Bug 232576 - *** buffer overflow detected ***: evolution terminated
*** buffer overflow detected ***: evolution terminated
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: cairo (Show other bugs)
rawhide
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Behdad Esfahbod
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-16 02:51 EDT by sangu
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.4.2-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-04 07:50:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
evolution backtrace file (64.45 KB, text/plain)
2007-03-16 02:51 EDT, sangu
no flags Details
~/.xsession-errors (37.50 KB, text/plain)
2007-03-16 02:52 EDT, sangu
no flags Details
Patch (480 bytes, patch)
2007-03-16 08:47 EDT, Matthew Barnes
no flags Details | Diff

  None (edit)
Description sangu 2007-03-16 02:51:11 EDT
Description of problem:
Clicking printview on calendar, *** buffer overflow detected ***: evolution
terminated.


Version-Release number of selected component (if applicable):
evolution-2.10.0-2.fc7

How reproducible:
always

Steps to Reproduce:
1. click print preview
2.
3.
  
Additional info:
evolution-data-server-1.10.0-2.fc7
pango-1.16.1-1.fc7
glib2-2.12.11-1.fc7
gtk2-2.10.11-1.fc7
cairo-1.4.0-1.fc7
Comment 1 sangu 2007-03-16 02:51:11 EDT
Created attachment 150199 [details]
evolution backtrace file
Comment 2 sangu 2007-03-16 02:52:08 EDT
Created attachment 150200 [details]
~/.xsession-errors
Comment 3 sangu 2007-03-16 02:57:49 EDT
Clicking print preview, ***  buffer overflow detected ***:  evolution
terminatedin  all evo component.
Comment 4 Matthew Barnes 2007-03-16 07:54:10 EDT
Thanks for reporting this.

Can you give some more information about what you were trying to print when this
happened?  What calendar view were you printing (day, week, month, etc)?  Does
printing in other calendar views cause the same crash?  Were you using any
special page settings?

Such details will help me narrow down the search.
Comment 5 Matthew Barnes 2007-03-16 08:01:45 EDT
Actually, I can reproduce this too and it seems to be ALL calendar views that
are crashing.  This was working fine a few weeks ago and there have been no
changes to the printing code since then.  The backtraces all show the crash
originating from Cairo.  Could this possibly be a recently-introduced Cairo bug?
Comment 6 sangu 2007-03-16 08:19:38 EDT
in attachment 50199
[...]
#11 0x00af00ac in cairo_truetype_font_write_post_table (font=0x9fef5c0, 
    tag=1886352244) at cairo-truetype-subset.c:698
[....]
Please See : https://bugs.freedesktop.org/show_bug.cgi?id=10267
cairo-truetype-subset.c:698: warning: call to __builtin___snprintf_chk will
always overflow destination buffer

cairo bug?
Comment 7 Matthew Barnes 2007-03-16 08:45:51 EDT
Indeed, this seems to be a Cairo bug.

In cairo_truetype_font_write_post_table() we have:

    char buf[10];

    ...

    for (i = 1; i < font->base.num_glyphs; i++) {
        n = snprintf(buf + 1, 10, "g%d", i - 1);
        ...
    }

The length being passed to snprintf() is 10, even though we're only pointing at
the last 9 characters of the 'buf'.  Changing the length to 9 fixed the print
preview crash in Evolution.

Reassigning to cairo.
Comment 8 Matthew Barnes 2007-03-16 08:47:23 EDT
Created attachment 150219 [details]
Patch

This patch seems to fix the Evolution crash.
Comment 9 Behdad Esfahbod 2007-03-16 15:09:57 EDT
Will be fixed in cairo-1.4.2 due to be out today...

Note You need to log in before you can comment on or make changes to this bug.