Description of problem: Clicking printview on calendar, *** buffer overflow detected ***: evolution terminated. Version-Release number of selected component (if applicable): evolution-2.10.0-2.fc7 How reproducible: always Steps to Reproduce: 1. click print preview 2. 3. Additional info: evolution-data-server-1.10.0-2.fc7 pango-1.16.1-1.fc7 glib2-2.12.11-1.fc7 gtk2-2.10.11-1.fc7 cairo-1.4.0-1.fc7
Created attachment 150199 [details] evolution backtrace file
Created attachment 150200 [details] ~/.xsession-errors
Clicking print preview, *** buffer overflow detected ***: evolution terminatedin all evo component.
Thanks for reporting this. Can you give some more information about what you were trying to print when this happened? What calendar view were you printing (day, week, month, etc)? Does printing in other calendar views cause the same crash? Were you using any special page settings? Such details will help me narrow down the search.
Actually, I can reproduce this too and it seems to be ALL calendar views that are crashing. This was working fine a few weeks ago and there have been no changes to the printing code since then. The backtraces all show the crash originating from Cairo. Could this possibly be a recently-introduced Cairo bug?
in attachment 50199 [...] #11 0x00af00ac in cairo_truetype_font_write_post_table (font=0x9fef5c0, tag=1886352244) at cairo-truetype-subset.c:698 [....] Please See : https://bugs.freedesktop.org/show_bug.cgi?id=10267 cairo-truetype-subset.c:698: warning: call to __builtin___snprintf_chk will always overflow destination buffer cairo bug?
Indeed, this seems to be a Cairo bug. In cairo_truetype_font_write_post_table() we have: char buf[10]; ... for (i = 1; i < font->base.num_glyphs; i++) { n = snprintf(buf + 1, 10, "g%d", i - 1); ... } The length being passed to snprintf() is 10, even though we're only pointing at the last 9 characters of the 'buf'. Changing the length to 9 fixed the print preview crash in Evolution. Reassigning to cairo.
Created attachment 150219 [details] Patch This patch seems to fix the Evolution crash.
Will be fixed in cairo-1.4.2 due to be out today...