Segmentation fault in `copy_record_version()`
(This is a copy of Debian bug report #867303.)
Evolution 3.22.6 crashed this morning, while communicating with an IMAP server.
Here is the trace.
kernel: pool[19218]: segfault at c ip a51f8bb9 sp 93afdaa0 error 4 in libgnutls.so.30.14.5[a51db000+1bd000]
Here is the trace.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 copy_record_version (version=0xa4695d6c "", htype=4294967295, session=0xa4624c10) at record.c:370
370 record.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x93afeb40 (LWP 19218))]
(gdb) bt
#0 0xa51f8bb9 in copy_record_version (version=0xa4695d6c "", htype=4294967295, session=0xa4624c10) at record.c:370
#1 0xa51f8bb9 in _gnutls_send_tlen_int (session=0xa4624c10, type=GNUTLS_APPLICATION_DATA, htype=4294967295, epoch_rel=70001, _data=0xa4620000, data_size=19, min_pad=0, mflags=1) at record.c:496
#2 0xa51faf38 in _gnutls_send_int (mflags=1, data_size=19, _data=0xa4620000, epoch_rel=70001, htype=4294967295, type=GNUTLS_APPLICATION_DATA, session=0xa4624c10) at record.h:43
#3 0xa51faf38 in gnutls_record_send (session=0xa4624c10, data=0xa4620000, data_size=19) at record.c:1628
#4 0xa48896c6 in g_tls_connection_gnutls_write (gnutls=0x87b9aad0 [GTlsClientConnectionGnutls], buffer=0xa4620000, count=19, blocking=1, cancellable=0x0, error=0x0) at gtlsconnection-gnutls.c:1599
#5 0xa488c03d in g_tls_output_stream_gnutls_write (stream=0x8769ca88 [GTlsOutputStreamGnutls], buffer=0xa4620000, count=19, cancellable=0x0, error=0x0) at gtlsoutputstream-gnutls.c:71
#6 0xb38ec425 in g_output_stream_write (stream=0x8769ca88 [GTlsOutputStreamGnutls], buffer=0xa4620000, count=19, cancellable=0x0, error=0x0) at ././gio/goutputstream.c:222
#7 0xb38ee9e3 in g_pollable_stream_write (stream=0x8769ca88 [GTlsOutputStreamGnutls], buffer=0xa4620000, count=19, blocking=1, cancellable=0x0, error=0x0) at ././gio/gpollableutils.c:250
#8 0xb38eea57 in g_pollable_stream_write_all (stream=0x8769ca88 [GTlsOutputStreamGnutls], buffer=0xa4620000, count=19, blocking=1, bytes_written=0x93afdca8, cancellable=0x0, error=0x0) at ././gio/gpollableutils.c:312
#9 0xb38b7f36 in flush_buffer (stream=stream@entry=0x87c52e50 [GConverterOutputStream], blocking=blocking@entry=1, cancellable=cancellable@entry=0x0, error=0x0) at ././gio/gconverteroutputstream.c:381
#10 0xb38b855b in g_converter_output_stream_flush (stream=0x87c52e50 [GConverterOutputStream], cancellable=0x0, error=0x0)
at ././gio/gconverteroutputstream.c:562
#11 0xb38ea8b5 in g_output_stream_internal_close (stream=stream@entry=0x87c52e50 [GConverterOutputStream], cancellable=cancellable@entry=0x0, error=error@entry=0x0) at ././gio/goutputstream.c:642
#12 0xb38ecbfb in g_output_stream_close (stream=0x87c52e50 [GConverterOutputStream], cancellable=0x0, error=0x0)
at ././gio/goutputstream.c:723
#13 0xb38ecc49 in g_output_stream_dispose (object=0x87c52e50 [GConverterOutputStream]) at ././gio/goutputstream.c:121
#14 0xb38d800e in g_filter_output_stream_dispose (object=0x87c52e50 [GConverterOutputStream]) at ././gio/gfilteroutputstream.c:175
#15 0xb383a539 in g_object_unref (_object=0x87c52e50) at ././gobject/gobject.c:3148
#16 0xa64c0289 in imapx_connect_to_server (is=is@entry=0x87d9ffb0 [CamelIMAPXServer], cancellable=cancellable@entry=0x876a44e0 [CamelOperation], error=error@entry=0x93afdf68) at camel-imapx-server.c:2918
#17 0xa64c540e in imapx_reconnect (error=0x93afdf68, cancellable=<optimized out>, is=0x87d9ffb0 [CamelIMAPXServer])
at camel-imapx-server.c:3147
#18 0xa64c540e in camel_imapx_server_connect_sync (is=0x87d9ffb0 [CamelIMAPXServer], cancellable=0x876a44e0 [CamelOperation], error=0x93afdf68) at camel-imapx-server.c:3982
#19 0xa64aa79e in imapx_create_new_connection_unlocked (error=0x93afdf68, cancellable=0x876a44e0 [CamelOperation], mailbox=0x0, conn_man=0x8105f320 [CamelIMAPXConnManager]) at camel-imapx-conn-manager.c:773
#20 0xa64aa79e in camel_imapx_conn_manager_ref_connection (conn_man=conn_man@entry=0x8105f320 [CamelIMAPXConnManager], mailbox=mailbox@entry=0x0, out_is_new_connection=out_is_new_connection@entry=0x0, cancellable=0x876a44e0 [CamelOperation], error=0x93afe018)
at camel-imapx-conn-manager.c:902
#21 0xa64aad20 in camel_imapx_conn_manager_connect_sync (conn_man=0x8105f320 [CamelIMAPXConnManager], cancellable=0x876a44e0 [CamelOperation], error=0x93afe018) at camel-imapx-conn-manager.c:1028
#22 0xa64cf8f0 in imapx_connect_sync (service=0x80d7b6e8 [CamelIMAPXStore], cancellable=0x876a44e0 [CamelOperation], error=0x93afe018)
at camel-imapx-store.c:792
#23 0xb6f23d7e in service_shared_connect_thread (task=0xa6d8ddb0 [GTask], source_object=0x80d7b6e8, task_data=0x0, cancellable=0x876a44e0 [CamelOperation]) at camel-service.c:558
#24 0xb390986d in g_task_thread_pool_thread (thread_data=0xa6d8ddb0, pool_data=0x0) at ././gio/gtask.c:1328
#25 0xb376b338 in g_thread_pool_thread_proxy (data=0x80f34308) at ././glib/gthreadpool.c:307
#26 0xb376a8ca in g_thread_proxy (data=0x8877ee60) at ././glib/gthread.c:784
#27 0xb6e1427a in start_thread (arg=0x93afeb40) at pthread_create.c:333
#28 0xb362bad6 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:110
Searching the Web brought up Debian bug report #844061. Unfortunately I am unable to reproduce my issue.
#0 0xa51f8bb9 in copy_record_version (version=0xa4695d6c "", htype=4294967295, session=0xa4624c10) at record.c:370
bufel = 0xa4695d30
cipher_size = 16719
retval = <optimized out>
ret = <optimized out>
send_data_size = 19
data = 0xa4620000 "A00001 CAPABILITY\r\n/TLS negotiation now.\r\nN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS LOGINDISABLED] Courier-IMAP ready. Copyright 1998-2011 Double Prec"...
record_params = 0x944d4328
record_state = <optimized out>
__func__ = "_gnutls_send_tlen_int"
Looking at the code, it looks like version[0] = lver->major;
is
the offending line. But trying to access it in GDB, the variable lver
is optimized out.
(gdb) p lver
$1 = <optimized out>
So I do not know, how to further debug the issue.
Edited by Paul Menzel