3415 – glib memory structures corrupted - SIGSEGV @ gslice.c:545 called from log.c:267

Bug 3415 - glib memory structures corrupted - SIGSEGV @ gslice.c:545 called from log.c:267

Summary: glib memory structures corrupted - SIGSEGV @ gslice.c:545 called from log.c:267

Status:	RESOLVED INVALID

Alias:	None

Product:	Claws Mail (GTK 2)
Classification:	Unclassified
Component:	Folders/IMAP (show other bugs)
Version:	3.11.1
Hardware:	PC Linux

Importance:	P3 major
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2015-04-01 20:42 UTC by Aleksander Mazur
Modified:	2015-04-02 20:42 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aleksander Mazur 2015-04-01 20:42:33 UTC

claws-mail-3.11.1-3.fc20.x86_64 crashed during processing a warning message from IMAP

Program received signal SIGSEGV, Segmentation fault.
magazine_chain_pop_head (magazine_chunks=0xbadf80) at gslice.c:545
545	      (*magazine_chunks)->data = chunk->next;
(gdb) bt
#0  magazine_chain_pop_head (magazine_chunks=0xbadf80) at gslice.c:545
#1  thread_memory_magazine1_alloc (tmem=<optimized out>, ix=1) at gslice.c:848
#2  g_slice_alloc (mem_size=mem_size@entry=32) at gslice.c:1007
#3  0x0000003bf50654ee in g_slice_alloc0 (mem_size=mem_size@entry=32) at gslice.c:1042
#4  0x0000003bf50470e4 in g_source_new (source_funcs=0x3bf532a9a0 <g_timeout_funcs>, struct_size=<optimized out>) at gmain.c:856
#5  0x0000003bf504a0f9 in g_timeout_source_new (interval=interval@entry=0) at gmain.c:4477
#6  0x0000003bf504a190 in g_timeout_add_full (priority=priority@entry=0, interval=interval@entry=0, function=function@entry=0x5cfa70 <invoke_hook_cb>, data=0x1dedb70, notify=notify@entry=0x0) at gmain.c:4566
#7  0x0000003bf504a222 in g_timeout_add (interval=interval@entry=0, function=function@entry=0x5cfa70 <invoke_hook_cb>, data=<optimized out>) at gmain.c:4616
#8  0x00000000005d01c8 in log_warning (instance=instance@entry=LOG_PROTOCOL, format=<optimized out>) at log.c:267
#9  0x00000000004a25de in imap_handle_error (session=0x1d5e000, server=<optimized out>, libetpan_errcode=4) at imap.c:625
#10 0x00000000004a7aac in get_list_of_uids (msgnum_list=<synthetic pointer>, item=0x10698e0, folder=0x10688f0, session=0x1d5e000) at imap.c:4501
#11 imap_get_num_list (folder=0x10688f0, _item=0x10698e0, msgnum_list=0x7fffffffcb08, old_uids_valid=0x7fffffffcb04) at imap.c:4596
#12 0x000000000048ecf4 in folder_item_scan_full (item=0x10698e0, filtering=1) at folder.c:2154
#13 0x000000000049b96f in folderview_check_new (folder=<optimized out>) at folderview.c:1117
#14 0x00000000004b3a6d in inc_all_account_mail (mainwin=0xd08060, autocheck=1, notify=0) at inc.c:362
#15 0x00000000004b3c4e in inc_autocheck_func (data=<error reading variable: value has been optimized out>) at inc.c:1495
#16 0x0000003bf5049e43 in g_timeout_dispatch (source=source@entry=0x197c290, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4451
#17 0x0000003bf50492a6 in g_main_dispatch (context=0xc9f9d0) at gmain.c:3066
#18 g_main_context_dispatch (context=context@entry=0xc9f9d0) at gmain.c:3642
#19 0x0000003bf5049628 in g_main_context_iterate (context=0xc9f9d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#20 0x0000003bf5049a3a in g_main_loop_run (loop=0xbcd780) at gmain.c:3907
#21 0x00000036d2145c77 in IA__gtk_main () at gtkmain.c:1268
#22 0x0000000000449420 in main (argc=1, argv=0x7fffffffe088) at main.c:1559
(gdb) print *(LogText*) 0x1dedb70
$6 = {instance = LOG_PROTOCOL, 
  text = 0x2b412a0 "Błąd połączenia z serwerem IMAP XXXXXX.XXXXXXXXX.XX: błąd strumienia\n", type = LOG_WARN}
(gdb) fr 0
#0  magazine_chain_pop_head (magazine_chunks=0xbadf80) at gslice.c:545
545	      (*magazine_chunks)->data = chunk->next;
(gdb) print chunk
$7 = (ChunkLink *) 0x88888800000000
(gdb) print *chunk
Cannot access memory at address 0x88888800000000
(gdb) fr 1
#1  thread_memory_magazine1_alloc (tmem=<optimized out>, ix=1) at gslice.c:848
848	  ChunkLink *chunk = magazine_chain_pop_head (&mag->chunks);
(gdb) print mag
$8 = (Magazine *) 0xbadf80
(gdb) print *mag
$9 = {chunks = 0x1cb7620, count = 33}
(gdb) print *mag->chunks
$10 = {next = 0x1020d60, data = 0x88888800000000}
(gdb) print *mag->chunks->next
$11 = {next = 0x2b19100, data = 0x0}
(gdb) print *mag->chunks->next->next
$12 = {next = 0x2b191a0, data = 0x0}
(gdb) print *mag->chunks->next->next->next
$13 = {next = 0x18df980, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next
$14 = {next = 0x17efee0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next
$15 = {next = 0x18ff140, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next
$16 = {next = 0x18d5880, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next
$17 = {next = 0x22199a0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next
$18 = {next = 0x25394a0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next
$19 = {next = 0x1018820, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next
$20 = {next = 0x7fffd404a400, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next
$21 = {next = 0x2b17ba0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next
$22 = {next = 0x2b17ae0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next
$23 = {next = 0x2b19360, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$24 = {next = 0x249df80, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$25 = {next = 0x220f400, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$26 = {next = 0x2b27ba0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$27 = {next = 0x190d660, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$28 = {next = 0x101f6e0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$29 = {next = 0x1012360, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$30 = {next = 0x7fffd4040720, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$31 = {next = 0x1018880, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$32 = {next = 0xe3f9a0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$33 = {next = 0xe70260, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$34 = {next = 0x17a3da0, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$35 = {next = 0x18d5920, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$36 = {next = 0x7fffd400e440, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$37 = {next = 0x173c900, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$38 = {next = 0x101db20, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$39 = {next = 0x17adf00, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$40 = {next = 0x2b19020, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$41 = {next = 0x1c11f80, data = 0x0}
(gdb) print *mag->chunks->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next->next
$42 = {next = 0x0, data = 0x0}

Comment 1 Paul 2015-04-02 20:19:19 UTC

You probably need to upgrade to the latest version of libetpan (version 1.6).

Comment 2 Aleksander Mazur 2015-04-02 20:42:29 UTC

Actually it occured with libetpan 1.6.

$ ldd `which claws-mail`|grep etpan
	libetpan.so.17 => /lib64/libetpan.so.17 (0x0000003457e00000)
$ LANG=C rpm -q --file /lib64/libetpan.so.17 -i
Name        : libetpan
Version     : 1.6
Release     : 1.fc20
Architecture: x86_64
Install Date: Wed Nov 12 22:58:43 2014

Note You need to log in before you can comment on or make changes to this bug.