There has been a commit to fix this, but I don't think it's complete: http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=8cd3d8443dfd5ab9cfa0880ac76d3e78de7a0dd4 Steps to reproduce: 1. start Claws Mail 2. open menu "Configuration > Edit accounts..." 3. click "New" 4. cancel the dialog "Preferences for new account" 5. click "New" again 6. -> crash (if not, cancel the dialog, too)
Created attachment 1282 [details] gdb.txt (2 traces) true, happends without any plugins loaded. prefswindow.c:177:prefs window closed prefs_account.c:3699:called inc_unlock (lock count 1) prefs_account.c:3675:Opening account preferences window... prefs_account.c:3677:called inc_lock (lock count 2) ==3639== Invalid free() / delete / delete[] / realloc() ==3639== at 0x402A24C: free (vg_replace_malloc.c:446) ==3639== by 0x4B8356A: standard_free (gmem.c:98) ==3639== by 0x4B836DF: g_free (gmem.c:252) ==3639== by 0x815A8D1: prefs_set_default (prefs_gtk.c:433) ==3639== by 0x813D3AD: prefs_account_new (prefs_account.c:3440) ==3639== by 0x813DEC4: prefs_account_open (prefs_account.c:3682) ==3639== by 0x8082D79: account_add (account.c:413) ==3639== by 0x4AF4A36: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115) ==3639== by 0x4AF2F00: _g_closure_invoke_va (gclosure.c:840) ==3639== by 0x4B0C6FD: g_signal_emit_valist (gsignal.c:3234) ==3639== by 0x4B0D2B2: g_signal_emit (gsignal.c:3384) ==3639== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128) ==3639== Address 0x1053c758 is 0 bytes inside a block of size 1 free'd ==3639== at 0x402A24C: free (vg_replace_malloc.c:446) ==3639== by 0x4B8356A: standard_free (gmem.c:98) ==3639== by 0x4B836DF: g_free (gmem.c:252) ==3639== by 0x815B069: prefs_free (prefs_gtk.c:531) ==3639== by 0x813DBC2: prefs_account_free (prefs_account.c:3607) ==3639== by 0x813DF05: prefs_account_open (prefs_account.c:3704) ==3639== by 0x8082D79: account_add (account.c:413) ==3639== by 0x4AF49CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==3639== by 0x4AF2C55: g_closure_invoke (gclosure.c:777) ==3639== by 0x4B04ED6: signal_emit_unlocked_R (gsignal.c:3584) ==3639== by 0x4B0D0DA: g_signal_emit_valist (gsignal.c:3328) ==3639== by 0x4B0D2B2: g_signal_emit (gsignal.c:3384) Also all dictionaries are loaded twice gtkaspell.c:1590:Aspell: found dictionary de de gtkaspell.c:1590:Aspell: found dictionary de_AT de_AT gtkaspell.c:1590:Aspell: found dictionary de_CH de_CH gtkaspell.c:1590:Aspell: found dictionary de_DE de_DE gtkaspell.c:1590:Aspell: found dictionary en_US en_US gtkaspell.c:1590:Aspell: found dictionary de de gtkaspell.c:1590:Aspell: found dictionary de_AT de_AT gtkaspell.c:1590:Aspell: found dictionary de_CH de_CH gtkaspell.c:1590:Aspell: found dictionary de_DE de_DE gtkaspell.c:1590:Aspell: found dictionary en_US en_US
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=306bf2ef35f2d074d786a85bcf5454cfc5f4b2e1 Author: Paul <paul@claws-mail.org> Date: Mon Jul 8 17:05:09 2013 +0100 fix bug 2957, 'Double-free in account preferences'
@kardan: please try to keep these bug reports succinct and to the point. Everything necessary to reproduce the bug was given by Michael. There was no need to add an attachment or any further comments, it was easily reproducible. It was nothing to do with plugins, and the dictionaries are loaded twice because there are 2 options where a dictionary is selected.
thanks for the hint. If I add too much information, this is because I do not know, if this important information. Like this valgrind trace after applying the patch. 1. create new account 2. cancel 3. new prefswindow.c:711:0,000000 prefswindow.c:177:prefs window closed prefs_account.c:3699:called inc_unlock (lock count 1) prefs_account.c:3675:Opening account preferences window... prefs_account.c:3677:called inc_lock (lock count 2) ==26498== Invalid free() / delete / delete[] / realloc() ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8162C71: prefs_set_default (in /usr/bin/claws-mail) ==26498== by 0x814621D: prefs_account_new (in /usr/bin/claws-mail) ==26498== by 0x8146D2C: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8AA36: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115) ==26498== by 0x4B88F00: _g_closure_invoke_va (gclosure.c:840) ==26498== by 0x4BA26FD: g_signal_emit_valist (gsignal.c:3234) ==26498== by 0x4BA32B2: g_signal_emit (gsignal.c:3384) ==26498== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128) ==26498== Address 0x741cbd0 is 0 bytes inside a block of size 1 free'd ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8163468: prefs_free (in /usr/bin/claws-mail) ==26498== by 0x8146A32: prefs_account_free (in /usr/bin/claws-mail) ==26498== by 0x8146D6D: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8A9CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==26498== by 0x4B88C55: g_closure_invoke (gclosure.c:777) ==26498== by 0x410FD49: gtk_button_clicked (gtkbutton.c:1128) ==26498== Address 0x741cbd0 is 0 bytes inside a block of size 1 free'd ==26498== at 0x402A24C: free (vg_replace_malloc.c:446) ==26498== by 0x4C1A56A: standard_free (gmem.c:98) ==26498== by 0x4C1A6DF: g_free (gmem.c:252) ==26498== by 0x8163468: prefs_free (in /usr/bin/claws-mail) ==26498== by 0x8146A32: prefs_account_free (in /usr/bin/claws-mail) ==26498== by 0x8146D6D: prefs_account_open (in /usr/bin/claws-mail) ==26498== by 0x808D289: account_add (in /usr/bin/claws-mail) ==26498== by 0x4B8A9CE: g_cclosure_marshal_VOID__VOID (gmarshal.c:85) ==26498== by 0x4B88C55: g_closure_invoke (gclosure.c:777) ==26498== by 0x4B9AED6: signal_emit_unlocked_R (gsignal.c:3584) ==26498== by 0x4BA30DA: g_signal_emit_valist (gsignal.c:3328) ==26498== by 0x4BA32B2: g_signal_emit (gsignal.c:3384)
Is this with Paul's second commit or with just the first one? It seems to match the valgrind output you've attached in comment 1. With the complete fix, I cannot reproduce the crashes anymore: http://pkgs.fedoraproject.org/cgit/claws-mail.git/plain/claws-mail-3.9.2-account-double-free.patch?id=c90b105f83e34af9ff49779ab00b9fcfedc173c2
With the 2nd. The bug is fixed, the mem error still happens.