Bug 662070

Summary: [abrt] evolution-2.32.1-1.fc14: icaltzutil_fetch_timezone: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Yann Droneaud <yann>
Component: libicalAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: lucilanga, mbarnes, mcrha, rdieter, redhat-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:cdca75ef4578108eefd89b78139067a3d785725a
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-19 19:01:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace none

Description Yann Droneaud 2010-12-10 14:22:01 UTC 
abrt version: 1.1.14
architecture: x86_64
Attached file: backtrace
cmdline: evolution
component: evolution
crash_function: icaltzutil_fetch_timezone
executable: /usr/bin/evolution
kernel: 2.6.35.9-64.fc14.x86_64
package: evolution-2.32.1-1.fc14
rating: 4
reason: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1291990674
uid: 500

How to reproduce
-----
1. Run evolution with G_DEBUG=resident-modules,gc-friendly G_SLICE=always-malloc,debug-blocks under ElectricFence with EF_PROTECT_BELOW=1 EF_ALLOW_MALLOC_0=1
Comment 1 Yann Droneaud 2010-12-10 14:22:03 UTC 
Created attachment 467977 [details]
File: backtrace
Comment 2 Yann Droneaud 2010-12-10 14:29:44 UTC 
*** Bug 662069 has been marked as a duplicate of this bug. ***
Comment 3 Yann Droneaud 2010-12-10 14:32:01 UTC 
(In reply to comment #2)
> *** Bug 662069 has been marked as a duplicate of this bug. ***

Bug 662069 shows that icaltzutil_fetch_timezone() is allocating a 0 sized block of memory and try to access it. 

See attachment 467975 [details].
Comment 4 Yann Droneaud 2010-12-10 14:37:14 UTC 
Package: evolution-2.32.1-1.fc14
Architecture: x86_64
OS Release: Fedora release 14 (Laughlin)


How to reproduce
-----
1.  Running evolution with G_DEBUG=resident-modules,gc-friendly
G_SLICE=always-malloc,debug-blocks under ElectricFence with EF_ALIGNMENT=16 EF_ALLOW_MALLOC_0=1 EF_PROTECT_FREE=1
Comment 5 Milan Crha 2010-12-13 08:45:27 UTC 
Thanks for a bug report. I'm moving this to libical then.
Comment 6 Robert Scheck 2010-12-19 19:01:27 UTC 
Thank you for the bug report. From my point of view, this issue is a duplicate
of bug #637150.

*** This bug has been marked as a duplicate of bug 637150 ***
Comment 7 Yann Droneaud 2010-12-20 11:28:56 UTC 
(In reply to comment #6)
> Thank you for the bug report. From my point of view, this issue is a duplicate
> of bug #637150.
> 
> *** This bug has been marked as a duplicate of bug 637150 ***

Seems not. I have tested with libical-0.46-2.fc14 from https://admin.fedoraproject.org/updates/libical-0.46-2.fc14

See bug #664412

*** This bug has been marked as a duplicate of bug 664412 ***