abrt version: 1.1.14 architecture: x86_64 Attached file: backtrace cmdline: evolution component: evolution crash_function: icaltzutil_fetch_timezone executable: /usr/bin/evolution kernel: 2.6.35.9-64.fc14.x86_64 package: evolution-2.32.1-1.fc14 rating: 4 reason: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV) release: Fedora release 14 (Laughlin) time: 1292842793 uid: 500 How to reproduce ----- 1. Run evolution with G_DEBUG=resident-modules,gc-friendly G_SLICE=always-malloc,debug-blocks under ElectricFence with EF_PROTECT_BELOW=1 EF_ALLOW_MALLOC_0=1
Created attachment 469724 [details] File: backtrace
*** Bug 662070 has been marked as a duplicate of this bug. ***
Package: evolution-2.32.1-1.fc14 Architecture: x86_64 OS Release: Fedora release 14 (Laughlin) How to reproduce ----- 1. Run evolution with G_DEBUG=resident-modules,gc-friendly G_SLICE=always-malloc,debug-blocks under ElectricFence with EF_PROTECT_BELOW=1 EF_ALLOW_MALLOC_0=1 EF_ALIGNMENT=16
Created attachment 469779 [details] valgrind log for evolution Here's some valgrind log about the same problem. And here the interesting lines of code in icaltz-util.c: Note: num_trans is equal to 0 339 transitions = calloc (num_trans, sizeof (time_t)); 340 r_trans = calloc (num_trans, 4); 341 EFREAD(r_trans, 4, num_trans, f); 411 stdidx = 0; 426 if (stdidx != -1) { 430 zidx = 0; 439 zp_idx = zidx; 441 trans = transitions [stdidx] + types [zp_idx].gmtoff; A time_t is read at transitions[0], which is not allocated. Note: there's also no check that zp_idx is not actually overflowing types[]. This piece of code must be improved to take extra care when parsing a timezone file.
Thanks for a bug report. I'm moving this to libical. If you would like a test application which will call only this, then I can write it for you.
Well, what does "rpm -q libical" say? There is a newer libical version in updates-testing.
(In reply to comment #6) > Well, what does "rpm -q libical" say? There is a newer libical version in > updates-testing. $ rpm -q libical libical-0.46-2.fc14.x86_64 I've installed it following comment 5 on bug 637150.
To be honest, I'm not a programmer. All I can do for you is just forwarding the information you're providing me into an upstream bug report. Maybe Milan or the Red Hat libical maintainer is more experienced with that?
Can this issue completely be solved with the patch from bug #694118? Milan?
The 0.47 of libical has a fix included already, if I read this [1] thread correctly. [1] http://sourceforge.net/mailarchive/forum.php?thread_name=201103081755.02449.winter%40kde.org&forum_name=freeassociation-devel
Milan, could you verify it in the 0.47 code? Then I'll update the branches accordingly. Thanks :)
I tried with 0.47 libical, running evolution under valgrind, and I do not see a warnings from this function. If Yann could test under ElectricFence, then even better. Here's a scratch build for libical 0.47 package for Fedora 16: http://koji.fedoraproject.org/koji/taskinfo?taskID=3455112
libical-0.48-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/libical-0.48-1.fc15
libical-0.48-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/libical-0.48-1.el5
libical-0.48-1.el4 has been submitted as an update for Fedora EPEL 4. https://admin.fedoraproject.org/updates/libical-0.48-1.el4
libical-0.48-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/libical-0.48-1.fc16
Package libical-0.48-1.el4: * should fix your issue, * was pushed to the Fedora EPEL 4 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing libical-0.48-1.el4' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5265/libical-0.48-1.el4 then log in and leave karma (feedback).
libical-0.48-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
libical-0.48-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
libical-0.48-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
libical-0.48-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.