Bug 1338561
Summary: | [abrt] Avoid NULL dereference in mail-send-recv.c:free_send_data() function | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael Catanzaro <mcatanzaro+wrong-account-do-not-cc> | ||||||||||||||||||||||||||||
Component: | evolution | Assignee: | Milan Crha <mcrha> | ||||||||||||||||||||||||||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||||||||||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||||||||||||||||||
Priority: | unspecified | ||||||||||||||||||||||||||||||
Version: | 24 | CC: | lucilanga, mbarnes, mcrha, tpopela | ||||||||||||||||||||||||||||
Target Milestone: | --- | ||||||||||||||||||||||||||||||
Target Release: | --- | ||||||||||||||||||||||||||||||
Hardware: | x86_64 | ||||||||||||||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||||||||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/b807c0fb731b7bcebefeb61bc27730f1c7a8dc43 | ||||||||||||||||||||||||||||||
Whiteboard: | abrt_hash:1f6209622c61c3fc9dd93ce96868e669dfb46c6b;VARIANT_ID=workstation; | ||||||||||||||||||||||||||||||
Fixed In Version: | evolution-3.20.3 | Doc Type: | If docs needed, set a value | ||||||||||||||||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||||
Clone Of: | Environment: | ||||||||||||||||||||||||||||||
Last Closed: | 2016-05-23 11:29:38 UTC | Type: | --- | ||||||||||||||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||||
Embargoed: | |||||||||||||||||||||||||||||||
Attachments: |
|
Description
Michael Catanzaro
2016-05-22 21:35:18 UTC
Created attachment 1160404 [details]
File: backtrace
Created attachment 1160405 [details]
File: cgroup
Created attachment 1160406 [details]
File: core_backtrace
Created attachment 1160407 [details]
File: dso_list
Created attachment 1160408 [details]
File: environ
Created attachment 1160409 [details]
File: exploitable
Created attachment 1160410 [details]
File: limits
Created attachment 1160411 [details]
File: maps
Created attachment 1160412 [details]
File: mountinfo
Created attachment 1160413 [details]
File: namespaces
Created attachment 1160414 [details]
File: open_fds
Created attachment 1160415 [details]
File: proc_pid_status
Created attachment 1160416 [details]
File: var_log_messages
Thanks for a bug report. I see from the bactrace where the crash happened and from the code why it happened (there is missing a check for "data is not NULL"), but I do not see from it why it happened (aka what caused the crash). The var_log_messages shows that there was some quick connection change, the network got offline and immediately after that online. That's the most I see from the given data by the ABRT. As the "data is not NULL" check is missing there, I will add it. It will fix this particular crash, but not the root cause (which is unknown). There is supposed to be done everything in the main thread, thus it shouldn't be about thread interleaving. It's probably more like the connection change caused a sudden operation cancel, which caused the operation not being finished in the next main loop idle round, but rather immediately, thus it could free the global 'send_data' variable before this particular main thread operation finished. It seems unlikely to me, but I can be wrong. Created commit 362d39a in evo master (3.21.3+) [1] Created commit 303442f in evo gnome-3-20 (3.20.3+) [1] https://git.gnome.org/browse/evolution/commit/?id=362d39a |