[Evolution] Bug#575011: Memory-eating loop in new_parse_body

Joachim Breitner nomeata at debian.org
Mon Mar 22 20:04:56 UTC 2010 

Package: libgtkhtml3.14-19
Version: 3.29.92.1-1
Severity: important
File: /usr/lib/libgtkhtml-3.14.so.19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

upon opening some e-mail messages, evolution starts to aquire more and
more memory, putting my system to an halt until the OOM killer kicks in.

I managed to stop evolution within gdb while it is eating memory, and
this is the backtrace:

0x00007ffff252ac9f in pthread_mutex_lock () from /lib/libpthread.so.0
(gdb) bt
#0  0x00007ffff252ac9f in pthread_mutex_lock () from /lib/libpthread.so.0
#1  0x00007fffeec7d8a9 in g_type_instance_get_private ()
   from /usr/lib/libgobject-2.0.so.0
#2  0x00007ffff64697a9 in searching_tokenizer_peek_token (tokenizer=0x1654800)
    at e-searching-tokenizer.c:981
#3  0x00007ffff36fe500 in parse_object_params (e=0x7fffe038a930, 
    clue=<value optimized out>, attr=<value optimized out>) at htmlengine.c:1523
#4  element_parse_object (e=0x7fffe038a930, clue=<value optimized out>, 
    attr=<value optimized out>) at htmlengine.c:1616
#5  0x00007ffff36f5a58 in parse_one_token (e=0x7fffe038a930, clue=0xcfe1e0, 
    str=0xcf58b2 "object type=\"application/x-shockwave-flash\" height=\"350\" width=\"425\" data=\"http://www.youtube.com/v/-Ivf6pIetKs&rel=0&hd=1&enablejsapi=1&playerapiid=ytplayer&fs=1\" id=\"emvideo-youtube-flash-1\">") at htmlengine.c:3974
#6  0x00007ffff3702b1e in new_parse_body (e=0x7fffe038a930) at htmlengine.c:1428
#7  html_engine_timer_event (e=0x7fffe038a930) at htmlengine.c:4933
#8  0x00007ffff37031b8 in html_engine_stream_end (stream=<value optimized out>, 
    status=<value optimized out>, data=<value optimized out>) at htmlengine.c:4996
#9  0x00007ffff36c40b8 in gtk_html_stream_close (stream=0x1, 
    status=GTK_HTML_STREAM_OK) at gtkhtml-stream.c:137
#10 0x00007fffe794a4c9 in emhs_sync_close (stream=0x1268d80) at em-html-stream.c:99
#11 0x00007fffe794cd65 in emss_process_message (msg=0x7fffd88ede50)
    at em-sync-stream.c:87
#12 0x00007fffee7c790e in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#13 0x00007fffee7cb2c8 in ?? () from /lib/libglib-2.0.so.0
#14 0x00007fffee7cb725 in g_main_loop_run () from /lib/libglib-2.0.so.0
#15 0x00007ffff0be4e77 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#16 0x00000000004031ff in main (argc=1, argv=0x7fffffffe2a8) at main.c:607

Continuing gdb and stopping a few seconds later, we have:

0x00007fffeec7fee7 in g_type_check_class_cast () from /usr/lib/libgobject-2.0.so.0
(gdb) bt
#0  0x00007fffeec7fee7 in g_type_check_class_cast () from /usr/lib/libgobject-2.0.so.0
#1  0x00007ffff3727dea in html_tokenizer_peek_token (t=0x1654800)
    at htmltokenizer.c:1519
#2  0x00007ffff36fe500 in parse_object_params (e=0x7fffe038a930, 
    clue=<value optimized out>, attr=<value optimized out>) at htmlengine.c:1523
#3  element_parse_object (e=0x7fffe038a930, clue=<value optimized out>, 
    attr=<value optimized out>) at htmlengine.c:1616
#4  0x00007ffff36f5a58 in parse_one_token (e=0x7fffe038a930, clue=0xcfe1e0, 
    str=0xcf58b2 "object type=\"application/x-shockwave-flash\" height=\"350\" width=\"425\" data=\"http://www.youtube.com/v/-Ivf6pIetKs&rel=0&hd=1&enablejsapi=1&playerapiid=ytplayer&fs=1\" id=\"emvideo-youtube-flash-1\">") at htmlengine.c:3974
#5  0x00007ffff3702b1e in new_parse_body (e=0x7fffe038a930) at htmlengine.c:1428
#6  html_engine_timer_event (e=0x7fffe038a930) at htmlengine.c:4933
#7  0x00007ffff37031b8 in html_engine_stream_end (stream=<value optimized out>, 
    status=<value optimized out>, data=<value optimized out>) at htmlengine.c:4996
#8  0x00007ffff36c40b8 in gtk_html_stream_close (stream=0x1, status=16029680)
    at gtkhtml-stream.c:137
#9  0x00007fffe794a4c9 in emhs_sync_close (stream=0x1268d80) at em-html-stream.c:99
#10 0x00007fffe794cd65 in emss_process_message (msg=0x7fffd88ede50)
    at em-sync-stream.c:87
#11 0x00007fffee7c790e in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#12 0x00007fffee7cb2c8 in ?? () from /lib/libglib-2.0.so.0
#13 0x00007fffee7cb725 in g_main_loop_run () from /lib/libglib-2.0.so.0
#14 0x00007ffff0be4e77 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x00000000004031ff in main (argc=1, argv=0x7fffffffe2a8) at main.c:607

so it seems it has problems parsing the object tag. I have attached the mail in
question.

Greetings,
Joachim


- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgtkhtml3.14-19 depends on:
ii  libatk1.0-0             1.29.4-1         The ATK accessibility toolkit
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-3         The Cairo 2D vector graphics libra
ii  libenchant1c2a          1.4.2-3.6        a wrapper library for various spel
ii  libfontconfig1          2.8.0-2          generic font configuration library
ii  libfreetype6            2.3.11-1         FreeType 2 font engine, shared lib
ii  libgail18               2.19.6-1         GNOME Accessibility Implementation
ii  libgconf2-4             2.28.0-1         GNOME configuration database syste
ii  libglib2.0-0            2.22.4-1         The GLib library of C routines
ii  libgtk2.0-0             2.19.6-1         The GTK+ graphical user interface 
ii  libpango1.0-0           1.26.2-1         Layout and rendering of internatio
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

libgtkhtml3.14-19 recommends no packages.

Versions of packages libgtkhtml3.14-19 suggests:
ii  libgtkhtml3.14-dbg           3.29.92.1-1 HTML rendering/editing library - d

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkunzWgACgkQ9ijrk0dDIGyzCQCgvDDQZ8R+dxshDtoYkzPEymlp
MAIAmgLDDMGpCV9Mfc6uEdAvRc/eWICO
=BFEY
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded message was scrubbed...
From: =?utf-8?b?cmV0dGljaHNjaG5pZGk=?= <feed2imap at acme.com>
Subject: =?utf-8?b?QmV0YXRlc3RlciBmw7xyIEVzY2hhbG9uOiBCb29rIElJIGdlc3VjaHQgKlVQREFURSo=?=
Date: Sun, 07 Mar 2010 22:10:36 +0100
Size: 5850
URL: <http://lists.alioth.debian.org/pipermail/pkg-evolution-maintainers/attachments/20100322/ad99a5fe/attachment.eml>

More information about the Pkg-evolution-maintainers mailing list