Version: (using KDE KDE 3.5.0) Installed from: Gentoo Packages Compiler: gcc 3.4.4 OS: Linux kmail 3.5.0-r3 When attempting to view a message in an imap folder, kmail randomly (frequently) crashes due to a double-free detected by glibc. Unfortunately I do not have a core-dump with symbols, but a log from a debug-build might be of some help: kmail: connections to server x.y.z now 0 kmail: processNextCheck, remaining 0 kmail: account x finished check kmail: 2 new message(s) in .1633406481.directory/INBOX kmail: ImapJob::slotGetMessageResult - retrieved part kmail: (125222, last 0) subject sender, readyToShow true kmail: [const QTextCodec* KMReaderWin::overrideCodec() const] mOverrideEncoding == 'iso-8859-1' kmail: [const QTextCodec* KMReaderWin::overrideCodec() const] mOverrideEncoding == 'iso-8859-1' kmail: parseMsg(KMMessage* aMsg == aMsg ) kmail: + Text/Plain kmail: Inserting one item into MimePartTree kmail: Content-Type: Text/Plain kmail: partNode::findType() is looking at Text/Plain kmail: [static KMail::SpamScores KMail::SpamHeaderAnalyzer::getSpamScores(const KMMessage*)] kmail: Multiple / No addressees matched email address; Count is 0 *** glibc detected *** double free or corruption (out): 0x082c7b18 *** *** KMail got signal 6 (Crashing) Next start of kmail after such a crash always leads to a SIGSEGV instead: kmail: KMFolderImap::processNewMail - waiting for connection: FFK kmail: KMFolderImap::processNewMail - imapPath of RFK is empty! kmail: slotListNamespaces - waiting for connection kmail: slotListNamespaces - waiting for connection *** KMail got signal 11 (Crashing) _ /Bjorn.
Caught this one with a non-stripped build. The original crash: #0 0xffffe410 in ?? () #1 0xbfd3cfe8 in ?? () #2 0x00000006 in ?? () #3 0x00001eb5 in ?? () #4 0xb5824651 in raise () from /lib/tls/libc.so.6 #5 0xb582615c in abort () from /lib/tls/libc.so.6 #6 0xb585735b in __fsetlocking () from /lib/tls/libc.so.6 #7 0xb5860c99 in mallopt () from /lib/tls/libc.so.6 #8 0xb585fa0d in mallopt () from /lib/tls/libc.so.6 #9 0xb585e7c9 in free () from /lib/tls/libc.so.6 #10 0xb59e23f1 in operator delete () from /usr/lib/gcc/i686-pc-linux-gnu/3.4.4/libstdc++.so.6 #11 0xb7b91e93 in __gnu_cxx::new_allocator<DwFieldBody*>::deallocate (this=0xbfd3d380, __p=0x85ed428) at new_allocator.h:86 #12 0xb7b9185b in std::_Vector_base<DwFieldBody*, std::allocator<DwFieldBody*> >::_M_deallocate (this=0xbfd3d380, __p=0x85ed428, __n=1) at stl_vector.h:117 #13 0xb7b90d46 in ~_Vector_base (this=0xbfd3d380) at stl_vector.h:106 #14 0xb7b8ff60 in ~vector (this=0xbfd3d380) at stl_vector.h:256 #15 0xb7b85674 in KMMessage::headerFields (this=0x8596dc8, field=@0xbfd3d3d0) at kmmessage.cpp:2187 #16 0xb7b83b00 in KMMessage::cc (this=0x8596dc8) at kmmessage.cpp:1831 #17 0xb7d54eb1 in KMail::FancyHeaderStyle::format (this=0x83fa448, message=0x8596dc8, strategy=0x805e7d0, vCardName=@0xbfd42b40, printing=false) at headerstyle.cpp:630 #18 0xb7c569aa in KMReaderWin::writeMsgHeader (this=0x836f670, aMsg=0x8596dc8, hasVCard=false) at kmreaderwin.cpp:1646 #19 0xb7c55cb9 in KMReaderWin::parseMsg (this=0x836f670, aMsg=0x8596dc8) at kmreaderwin.cpp:1529 #20 0xb7c55711 in KMReaderWin::displayMessage (this=0x836f670) at kmreaderwin.cpp:1468 #21 0xb7c551db in KMReaderWin::updateReaderWin (this=0x836f670) at kmreaderwin.cpp:1404 #22 0xb7c52136 in KMReaderWin::update (this=0x836f670, observable=0x8596de4) at kmreaderwin.cpp:835 #23 0xb7ddcfd8 in KMail::ISubject::notify (this=0x8596de4) at isubject.cpp:35 #24 0xb7b8c6cd in KMMessage::updateBodyPart (this=0x8596dc8, partSpecifier= {static null = {static null = <same as static member of an already seen type>, d = 0x804e070, static shared_null = 0x804e070}, d = 0x8548dd0, static shared_null = 0x804e070}, data=@0x85edd7c) at kmmessage.cpp:4050 #25 0xb7dc04b5 in KMail::ImapJob::slotGetMessageResult (this=0x85f4320, job=0x85edb98) at imapjob.cpp:414 #26 0xb7dc16c6 in KMail::ImapJob::qt_invoke (this=0x85f4320, _id=2, _o=0xbfd43100) at imapjob.moc:126 #27 0xb5fe5934 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #28 0xb6be3fed in KIO::Job::result () from /usr/kde/3.5/lib/libkio.so.4 #29 0x085edb98 in ?? () #30 0x085eddd0 in ?? () #31 0xbfd43100 in ?? () #32 0xffffffff in ?? () #33 0xb64693e4 in TID_QUType_enum () from /usr/qt/3/lib/libqt-mt.so.3 #34 0xb5911820 in __after_morecore_hook () from /lib/tls/libc.so.6 #35 0x085eec68 in ?? () #36 0xb5a04c9c in ?? () from /usr/lib/gcc/i686-pc-linux-gnu/3.4.4/libstdc++.so.6 #37 0xb585f2e1 in mallopt () from /lib/tls/libc.so.6 This seems freaky. Line 2187 in kmmessage.cpp it the return line in headerFields, and the destroyed object is a local std::vector of ptrs. That vector should only be free'd once, and that is on the return line. (Un)fortunately, it is very easy for me to reproduce. All I have to do is to click on my work imap server. :-( _ /Bjorn.
See http://bugs.kde.org/show_bug.cgi?id=111115 Have you used -fvisibility?
No answer from reporter, so assuming this is the fvisibility problem *** This bug has been marked as a duplicate of 111115 ***
Git commit a4960b99578620374ac2a1086a0c94f415b798eb by Rémi Benoit. Committed on 01/05/2014 at 16:30. Pushed by remibenoit into branch 'master'. Implement Note serializer for Akonadi backend M +1 -0 src/akonadi/CMakeLists.txt M +15 -6 src/akonadi/akonadiserializer.cpp M +1 -1 tests/testlib/CMakeLists.txt M +1 -1 tests/units/akonadi/CMakeLists.txt M +133 -0 tests/units/akonadi/akonadiserializertest.cpp http://commits.kde.org/zanshin/a4960b99578620374ac2a1086a0c94f415b798eb
*** This bug has been marked as a duplicate of bug 111115 ***