Bug 384741

Summary: crash on startup (possibly related to gssapi imap?)
Product: [Fedora] Fedora Reporter: Jeremy Katz <katzj>
Component: evolutionAssignee: Matthew Barnes <mbarnes>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: mcrha
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-15 17:53:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeremy Katz 2007-11-15 15:12:07 UTC 
I'm getting a crash on startup with rawhide evolution (2.21.2-1.fc9) on both my
x86 laptop and x86_64 workstation.

On my workstation, I've managed to get around it by starting up in offline mode
and editing the account such that it's using password auth rather than gssapi
but I'm not having luck with my laptop in even getting started in offline mode.

The interesting thread backtrace seems to be

Thread 5 (Thread 0xb67cab90 (LWP 2357)):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x003fd119 in __lll_lock_wait () from /lib/libpthread.so.0
#2  0x003f889e in _L_lock_88 () from /lib/libpthread.so.0
#3  0x003f83aa in pthread_mutex_lock () from /lib/libpthread.so.0
#4  0x0805de51 in ?? ()
#5  <signal handler called>
#6  0x074398a5 in memcpy () from /lib/libc.so.6
#7  0x0710c7ca in g_array_append_vals () from /lib/libglib-2.0.so.0
#8  0x0710c830 in g_byte_array_append () from /lib/libglib-2.0.so.0
#9  0x00326df6 in camel_sasl_challenge_base64 ()
   from /usr/lib/libcamel-provider-1.2.so.10
---Type <return> to continue, or q <return> to quit---
#10 0x01452d9d in ?? ()
   from /usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#11 0x0145518f in ?? ()
   from /usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#12 0x00309136 in ?? () from /usr/lib/libcamel-provider-1.2.so.10
#13 0x0032924f in camel_service_connect ()
   from /usr/lib/libcamel-provider-1.2.so.10
#14 0x00308f08 in ?? () from /usr/lib/libcamel-provider-1.2.so.10
#15 0x003087bd in camel_disco_store_set_status ()
   from /usr/lib/libcamel-provider-1.2.so.10
#16 0x03193031 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#17 0x03191969 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#18 0x0714f1d8 in ?? () from /lib/libglib-2.0.so.0
#19 0x0714d64f in ?? () from /lib/libglib-2.0.so.0
#20 0x003f650b in start_thread () from /lib/libpthread.so.0
#21 0x0749bb2e in clone () from /lib/libc.so.6
Comment 1 Matthew Barnes 2007-11-15 15:51:18 UTC 
Can you install evolution-data-server-debuginfo and post that again?
Comment 2 Jeremy Katz 2007-11-15 16:21:49 UTC 
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x003fd119 in __lll_lock_wait () from /lib/libpthread.so.0
#2  0x003f889e in _L_lock_88 () from /lib/libpthread.so.0
#3  0x003f83aa in pthread_mutex_lock () from /lib/libpthread.so.0
#4  0x0805de51 in ?? ()
#5  <signal handler called>
#6  0x02d268a5 in memcpy () from /lib/libc.so.6
#7  0x019377ca in g_array_append_vals () from /lib/libglib-2.0.so.0
#8  0x01937830 in g_byte_array_append () from /lib/libglib-2.0.so.0
#9  0x00326df6 in camel_sasl_challenge_base64 (sasl=0xb510cbd0, 
    token=0xb24a52ea "", ex=0x9b64444) at camel-sasl.c:143
#10 0x014c7d9d in try_auth (store=0x99035a8, mech=0x33f0f5 "GSSAPI", 
    ex=0x9b64444) at camel-imap-store.c:1273
#11 0x014ca18f in imap_connect_online (service=0x99035a8, ex=0x9b64444)
    at camel-imap-store.c:1353
#12 0x00309136 in disco_connect (service=0x99035a8, ex=0x9b64444)
    at camel-disco-store.c:162
#13 0x0032924f in camel_service_connect (service=0x99035a8, ex=0x9b64444)
    at camel-service.c:371
#14 0x014c450c in camel_imap_store_connected (store=0x99035a8, ex=0x9b64444)
    at camel-imap-store.c:2989
#15 0x014bff81 in imap_refresh_info (folder=0x9b665fc, ex=0x9b64444)
    at camel-imap-folder.c:522
#16 0x00307ac6 in disco_refresh_info (folder=0x9b665fc, ex=0x9b64444)
    at camel-disco-folder.c:269
#17 0x00318dee in camel_folder_refresh_info (folder=0x9b665fc, ex=0x9b64444)
    at camel-folder.c:302
#18 0x04c79237 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#19 0x04c76969 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#20 0x0197a1d8 in ?? () from /lib/libglib-2.0.so.0
#21 0x0197864f in ?? () from /lib/libglib-2.0.so.0
#22 0x003f650b in start_thread () from /lib/libpthread.so.0
#23 0x02d88b2e in clone () from /lib/libc.so.6
Comment 3 Matthew Barnes 2007-11-15 16:58:08 UTC 
Thanks, that helps.  If you get time, can you provide another backtrace with
glib2-debuginfo installed?  Meanwhile I think I have enough here to start
looking into it.  Looks like maybe the Base64 decoding failed and we're trying
to append bogus data (or a bogus length) to the GByteArray.
Comment 4 Jeremy Katz 2007-11-15 17:02:25 UTC 
Thread 3 (Thread 0xb50fbb90 (LWP 20423)):
#0  0x0012d402 in __kernel_vsyscall ()
#1  0x003fd119 in __lll_lock_wait () from /lib/libpthread.so.0
#2  0x003f889e in _L_lock_88 () from /lib/libpthread.so.0
#3  0x003f83aa in pthread_mutex_lock () from /lib/libpthread.so.0
#4  0x0805de51 in ?? ()
#5  <signal handler called>
#6  0x05eee8a5 in memcpy () from /lib/libc.so.6
#7  0x04c1d7ca in IA__g_array_append_vals (farray=0x9929880, data=0x0, 
    len=3304859) at /usr/include/bits/string3.h:52
#8  0x04c1d830 in IA__g_byte_array_append (array=0x9929880, data=0x0, 
    len=3304859) at garray.c:653
#9  0x00326df6 in camel_sasl_challenge_base64 (sasl=0x94c1410, 
    token=0x961149a "", ex=0x960d244) at camel-sasl.c:143
#10 0x058eed9d in try_auth (store=0x94b4be0, mech=0x33f0f5 "GSSAPI", 
    ex=0x960d244) at camel-imap-store.c:1273
#11 0x058f118f in imap_connect_online (service=0x94b4be0, ex=0x960d244)
    at camel-imap-store.c:1353
#12 0x00309136 in disco_connect (service=0x94b4be0, ex=0x960d244)
    at camel-disco-store.c:162
#13 0x0032924f in camel_service_connect (service=0x94b4be0, ex=0x960d244)
    at camel-service.c:371
#14 0x00308f08 in set_status (disco_store=0x94b4be0, 
    status=CAMEL_DISCO_STORE_ONLINE, ex=0x960d244) at camel-disco-store.c:343
#15 0x003087bd in camel_disco_store_set_status (store=0x94b4be0, 
    status=CAMEL_DISCO_STORE_ONLINE, ex=0x960d244) at camel-disco-store.c:362
#16 0x06aaa031 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#17 0x06aa8969 in ?? ()
   from /usr/lib/evolution/2.22/components/libevolution-mail.so
#18 0x04c601d8 in g_thread_pool_thread_proxy (data=0x94b45d8)
    at gthreadpool.c:265
#19 0x04c5e64f in g_thread_create_proxy (data=0x9925008) at gthread.c:635
#20 0x003f650b in start_thread () from /lib/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
#21 0x05f50b2e in clone () from /lib/libc.so.6
Comment 5 Matthew Barnes 2007-11-15 17:22:49 UTC 
Here's the offending code:

        if (token) {
                guchar *data;
                gsize length;

                data = g_base64_decode (token, &length);
                token_binary = g_byte_array_new ();
                g_byte_array_append (token_binary, data, length);
                g_free (data);
        } else
                token_binary = NULL;

Frame #9 shows 'token' is an empty string, which is not valid Base64.  So
g_base64_decode() fails and returns NULL but 'length' is left uninitialized. 
The bogus 'length' value is passed to g_byte_array_append() and causes the crash.

So two things:

  1) Change the 'if' expression to (token && *token).

  2) Initialize 'length' to zero, just to be pedantic.
Comment 6 Matthew Barnes 2007-11-15 17:53:52 UTC 
Moving this upstream with a patch.  See [1] for further updates.

[1] http://bugzilla.gnome.org/show_bug.cgi?id=474000
Comment 7 Matthew Barnes 2007-11-15 19:20:14 UTC 
Patch was committed upstream.

I've added it to evolution-data-server-2.21.2-2.fc9 in the meantime.