1164795 – [abrt] evolution: camel_stream_buffer_gets(): evolution killed by SIGSEGV

Bug 1164795 - [abrt] evolution: camel_stream_buffer_gets(): evolution killed by SIGSEGV

Summary: [abrt] evolution: camel_stream_buffer_gets(): evolution killed by SIGSEGV

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	evolution
Sub Component:
Version:	21
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Milan Crha
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:2c268b15a2a65b63e0587b4c82d...
Duplicates (1):	1169615 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-17 14:40 UTC by Gajendra S. Gusain
Modified:	2014-12-09 18:57 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-11-18 05:23:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (56.72 KB, text/plain) 2014-11-17 14:40 UTC, Gajendra S. Gusain	no flags	Details
File: cgroup (190 bytes, text/plain) 2014-11-17 14:40 UTC, Gajendra S. Gusain	no flags	Details
File: core_backtrace (32.71 KB, text/plain) 2014-11-17 14:40 UTC, Gajendra S. Gusain	no flags	Details
File: dso_list (25.15 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: environ (1.38 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: exploitable (82 bytes, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: limits (1.29 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: maps (124.19 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: open_fds (2.49 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: proc_pid_status (944 bytes, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
File: var_log_messages (3.25 KB, text/plain) 2014-11-17 14:41 UTC, Gajendra S. Gusain	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	740297	0	None	None	None	Never

Description Gajendra S. Gusain 2014-11-17 14:40:51 UTC

Version-Release number of selected component:
evolution-3.12.8-1.fc21

Additional info:
reporter:       libreport-2.3.0
backtrace_rating: 4
cmdline:        evolution mailto:?attach=file:///home/gajendra/Desktop/Software%20Testing%20File.pdf
crash_function: camel_stream_buffer_gets
executable:     /usr/bin/evolution
kernel:         3.17.3-300.fc21.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (8 frames)
 #0 camel_stream_buffer_gets at camel-stream-buffer.c:438
 #1 camel_stream_buffer_read_line at camel-stream-buffer.c:499
 #2 smtp_mail at camel-smtp-transport.c:1366
 #3 smtp_transport_send_to_sync at camel-smtp-transport.c:766
 #4 transport_send_to_thread at camel-transport.c:148
 #5 service_task_thread at camel-service.c:364
 #6 g_task_thread_pool_thread at gtask.c:1215
 #8 g_thread_proxy at gthread.c:764

Comment 1 Gajendra S. Gusain 2014-11-17 14:40:56 UTC

Created attachment 958249 [details]
File: backtrace

Comment 2 Gajendra S. Gusain 2014-11-17 14:40:57 UTC

Created attachment 958250 [details]
File: cgroup

Comment 3 Gajendra S. Gusain 2014-11-17 14:40:59 UTC

Created attachment 958251 [details]
File: core_backtrace

Comment 4 Gajendra S. Gusain 2014-11-17 14:41:01 UTC

Created attachment 958252 [details]
File: dso_list

Comment 5 Gajendra S. Gusain 2014-11-17 14:41:03 UTC

Created attachment 958253 [details]
File: environ

Comment 6 Gajendra S. Gusain 2014-11-17 14:41:04 UTC

Created attachment 958254 [details]
File: exploitable

Comment 7 Gajendra S. Gusain 2014-11-17 14:41:06 UTC

Created attachment 958255 [details]
File: limits

Comment 8 Gajendra S. Gusain 2014-11-17 14:41:09 UTC

Created attachment 958256 [details]
File: maps

Comment 9 Gajendra S. Gusain 2014-11-17 14:41:10 UTC

Created attachment 958257 [details]
File: open_fds

Comment 10 Gajendra S. Gusain 2014-11-17 14:41:12 UTC

Created attachment 958258 [details]
File: proc_pid_status

Comment 11 Gajendra S. Gusain 2014-11-17 14:41:14 UTC

Created attachment 958259 [details]
File: var_log_messages

Comment 12 Milan Crha 2014-11-18 05:23:20 UTC

Thanks for a bug report. I moved this upstream as [1]. Please see [1] for any further updates. If possible, please CC yourself there, in case upstream developers will have additional questions.

[1] https://bugzilla.gnome.org/show_bug.cgi?id=740297

Comment 13 Milan Crha 2014-11-18 14:40:00 UTC

This looks like a memory corruption, the function doesn't check for a pointer validity, thus it accessed a private member which is out of range (the other is, the one where it crashed was a deference of NULL). I do not know what to look at, unless a reproducer would be found.

A similar bug, in a sense of "after sending a message" is described at bug #1158055.

Comment 14 Milan Crha 2014-12-02 08:52:37 UTC

*** Bug 1169615 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.