Bug 85776

Summary: libjpeg seems to crash with broken images in Evolution
Product: [Retired] Red Hat Linux Reporter: gerardo
Component: libjpegAssignee: Matthias Clasen <mclasen>
Status: CLOSED WORKSFORME QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://bugzilla.ximian.com/show_bug.cgi?id=33768
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-25 04:37:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gerardo 2003-03-07 17:27:03 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020916

Description of problem:
This is a bug reported on Ximian bugzilla. If you have any question, please look
for contacts on http://bugzilla.ximian.com/show_bug.cgi?id=33768 report.

 Corrupt JPEG data: 158 extraneous bytes before marker 0x38
 Unsupported marker type 0x38
 .
 .
 Improper call to JPEG library in state 201

Here is a full log of what gdb reported as the crash occured.
--------
(0.0028s) [list] -*-helvetica-*-*-*-*-*-*-*-*-*-*-ISO8859-1 --> 128
(0.0002s) [load] -*-helvetica-medium-r-*-*-12-*-*-*-*-*-ISO8859-1 -->
0x82d1b00
(0.0002s) [load] -*-helvetica-bold-r-*-*-12-*-*-*-*-*-ISO8859-1 -->
0x830e3e0

camel-WARNING **: Flushing a filter stream without writing to it

** WARNING **: Unhandled Case.  If you have an image that causes this,
let me <jrb> know.


** WARNING **: Unhandled Case.  If you have an image that causes this,
let me <jrb> know.

Corrupt JPEG data: 158 extraneous bytes before marker 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Unsupported marker type 0x38
Improper call to JPEG library in state 201

** WARNING **: Unhandled Case.  If you have an image that causes this,
let me <jrb> know.


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 3158)]
0x4009f4c8 in camel_name_to_type () from /usr/lib/libcamel.so.0
(gdb) thread apply all bt

Thread 10 (Thread 8201 (LWP 3244)):
#0  0x41019136 in sigsuspend () from /lib/libc.so.6
#1  0x4043ea61 in __pthread_wait_for_restart_signal ()
   from /lib/libpthread.so.0
#2  0x4043aea8 in pthread_cond_wait () from /lib/libpthread.so.0
#3  0x401a6d9e in e_msgport_wait () from
/usr/lib/evolution/1.2/libeutil.so.0
#4  0x401a7508 in e_thread_busy () from
/usr/lib/evolution/1.2/libeutil.so.0
#5  0x4043bf77 in pthread_start_thread () from /lib/libpthread.so.0

   Thread 5 (Thread 3076 (LWP 3228)):
#0  0x41019136 in sigsuspend () from /lib/libc.so.6
#1  0x4043ea61 in __pthread_wait_for_restart_signal ()
      from /lib/libpthread.so.0
#2  0x4043aea8 in pthread_cond_wait () from /lib/libpthread.so.0
#3  0x401a6d9e in e_msgport_wait () from
/usr/lib/evolution/1.2/libeutil.so.0
#4  0x401a7508 in e_thread_busy () from
/usr/lib/evolution/1.2/libeutil.so.0
#5  0x4043bf77 in pthread_start_thread () from /lib/libpthread.so.0

      Thread 4 (Thread 2051 (LWP 3225)):
#0  0x41019136 in sigsuspend () from /lib/libc.so.6
#1  0x4043ea61 in __pthread_wait_for_restart_signal ()
         from /lib/libpthread.so.0
         ---Type <return> to continue, or q <return> to quit---
#2  0x4043aea8 in pthread_cond_wait () from /lib/libpthread.so.0
#3  0x401a6d9e in e_msgport_wait () from
/usr/lib/evolution/1.2/libeutil.so.0
#4  0x401a7508 in e_thread_busy () from
/usr/lib/evolution/1.2/libeutil.so.0
#5  0x4043bf77 in pthread_start_thread () from /lib/libpthread.so.0

         Thread 3 (Thread 1026 (LWP 3224)):
#0  0x41019136 in sigsuspend () from /lib/libc.so.6
#1  0x4043ea61 in __pthread_wait_for_restart_signal ()
            from /lib/libpthread.so.0
#2  0x4043aea8 in pthread_cond_wait () from /lib/libpthread.so.0
#3  0x401a6d9e in e_msgport_wait () from
/usr/lib/evolution/1.2/libeutil.so.0
#4  0x401a7508 in e_thread_busy () from
/usr/lib/evolution/1.2/libeutil.so.0
#5  0x4043bf77 in pthread_start_thread () from /lib/libpthread.so.0

            Thread 2 (Thread 2049 (LWP 3223)):
#0  0x410c5b60 in poll () from /lib/libc.so.6
#1  0x4043bcda in __pthread_manager () from /lib/libpthread.so.0
#2  0x4043c7a1 in __pthread_manager_event () from /lib/libpthread.so.0

            Thread 1 (Thread 1024 (LWP 3158)):
#0  0x4009f4c8 in camel_name_to_type () from /usr/lib/libcamel.so.0
#1  0x4009f576 in camel_name_to_type () from /usr/lib/libcamel.so.0
#2  0x4009f645 in camel_object_is () from /usr/lib/libcamel.so.0
#3  0x400b2d31 in camel_stream_eos () from /usr/lib/libcamel.so.0
#4  0x400b3055 in camel_stream_write_to_stream () from
/usr/lib/libcamel.so.0
#5  0x3c4a0a1b in ?? ()
            Cannot access memory at address 0x19a3c3c3
(gdb)
-------


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
When loading the e-mail attachment as shown in
http://bugzilla.ximian.com/showattachment.cgi?attach_id=2748, evolution crashes.
 As the description shows, seems to be in lbjpeg.

Additional info:

Please check bug on Ximian bugzilla for further info.
Comment 1 Matthias Clasen 2004-06-25 02:44:07 UTC 
Gerardo, can you attach the offending image ?
Comment 2 gerardo 2004-06-25 04:37:04 UTC 
I can no longer reproduce this with Evolution 1.4.6 or greater. It can
be safely closed