Bug 3149 - IMAP thread uses a stale session pointer (already freed from GTK/GDK context)
Summary: IMAP thread uses a stale session pointer (already freed from GTK/GDK context)
Status: RESOLVED DUPLICATE of bug 3145
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: Folders/IMAP (show other bugs)
Version: 3.9.3
Hardware: PC Linux
: P3 critical
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2014-04-20 10:33 UTC by Aleksander Mazur
Modified: 2014-04-21 07:48 UTC (History)
0 users

See Also:


Attachments

Description Aleksander Mazur 2014-04-20 10:33:41 UTC
Memory corruption reported by Valgrind:

==00:00:39:01.702 2406== Invalid read of size 4
==00:00:39:01.702 2406==    at 0x80E4373: imap_handle_error (imap.c:596)
==00:00:39:01.702 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.702 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.702 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.702 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.702 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.702 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.702 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.702 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.702 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.702 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.702 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.702 2406==  Address 0x4e9f0b8 is 8 bytes inside a block of size 4,096 free'd
==00:00:39:01.702 2406==    at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.702 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.702 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.702 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.702 2406==    by 0x48AC2DEB: gdk_pixbuf_scale (gdk-pixbuf-scale.c:153)
==00:00:39:01.702 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.702 2406==    by 0x4A9BFDB: theme_pixbuf_render (pixbuf-render.c:818)
==00:00:39:01.702 2406==    by 0x4A98142: draw_simple_image.isra.0 (pixbuf-draw.c:145)
==00:00:39:01.703 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.703 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.703 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.703 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.703 2406== 
==00:00:39:01.728 2406== Invalid read of size 4
==00:00:39:01.728 2406==    at 0x80E43DF: imap_handle_error (imap.c:574)
==00:00:39:01.728 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.728 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.728 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.728 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.728 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.728 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.728 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.728 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.728 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.728 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.728 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.728 2406==  Address 0x4ea0190 is not stack'd, malloc'd or (recently) free'd
==00:00:39:01.728 2406== 
==00:00:39:01.751 2406== Invalid write of size 4
==00:00:39:01.751 2406==    at 0x80E4415: imap_handle_error (imap.c:577)
==00:00:39:01.751 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.751 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.751 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.751 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.751 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.751 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.751 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.751 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.752 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.752 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.752 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.752 2406==  Address 0x4e9f0c4 is 20 bytes inside a block of size 4,096 free'd
==00:00:39:01.752 2406==    at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.752 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.752 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.752 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.752 2406==    by 0x48AC2DEB: gdk_pixbuf_scale (gdk-pixbuf-scale.c:153)
==00:00:39:01.752 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.752 2406==    by 0x4A9BFDB: theme_pixbuf_render (pixbuf-render.c:818)
==00:00:39:01.752 2406==    by 0x4A98142: draw_simple_image.isra.0 (pixbuf-draw.c:145)
==00:00:39:01.752 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.752 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.752 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.752 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.752 2406== 
==00:00:39:01.773 2406== Invalid write of size 4
==00:00:39:01.773 2406==    at 0x80E441C: imap_handle_error (imap.c:578)
==00:00:39:01.773 2406==    by 0x80E4A4A: imap_cmd_noop (imap.c:4018)
==00:00:39:01.773 2406==    by 0x80E5F5D: imap_ping (imap.c:559)
==00:00:39:01.773 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.773 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.773 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.773 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.773 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.773 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.773 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.773 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.773 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.773 2406==  Address 0x4e9f0b4 is 4 bytes inside a block of size 4,096 free'd
==00:00:39:01.773 2406==    at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.773 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.773 2406==    by 0x48ACC880: pixops_process (pixops.c:1382)
==00:00:39:01.773 2406==    by 0x48ACD1AC: _pixops_scale (pixops.c:2216)
==00:00:39:01.773 2406==    by 0x48AC2DEB: gdk_pixbuf_scale (gdk-pixbuf-scale.c:153)
==00:00:39:01.773 2406==    by 0x4A9ADD5: pixbuf_render (pixbuf-render.c:466)
==00:00:39:01.773 2406==    by 0x4A9BFDB: theme_pixbuf_render (pixbuf-render.c:818)
==00:00:39:01.773 2406==    by 0x4A98142: draw_simple_image.isra.0 (pixbuf-draw.c:145)
==00:00:39:01.773 2406==    by 0x4A994EB: draw_box (pixbuf-draw.c:668)
==00:00:39:01.773 2406==    by 0x437D3C5B: gtk_paint_box (gtkstyle.c:6207)
==00:00:39:01.773 2406==    by 0x4365F130: _gtk_button_paint (gtkbutton.c:1511)
==00:00:39:01.773 2406==    by 0x4365F391: gtk_button_expose (gtkbutton.c:1564)
==00:00:39:01.773 2406== 
==00:00:39:01.797 2406== Invalid read of size 4
==00:00:39:01.798 2406==    at 0x80E42FF: unlock_session (imap.c:514)
==00:00:39:01.798 2406==    by 0x80E5F66: imap_ping (imap.c:560)
==00:00:39:01.798 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.798 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.798 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.798 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.798 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.798 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.798 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.798 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.798 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.798 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.798 2406==  Address 0x4ea019c is not stack'd, malloc'd or (recently) free'd
==00:00:39:01.798 2406== 
==00:00:39:01.821 2406== Invalid write of size 4
==00:00:39:01.821 2406==    at 0x80E4305: unlock_session (imap.c:540)
==00:00:39:01.821 2406==    by 0x80E5F66: imap_ping (imap.c:560)
==00:00:39:01.821 2406==    by 0x48066261: g_timeout_dispatch (gmain.c:4451)
==00:00:39:01.821 2406==    by 0x48065555: g_main_context_dispatch (gmain.c:3066)
==00:00:39:01.821 2406==    by 0x4806591F: g_main_context_iterate.isra.23 (gmain.c:3713)
==00:00:39:01.821 2406==    by 0x480659E8: g_main_context_iteration (gmain.c:3774)
==00:00:39:01.821 2406==    by 0x4372D981: gtk_main_iteration (gtkmain.c:1345)
==00:00:39:01.821 2406==    by 0x822E5D4: threaded_run (imap-thread.c:440)
==00:00:39:01.821 2406==    by 0x8233B63: imap_threaded_fetch_uid_flags (imap-thread.c:2266)
==00:00:39:01.821 2406==    by 0x80EB85B: imap_get_flags (imap.c:5139)
==00:00:39:01.821 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.821 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.821 2406==  Address 0x4ea0194 is not stack'd, malloc'd or (recently) free'd
==00:00:39:01.821 2406== 
==00:00:39:01.865 2406== Invalid read of size 4
==00:00:39:01.865 2406==    at 0x80E42FF: unlock_session (imap.c:514)
==00:00:39:01.865 2406==    by 0x80EB932: imap_get_flags (imap.c:5153)
==00:00:39:01.865 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.865 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.865 2406==    by 0x80D0F67: folder_item_scan (folder.c:2507)
==00:00:39:01.865 2406==    by 0x80DC9A6: folderview_check_new (folderview.c:1190)
==00:00:39:01.865 2406==    by 0x80F7032: inc_all_account_mail (inc.c:360)
==00:00:39:01.865 2406==    by 0x81D1AEF: toolbar_inc_all_cb (toolbar.c:2667)
==00:00:39:01.866 2406==    by 0x48187548: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115)
==00:00:39:01.866 2406==    by 0x48185A25: _g_closure_invoke_va (gclosure.c:840)
==00:00:39:01.866 2406==    by 0x4819FA82: g_signal_emit_valist (gsignal.c:3238)
==00:00:39:01.866 2406==    by 0x481A0B80: g_signal_emit_by_name (gsignal.c:3426)
==00:00:39:01.866 2406==  Address 0x45f40d4 is 8 bytes after a block of size 28 free'd
==00:00:39:01.866 2406==    at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.866 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.866 2406==    by 0x48082E07: g_slice_free1 (gslice.c:1124)
==00:00:39:01.866 2406==    by 0x433A4CEA: gdk_region_destroy (gdkregion-generic.c:366)
==00:00:39:01.866 2406==    by 0x4339446E: gdk_event_free (gdkevents.c:554)
==00:00:39:01.866 2406==    by 0x436971DF: gtk_container_propagate_expose (gtkcontainer.c:2759)
==00:00:39:01.866 2406==    by 0x82867BE: gtk_cmclist_expose (gtkcmclist.c:4968)
==00:00:39:01.866 2406==    by 0x4373098D: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86)
==00:00:39:01.866 2406==    by 0x48184274: g_type_class_meta_marshal (gclosure.c:970)
==00:00:39:01.866 2406==    by 0x481857DD: g_closure_invoke (gclosure.c:777)
==00:00:39:01.866 2406==    by 0x481981C9: signal_emit_unlocked_R (gsignal.c:3624)
==00:00:39:01.866 2406==    by 0x481A00AA: g_signal_emit_valist (gsignal.c:3340)
==00:00:39:01.866 2406== 
==00:00:39:01.886 2406== Invalid write of size 4
==00:00:39:01.886 2406==    at 0x80E4305: unlock_session (imap.c:540)
==00:00:39:01.886 2406==    by 0x80EB932: imap_get_flags (imap.c:5153)
==00:00:39:01.886 2406==    by 0x80CE4EF: syncronize_flags (folder.c:1946)
==00:00:39:01.886 2406==    by 0x80CF312: folder_item_scan_full (folder.c:2346)
==00:00:39:01.886 2406==    by 0x80D0F67: folder_item_scan (folder.c:2507)
==00:00:39:01.886 2406==    by 0x80DC9A6: folderview_check_new (folderview.c:1190)
==00:00:39:01.886 2406==    by 0x80F7032: inc_all_account_mail (inc.c:360)
==00:00:39:01.887 2406==    by 0x81D1AEF: toolbar_inc_all_cb (toolbar.c:2667)
==00:00:39:01.887 2406==    by 0x48187548: g_cclosure_marshal_VOID__VOIDv (gmarshal.c:115)
==00:00:39:01.887 2406==    by 0x48185A25: _g_closure_invoke_va (gclosure.c:840)
==00:00:39:01.887 2406==    by 0x4819FA82: g_signal_emit_valist (gsignal.c:3238)
==00:00:39:01.887 2406==    by 0x481A0B80: g_signal_emit_by_name (gsignal.c:3426)
==00:00:39:01.887 2406==  Address 0x45f40cc is 0 bytes after a block of size 28 free'd
==00:00:39:01.887 2406==    at 0x4007BCD: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==00:00:39:01.887 2406==    by 0x4806B631: g_free (gmem.c:197)
==00:00:39:01.887 2406==    by 0x48082E07: g_slice_free1 (gslice.c:1124)
==00:00:39:01.887 2406==    by 0x433A4CEA: gdk_region_destroy (gdkregion-generic.c:366)
==00:00:39:01.887 2406==    by 0x4339446E: gdk_event_free (gdkevents.c:554)
==00:00:39:01.887 2406==    by 0x436971DF: gtk_container_propagate_expose (gtkcontainer.c:2759)
==00:00:39:01.887 2406==    by 0x82867BE: gtk_cmclist_expose (gtkcmclist.c:4968)
==00:00:39:01.887 2406==    by 0x4373098D: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:86)
==00:00:39:01.887 2406==    by 0x48184274: g_type_class_meta_marshal (gclosure.c:970)
==00:00:39:01.887 2406==    by 0x481857DD: g_closure_invoke (gclosure.c:777)
==00:00:39:01.887 2406==    by 0x481981C9: signal_emit_unlocked_R (gsignal.c:3624)
==00:00:39:01.887 2406==    by 0x481A00AA: g_signal_emit_valist (gsignal.c:3340)
==00:00:39:01.887 2406== 

This may lead to a crash like in bug 3145.
claws-mail was running in background when this happened, however it is possible that it occured just after resuming PC from suspend.
Comment 1 Colin Leroy 2014-04-21 07:48:25 UTC
This is probably due to the same root cause as #3145. I'll close it, it should get fixed if I can get #3145 to be correctly fixed.

*** This bug has been marked as a duplicate of bug 3145 ***

Note You need to log in before you can comment on or make changes to this bug.