Bug 232576 - *** buffer overflow detected ***: evolution terminated
Summary: *** buffer overflow detected ***: evolution terminated
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: cairo (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
medium
high
Target Milestone: ---
Assignee: Behdad Esfahbod
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-16 06:51 UTC by sangu
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.4.2-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-04 11:50:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
evolution backtrace file (64.45 KB, text/plain)
2007-03-16 06:51 UTC, sangu
no flags Details
~/.xsession-errors (37.50 KB, text/plain)
2007-03-16 06:52 UTC, sangu
no flags Details
Patch (480 bytes, patch)
2007-03-16 12:47 UTC, Matthew Barnes
no flags Details | Diff

Description sangu 2007-03-16 06:51:11 UTC
Description of problem:
Clicking printview on calendar, *** buffer overflow detected ***: evolution
terminated.


Version-Release number of selected component (if applicable):
evolution-2.10.0-2.fc7

How reproducible:
always

Steps to Reproduce:
1. click print preview
2.
3.
  
Additional info:
evolution-data-server-1.10.0-2.fc7
pango-1.16.1-1.fc7
glib2-2.12.11-1.fc7
gtk2-2.10.11-1.fc7
cairo-1.4.0-1.fc7

Comment 1 sangu 2007-03-16 06:51:11 UTC
Created attachment 150199 [details]
evolution backtrace file

Comment 2 sangu 2007-03-16 06:52:08 UTC
Created attachment 150200 [details]
~/.xsession-errors

Comment 3 sangu 2007-03-16 06:57:49 UTC
Clicking print preview, ***  buffer overflow detected ***:  evolution
terminatedin  all evo component.

Comment 4 Matthew Barnes 2007-03-16 11:54:10 UTC
Thanks for reporting this.

Can you give some more information about what you were trying to print when this
happened?  What calendar view were you printing (day, week, month, etc)?  Does
printing in other calendar views cause the same crash?  Were you using any
special page settings?

Such details will help me narrow down the search.

Comment 5 Matthew Barnes 2007-03-16 12:01:45 UTC
Actually, I can reproduce this too and it seems to be ALL calendar views that
are crashing.  This was working fine a few weeks ago and there have been no
changes to the printing code since then.  The backtraces all show the crash
originating from Cairo.  Could this possibly be a recently-introduced Cairo bug?

Comment 6 sangu 2007-03-16 12:19:38 UTC
in attachment 50199
[...]
#11 0x00af00ac in cairo_truetype_font_write_post_table (font=0x9fef5c0, 
    tag=1886352244) at cairo-truetype-subset.c:698
[....]
Please See : https://bugs.freedesktop.org/show_bug.cgi?id=10267
cairo-truetype-subset.c:698: warning: call to __builtin___snprintf_chk will
always overflow destination buffer

cairo bug?

Comment 7 Matthew Barnes 2007-03-16 12:45:51 UTC
Indeed, this seems to be a Cairo bug.

In cairo_truetype_font_write_post_table() we have:

    char buf[10];

    ...

    for (i = 1; i < font->base.num_glyphs; i++) {
        n = snprintf(buf + 1, 10, "g%d", i - 1);
        ...
    }

The length being passed to snprintf() is 10, even though we're only pointing at
the last 9 characters of the 'buf'.  Changing the length to 9 fixed the print
preview crash in Evolution.

Reassigning to cairo.

Comment 8 Matthew Barnes 2007-03-16 12:47:23 UTC
Created attachment 150219 [details]
Patch

This patch seems to fix the Evolution crash.

Comment 9 Behdad Esfahbod 2007-03-16 19:09:57 UTC
Will be fixed in cairo-1.4.2 due to be out today...


Note You need to log in before you can comment on or make changes to this bug.