1300358 – Do not let itip-formatter plugin disable

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1300358 - Do not let itip-formatter plugin disable

Summary: Do not let itip-formatter plugin disable

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	evolution
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Milan Crha
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-20 14:40 UTC by David Jaša
Modified:	2016-11-04 01:06 UTC (History)
CC List:	4 users (show)
Fixed In Version:	evolution-3.12.11-16.el7
Doc Type:	Bug Fix
Doc Text:	Cause: crash when itip-formatter plugin is disabled Consequence: the itip-formatter plugin is a "system" plugin, which should not be disabled, because the code relies on it to show meeting invitations. Some previous versions allowed disable of it, thus when users had it disabled due to old settings, the plugin code followed it and disabled itself too. Fix: ignore setting to disable the plugin Result: the plugin cannot be disabled and evolution doesn't crash, even if the old setting has it stored as disabled
Clone Of:
Environment:
Last Closed:	2016-11-04 01:06:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
valgrind log (38.37 KB, text/plain) 2016-01-20 14:46 UTC, David Jaša	no flags	Details
valgrind --leak-check=full --track-origins=yes (10.39 MB, text/plain) 2016-01-20 16:17 UTC, David Jaša	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2228	0	normal	SHIPPED_LIVE	evolution bug fix and enhancement update	2016-11-03 13:26:49 UTC

Description David Jaša 2016-01-20 14:40:21 UTC

Created attachment 1116666 [details]
example message

Description of problem:
Evolution crashes when loading a message in malloc_consolidate() with infinite backtrace

Version-Release number of selected component (if applicable):
evolution-3.12.11-15.el7.x86_64

How reproducible:
always on my system

Steps to Reproduce:
1. display the attached message in Evo
2.
3.

Actual results:
Evo crashes with an infinite backtrace begginning with the lines below

Expected results:
Evo downloads/views the message successfully

Additional info:
backtrace snippet:
Thread 51 (Thread 0x7fff7c20e700 (LWP 3863)):
#0  malloc_consolidate (av=av@entry=0x7fffed3c4760 <main_arena>) at malloc.c:4152
#1  0x00007fffed087e35 in _int_malloc (av=av@entry=0x7fffed3c4760 <main_arena>, bytes=bytes@entry=4097) at malloc.c:3431
#2  0x00007fffed088ae6 in malloc_check (sz=sz@entry=4096, caller=caller@entry=0x0) at hooks.c:265
#3  0x00007fffed0896ca in realloc_check (oldmem=<optimized out>, bytes=4096, caller=<optimized out>) at hooks.c:316
#4  0x00007fffed41a307 in g_realloc (mem=0x0, n_bytes=4096) at gmem.c:162
#5  0x00007fffed3e8b63 in g_array_maybe_expand (array=array@entry=0x9358410, len=len@entry=3186) at garray.c:779
#6  0x00007fffed3e8ee8 in g_array_append_vals (farray=farray@entry=0x9358410, data=data@entry=0x7fff7ba0f420, len=len@entry=3186) at garray.c:418
#7  0x00007fffed3ea029 in g_byte_array_append (array=0x9358410, data=data@entry=0x7fff7ba0f420 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., len=len@entry=3186) at garray.c:1713
#8  0x00007fffd264ccfa in inline_filter_scan (f=0x4538020, in=<optimized out>, in@entry=0x7fff7ba0f420 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., len=len@entry=3187, final=final@entry=0) at e-mail-inline-filter.c:342
#9  0x00007fffd264cdae in inline_filter_filter (filter=<optimized out>, in=0x7fff7ba0f420 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., len=3187, prespace=128, out=0x7fff7ba0f398, outlen=0x7fff7ba0f390, outprespace=0x7fff7ba0f388)
    at e-mail-inline-filter.c:375
#10 0x00007ffff51f906e in camel_mime_filter_filter (filter=0x4538020, in=0x7fff7ba0f420 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., len=3187, prespace=128, out=out@entry=0x7fff7ba0f398, outlen=outlen@entry=0x7fff7ba0f390, 
    outprespace=outprespace@entry=0x7fff7ba0f388) at camel-mime-filter.c:231
#11 0x00007ffff5233142 in stream_filter_write (stream=<optimized out>, buf=0x7fff7ba11203 "p\r\nSEQUENCE:1\r\nSTATUS:CONFIRMED\r\nSUMM\260G<\355\377\177", n=3187, cancellable=0x4243830, error=0x0) at camel-stream-filter.c:211
#12 0x00007ffff523574a in camel_stream_write (stream=0x3a8b9d0, buffer=0x7fff7ba10590 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., n=3187, cancellable=cancellable@entry=0x4243830, error=error@entry=0x0) at camel-stream.c:544
#13 0x00007ffff523316b in stream_filter_write (stream=<optimized out>, buf=0x7fff7ba122a3 "\b", n=3187, cancellable=0x4243830, error=0x0) at camel-stream-filter.c:224
#14 0x00007ffff523574a in camel_stream_write (stream=stream@entry=0x3a8b8d0, buffer=buffer@entry=0x7fff7ba11630 "BEGIN:VCALENDAR\r\nPRODID:-//Google Inc//Google Calendar 70.9054//EN\r\nVERSION:2.0\r\nCALSCALE:GREGORIAN\r\nMETHOD:REQUEST\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Berlin\r\nX-LIC-LOCATION:Europe/Berlin\r\nBEGIN:DAYLIGHT\r\n"..., n=n@entry=3187, cancellable=cancellable@entry=0x4243830, error=error@entry=0x0)
    at camel-stream.c:544
#15 0x00007ffff5235e52 in camel_stream_write_to_stream (stream=stream@entry=0x4cb2550, output_stream=output_stream@entry=0x3a8b8d0, cancellable=cancellable@entry=0x4243830, error=error@entry=0x0) at camel-stream.c:692
#16 0x00007ffff51c7aee in data_wrapper_write_to_stream_sync (data_wrapper=0x3a8d1f0, stream=0x3a8b8d0, cancellable=0x4243830, error=0x0) at camel-data-wrapper.c:157
#17 0x00007ffff51c8951 in camel_data_wrapper_write_to_stream_sync (data_wrapper=data_wrapper@entry=0x3a8d1f0, stream=stream@entry=0x3a8b8d0, cancellable=cancellable@entry=0x4243830, error=error@entry=0x0) at camel-data-wrapper.c:638
#18 0x00007ffff51c8a98 in data_wrapper_decode_to_stream_sync (data_wrapper=0x3a8d1f0, stream=<optimized out>, cancellable=0x4243830, error=0x0) at camel-data-wrapper.c:199
#19 0x00007ffff51c8d91 in camel_data_wrapper_decode_to_stream_sync (data_wrapper=data_wrapper@entry=0x3a8d1f0, stream=stream@entry=0x3a8b9d0, cancellable=cancellable@entry=0x4243830, error=error@entry=0x0) at camel-data-wrapper.c:785
#20 0x00007fffd265d68f in empe_text_plain_parse (extension=<optimized out>, parser=0x9352420, part=0x842b080, part_id=0x9357000, cancellable=0x4243830, out_mail_parts=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:156
#21 0x00007fffd26590fc in e_mail_parser_parse_part_as (parser=parser@entry=0x9352420, part=part@entry=0x842b080, part_id=part_id@entry=0x9357000, mime_type=mime_type@entry=0x93fa360 "text/calendar", cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:563
#22 0x00007fffd26591bd in e_mail_parser_parse_part (parser=parser@entry=0x9352420, part=0x842b080, part_id=part_id@entry=0x9357000, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:508
#23 0x00007fffd265d43c in process_part (parser=parser@entry=0x9352420, part_id=part_id@entry=0x9357000, part_number=part_number@entry=0, part=part@entry=0x842b080, is_attachment=0, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:91
#24 0x00007fffd265d79b in empe_text_plain_parse (extension=<optimized out>, parser=0x9352420, part=0x842b080, part_id=0x9357000, cancellable=0x4243830, out_mail_parts=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:165
#25 0x00007fffd26590fc in e_mail_parser_parse_part_as (parser=parser@entry=0x9352420, part=part@entry=0x842b080, part_id=part_id@entry=0x9357000, mime_type=mime_type@entry=0x93fa3e0 "text/calendar", cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:563
#26 0x00007fffd26591bd in e_mail_parser_parse_part (parser=parser@entry=0x9352420, part=0x842b080, part_id=part_id@entry=0x9357000, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:508
#27 0x00007fffd265d43c in process_part (parser=parser@entry=0x9352420, part_id=part_id@entry=0x9357000, part_number=part_number@entry=0, part=part@entry=0x842b080, is_attachment=0, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:91
#28 0x00007fffd265d79b in empe_text_plain_parse (extension=<optimized out>, parser=0x9352420, part=0x842b080, part_id=0x9357000, cancellable=0x4243830, out_mail_parts=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:165
#29 0x00007fffd26590fc in e_mail_parser_parse_part_as (parser=parser@entry=0x9352420, part=part@entry=0x842b080, part_id=part_id@entry=0x9357000, mime_type=mime_type@entry=0x93e1be0 "text/calendar", cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:563
#30 0x00007fffd26591bd in e_mail_parser_parse_part (parser=parser@entry=0x9352420, part=0x842b080, part_id=part_id@entry=0x9357000, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser.c:508
#31 0x00007fffd265d43c in process_part (parser=parser@entry=0x9352420, part_id=part_id@entry=0x9357000, part_number=part_number@entry=0, part=part@entry=0x842b080, is_attachment=0, cancellable=cancellable@entry=0x4243830, out_mail_parts=out_mail_parts@entry=0x7fff7c20d7e0) at e-mail-parser-text-plain.c:91

Comment 1 David Jaša 2016-01-20 14:46:33 UTC

Created attachment 1116667 [details]
valgrind log

Comment 2 Milan Crha 2016-01-20 15:09:19 UTC

Thanks for the bug report and data. I hoped the valgrind log will help, but it doesn't show anything useful. Neither I'm able to reproduce the crash locally, nor find any related upstream bug report.

Comment 3 David Jaša 2016-01-20 16:17:08 UTC

Created attachment 1116687 [details]
valgrind --leak-check=full --track-origins=yes

Comment 4 Milan Crha 2016-01-20 16:31:00 UTC

Good news, I can make it crash when using your settings.

Comment 5 Milan Crha 2016-01-20 17:58:01 UTC

You managed to disable itip-formatted plugin, which is a system plugin, which should be never disabled. It is not shown in Edit->Plugins, because it's a system plugin. I guess you disabled it in some previous version, when it wasn't a system plugin yet. Enabling it fixes the issue. Your current settings return:

   $ gsettings get org.gnome.evolution disabled-eplugins
   ['org.gnome.evolution.face', 'org.gnome.evolution.itip_formatter', 'org.gnome.evolution.calendar.publish']

to fix the issue due:

   $ gsettings set org.gnome.evolution disabled-eplugins \
      "['org.gnome.evolution.face', 'org.gnome.evolution.calendar.publish']"

I fixed this upstream with this commit:
https://git.gnome.org/browse/evolution/commit/?id=f3359e4

It's for 3.19.90 and 3.18.5. It's easy to backport the change.

Comment 6 David Jaša 2016-01-21 12:23:17 UTC

(In reply to Milan Crha from comment #5)
> You managed to disable itip-formatted plugin, which is a system plugin,
> which should be never disabled. It is not shown in Edit->Plugins, because
> it's a system plugin. I guess you disabled it in some previous version, when
> it wasn't a system plugin yet. Enabling it fixes the issue. Your current
> settings return:
> 
>    $ gsettings get org.gnome.evolution disabled-eplugins
>    ['org.gnome.evolution.face', 'org.gnome.evolution.itip_formatter',
> 'org.gnome.evolution.calendar.publish']
> 
> to fix the issue due:
> 
>    $ gsettings set org.gnome.evolution disabled-eplugins \
>       "['org.gnome.evolution.face', 'org.gnome.evolution.calendar.publish']"
> 
> I fixed this upstream with this commit:
> https://git.gnome.org/browse/evolution/commit/?id=f3359e4
> 
> It's for 3.19.90 and 3.18.5. It's easy to backport the change.

Confirming, removing itip from disabled plugins made crash go away.

Comment 11 errata-xmlrpc 2016-11-04 01:06:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2228.html

Note You need to log in before you can comment on or make changes to this bug.