394811 – Evolution segfaults (while parsing an IMAP message?)

Bug 394811 - Evolution segfaults (while parsing an IMAP message?)

Summary: Evolution segfaults (while parsing an IMAP message?)

Keywords:
Status:	CLOSED DUPLICATE of bug 371301
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	evolution
Sub Component:
Version:	8
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Matthew Barnes
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-11-21 19:46 UTC by Paul Bolle
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-11-22 09:00:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul Bolle 2007-11-21 19:46:42 UTC

Description of problem:
Evolution segfaults at startup (maybe while parsing an IMAP messages).

Version-Release number of selected component (if applicable):
evolution-2.12.1-3.fc8

How reproducible:
Always

Steps to Reproduce:
1. start evolution
2. watch it die ...
3.
  
Actual results:
Loading Spamassasin as the default junk plugin
** (evolution:25972): DEBUG: mailto URL command: evolution --component=mail %s
** (evolution:25972): DEBUG: mailto URL program: evolution
libnm_glib_nm_state_cb: dbus returned an error.
  (org.freedesktop.DBus.Error.ServiceUnknown) The name
org.freedesktop.NetworkManager was not provided by any .service files
get [...]@[...] imap://[...]@[...]/
Find Items 0


Expected results:
No segmentation fault.

Additional info:
(gdb) bt
#0  0x032496ed in ?? () from
/usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#1  0x032491a3 in ?? () from
/usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#2  0x0324984c in imap_parse_body () from
/usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#3  0x0323dfb1 in ?? () from
/usr/lib/evolution-data-server-1.2/camel-providers/libcamelimap.so
#4  0x00322e1a in camel_folder_get_message () from
/usr/lib/libcamel-provider-1.2.so.10
#5  0x028603c3 in get_message_exec (m=0x9d8a100) at mail-ops.c:1700
#6  0x0285e3a9 in mail_msg_proxy (msg=0x9d8a100) at mail-mt.c:500
#7  0x05ffd1d8 in ?? () from /lib/libglib-2.0.so.0
#8  0x05ffb64f in ?? () from /lib/libglib-2.0.so.0
#9  0x0040050b in start_thread () from /lib/libpthread.so.0
#10 0x070b1b2e in clone () from /lib/libc.so.6
(gdb)

Comment 1 Paul Bolle 2007-11-21 19:50:08 UTC

Sorry, cut and paste error. The message evolution prints at startup ends with:

[...]
Find Items 0
Segmentation fault

Comment 2 Milan Crha 2007-11-22 06:50:43 UTC

Thanks for reporting. Can you install debug info packages for
evolution-data-server and place here updated stack trace, please? (there will be
no "??" in #0 and #1).
Based on the known functions from stack trace, it seems to me you've right, it
crashed when parsing message body. I saw a fix in this function recently, all
was because of incorrect envelope returned from the server. When you've
installed those debug info packages, please do the stack trace and attach here
also the value of "print *in" in frame for function imap_parse_body, we will see
what server returned. Thanks in advance.

Comment 3 Paul Bolle 2007-11-22 08:37:24 UTC

Now with evolution-data-server-debuginfo (should have thought about that myself):

(gdb) bt
#0  0x0615b6ed in imap_body_decode (in=0xb6bb11d8, ci=0x90bf650,
folder=0x90b3b80, cis=0x92af150) at camel-imap-utils.c:980
#1  0x0615b1a3 in imap_body_decode (in=0xb6bb1208, ci=0x90ba148,
folder=0x90b3b80, cis=0x92af150) at camel-imap-utils.c:862
#2  0x0615b84c in imap_parse_body (body_p=0xb6bb1264, folder=0x90b3b80,
ci=0x90ba148) at camel-imap-utils.c:1057
#3  0x0614ffb1 in imap_get_message (folder=0x90b3b80, uid=0x9298bc0 "5783",
ex=0x8ee0914) at camel-imap-folder.c:2125
#4  0x00322e1a in camel_folder_get_message (folder=0x90b3b80, uid=0x9298bc0
"5783", ex=0x8ee0914) at camel-folder.c:1074
#5  0x042993c3 in get_message_exec (m=0x8ee0900) at mail-ops.c:1700
#6  0x042973a9 in mail_msg_proxy (msg=0x8ee0900) at mail-mt.c:500
#7  0x035911d8 in ?? () from /lib/libglib-2.0.so.0
#8  0x0358f64f in ?? () from /lib/libglib-2.0.so.0
#9  0x0040050b in start_thread () from /lib/libpthread.so.0
#10 0x04881b2e in clone () from /lib/libc.so.6
(gdb) frame 2
#2  0x0615b84c in imap_parse_body (body_p=0xb6bb1264, folder=0x90b3b80,
ci=0x90ba148) at camel-imap-utils.c:1057
1057            if (!(imap_body_decode (&inptr, ci, folder, children))) {
(gdb) print *in
No symbol "in" in current context.
(gdb) frame 1
#1  0x0615b1a3 in imap_body_decode (in=0xb6bb1208, ci=0x90ba148,
folder=0x90b3b80, cis=0x92af150) at camel-imap-utils.c:862
862                             if (!(child = imap_body_decode (&inptr, NULL,
folder, cis)))
(gdb) print *in
$3 = 0x8f61510 "((\"TEXT\" \"PLAIN\" (\"charset\" \"ISO-8859-1\") NIL NIL
\"7BIT\" 728 0)(\"MESSAGE\" \"DELIVERY-STATUS\" NIL NIL NIL \"7BIT\"
285)(\"MESSAGE\" \"RFC822\" NIL NIL NIL \"7BIT\" 4060 0) \"MIXED\")"
(gdb) frame 0
#0  0x0615b6ed in imap_body_decode (in=0xb6bb11d8, ci=0x90bf650,
folder=0x90b3b80, cis=0x92af150) at camel-imap-utils.c:980
980                             if (*inptr++ != ' ')
(gdb) print *in
$4 = 0x8f61583 "(\"MESSAGE\" \"RFC822\" NIL NIL NIL \"7BIT\" 4060 0) \"MIXED\")"
(gdb) 

So symbol "in" was only available in the two frames for "imap_body_decode". Is
that what you needed to know?

Comment 4 Milan Crha 2007-11-22 09:00:20 UTC

Thanks for quick reply. This is exactly what I was looking for. I found that we
have same bug for this, see bug 371301 for more details. I committed a patch for
this to stable and trunk recently in upstream evolution-data-server, so fix will
be available in next update.

*** This bug has been marked as a duplicate of 371301 ***

Note You need to log in before you can comment on or make changes to this bug.