchar **namep,
const gchar **addressp)
{
struct _address *a;

g_assert (CAMEL_IS_INTERNET_ADDRESS (addr));

if (index < 0 || index >= ((CamelAddress *) addr)->addresses->len)
return FALSE;

[…]

the check fails here, because `index = 0` and also

`((CamelAddress *) addr)->addresses->len = 0`

that is why `FALSE` is returned.

Therefore check the return address and throw an error instead of
crashing with a segmentation fault.

[1] https://bugzilla.gnome.org/show_bug.cgi?id=684175

Evolution

unread,
Sep 19, 2012, 5:52:25 AM9/19/12
to tel.conn...@gmail.com
--- Comment #5 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-19 09:52:23 UTC ---
This is the value of `raw` GDB shows.

$19 = 0 '\000'

Evolution

unread,
Sep 22, 2012, 5:33:20 PM9/22/12
to tel.conn...@gmail.com
--- Comment #6 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-22 21:33:14 UTC ---
On the list, Dan Vrátil reviewed the patch [1] and suggested some long term
solution [4].

[1]
https://mail.gnome.org/archives/evolution-hackers/2012-September/msg00015.html
[2]
https://mail.gnome.org/archives/evolution-hackers/2012-September/msg00019.html

Evolution

unread,
Sep 22, 2012, 5:41:59 PM9/22/12
to tel.conn...@gmail.com
Paul Menzel <paulepanter> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #224720|0 |1
is obsolete| |

--- Comment #7 from Paul Menzel <paule...@users.sourceforge.net> 2012-09-22 21:41:56 UTC ---
Created an attachment (id=225002)
View: https://bugzilla.gnome.org/attachment.cgi?id=225002
Review: https://bugzilla.gnome.org/review?bug=684175&attachment=225002

Updated patch just using `g_return_if_fail()`

(In reply to comment #6)
> On the list, Dan Vrátil reviewed the patch [1] and suggested some long term
> solution [2].
Reply all
Reply to author
Forward
0 new messages