https://bugzilla.novell.com/show_bug.cgi?id=343741 Summary: gtkhtml mem usage explosion when editing Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: openSUSE 10.3 Status: NEW Severity: Critical Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: hpj@novell.com QAContact: qa@suse.de Found By: --- I was writing a mail in Evolution, a reply quoting the original mail. I noticed there was something strange going on with part of the text - the situation looks roughly like this:

original mail text original mail text

My reply text which wraps over several lines.

original mail text original mail text

I marked my reply text and copied it using ctrl-c for re-use in another part of the mail. When i placed the cursor, I noticed that the marked text did not become un-marked as usual. It was still showing the reverse colors. So I went back and clicked on it, and it didn't change. Marking some other text worked and made the "stuck" reverse color go away, but the reply text's properties suddenly changed to "Preformat" and it became one very wide line. I went back and set it to normal, which wrapped it nicely, but it would go back to preformat when I moved the cursor. When I tried to edit it, Evolution appeared to freeze and I noticed its memory consumption exploding. I pinned it down with gdb and produced several traces (bt, cont, break, bt, cont, break, etc), and they all came up the same, down to the innermost function. It looks like spell checking is involved, but it could be a red herring. I suspect that the data structure representing the text got corrupted, resulting in a circular linked list or some such. Here's the trace: 180 cur->data = spell_error_new (se->off, se->len); (gdb) bt #0 copy (s=0x19731c90, d=0x397fe498) at htmltext.c:180 #1 0xb77fffb8 in html_object_copy (self=0x19731c90, dest=0x397fe498) at htmlobject.c:1043 #2 0xb78031dc in html_object_dup (object=0x19731c90) at htmlobject.c:891 #3 0xb7819968 in object_split (self=0x19731c90, e=0x1956be68, child=0x0, offset=25, level=1, left=0xbf891c88, right=0xbf891c84) at htmltext.c:690 #4 0xb780165b in html_object_split (self=0x1299, e=0x1956be68, child=0x0, offset=25, level=1, left=0xbf891c88, right=0xbf891c84) at #htmlobject.c:939 #5 0xb77dc880 in split_and_add_empty_texts (e=0x1956be68, level=1, left=0xbf891c88, right=0xbf891c84) at #htmlengine-edit-cut-and-paste.c:369 #6 0xb77dcd0d in insert_object_for_undo (e=0x1956be68, obj=0x397fe410, #len=1, position_after=719, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:897 #7 0xb77dd0e6 in insert_object (e=0x1956be68, obj=0x397fe410, len=1, position_after=719, level=1, dir=HTML_UNDO_UNDO, check=1) at htmlengine-edit-cut-and-paste.c:1141 #8 0xb77deee0 in html_engine_insert_text_with_extra_attributes #(e=0x1956be68, text=0x1b7fd9c0 "n", len=1, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1386 #9 0xb77df29a in html_engine_paste_text_with_extra_attributes #(e=0x1956be68, text=0x1b7fd9c0 "n", len=4294967295, attrs=0x0) at htmlengine-edit-cut-and-paste.c:1417 #10 0xb77df2f3 in html_engine_paste_text (e=0x1956be68, text=0x1b7fd9c0 "n", len=4294967295) at htmlengine-edit-cut-and-paste.c:1424 #11 0xb77bef05 in gtk_html_im_commit_cb (context=0x195e9800, str=0x1b7fd9c0 "n", html=0xb2da210) at gtkhtml.c:3237 #12 0xb681439a in IA__g_cclosure_marshal_VOID__STRING (closure=0x195e9848, return_value=0x0, n_param_values=2, param_values=0xbf8920b4, invocation_hint=0xbf891fc4, marshal_data=0xb77bee10) at gmarshal.c:496 #13 0xb6807919 in IA__g_closure_invoke (closure=0x195e9848, #return_value=0x0, n_param_values=2, param_values=0xbf8920b4, invocation_hint=0xbf891fc4) at gclosure.c:490 #14 0xb681a9ed in signal_emit_unlocked_R (node=0x81028b0, detail=0, instance=0x195e9800, emission_return=0x0, #instance_and_params=0xbf8920b4) at gsignal.c:2440 #15 0xb681c63f in IA__g_signal_emit_valist (instance=0x512ddd68, signal_id=344, detail=0, var_args=0xbf8922ec "��ͷ9U���\177\203�(#\211�\232C\201�0bH\031\220�\237\031") at gsignal.c:2199 #16 0xb681c900 in IA__g_signal_emit_by_name (instance=0x195e9800, detailed_signal=0xb70b31e3 "commit") at gsignal.c:2267 #17 0xb6f2555e in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #18 0x195e9800 in ?? () #19 0xb70b31e3 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #20 0x199fd890 in ?? () #21 0xb7cdfff4 in ?? () from /usr/lib/libcamel-1.2.so.10 ---Type <return> to continue, or q <return> to quit--- #22 0xb6f25539 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #23 0xb6837ff4 in ?? () from /usr/lib/libgobject-2.0.so.0 #24 0xbf892328 in ?? () #25 0xb681439a in IA__g_cclosure_marshal_VOID__STRING (closure=0x10a34ed8, return_value=0x199fd890, n_param_values=425629696, param_values=0x2, invocation_hint=0x195fe970, marshal_data=0xb6f25530) at gmarshal.c:496 Backtrace stopped: frame did not save the PC (gdb) info locals se = (SpellError *) 0x33043008 cur = (GList *) 0x43042ce0 csl = <value optimized out> (gdb) p *se $1 = {off = 110, len = 4} (gdb) p *cur $2 = {data = 0x33043008, next = 0x43042cf0, prev = 0x43042cd0} (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.