Ubuntu
evolution-data-server package

evolution crashed with SIGSEGV in em_format_snoop_type()

Bug #584536 reported by Fabien Tassin
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evolution
Fix Released
Critical
evolution-data-server (Debian)
Fix Released
Unknown
evolution-data-server (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: evolution

in Maverick, just clicking on some mails makes evolution crash.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb13ffb70 (LWP 6162)]
0x0233b430 in em_format_snoop_type (part=0x89b21e0) at em-format.c:2021
2021 em-format.c: No such file or directory.
        in em-format.c
(gdb) bt
#0 0x0233b430 in em_format_snoop_type (part=0x89b21e0) at em-format.c:2021
#1 0x0233d2ab in em_format_part_as (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0, mime_type=0x86db858 "application/octet-stream") at em-format.c:659
#2 0x0233d3e5 in em_format_part (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0) at em-format.c:704
#3 0x022d3589 in efh_format_message (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0, info=0x2311730) at em-format-html.c:2782
#4 0x022d1964 in efh_format_exec (m=0x8ac8d98) at em-format-html.c:216
#5 0x022e6268 in mail_msg_proxy (msg=0x8ac8d98) at mail-mt.c:471
#6 0x0135ac8c in ?? () from /lib/libglib-2.0.so.0
#7 0x01358d6f in ?? () from /lib/libglib-2.0.so.0
#8 0x00906985 in start_thread () from /lib/libpthread.so.0
#9 0x0148e1ee in clone () from /lib/libc.so.6
(gdb) bt f
#0 0x0233b430 in em_format_snoop_type (part=0x89b21e0) at em-format.c:2021
        ct = <value optimized out>
        mem = 0x88ea7a0
        types_cache = 0x0
        filename = 0xadbd9bc0 "blackbird.rtf"
        name_type = 0x8a821b0 "application/rtf"
        magic_type = <value optimized out>
        res = <value optimized out>
        dw = 0x8be1db0
#1 0x0233d2ab in em_format_part_as (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0, mime_type=0x86db858 "application/octet-stream") at em-format.c:659
        is_fallback = 36963503
        handle = <value optimized out>
        snoop_save = 0x0
        tmp = <value optimized out>
        base_save = 0x0
        base = 0x0
        basestr = <value optimized out>
#2 0x0233d3e5 in em_format_part (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0) at em-format.c:704
        mime_type = <value optimized out>
        dw = <value optimized out>
#3 0x022d3589 in efh_format_message (emf=0x857b6e0, stream=0x8aaf920, part=0x89b21e0, info=0x2311730) at em-format-html.c:2782
        handle = <value optimized out>
        save = 0x0
        save_parent = 0x0
#4 0x022d1964 in efh_format_exec (m=0x8ac8d98) at em-format-html.c:216
        handle = 0xffffffff
        format = 0x857b6e0
        job = <value optimized out>
        puri_level = 0x390
        cancelled = 20147878
        base = 0xb13ff0e8
#5 0x022e6268 in mail_msg_proxy (msg=0x8ac8d98) at mail-mt.c:471
No locals.
#6 0x0135ac8c in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#7 0x01358d6f in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#8 0x00906985 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#9 0x0148e1ee in clone () from /lib/libc.so.6
No symbol table info available.
(gdb)

        dw = camel_medium_get_content_object((CamelMedium *)part);
        if (!camel_data_wrapper_is_offline(dw)) {
                CamelStreamMem *mem = (CamelStreamMem *)camel_stream_mem_new();

                if (camel_data_wrapper_decode_to_stream(dw, (CamelStream *)mem) > 0) {
                        gchar *ct = g_content_type_guess (filename, mem->buffer->data, mem->buffer->len, NULL); <====

(gdb) p filename
$3 = (const gchar *) 0xadbd9bc0 "blackbird.rtf"
(gdb) p mem->buffer->data
Cannot access memory at address 0xffffffff
(gdb) p mem->buffer
$4 = (GByteArray *) 0xffffffff
(gdb) p *mem
$5 = {parent_object = {parent_object = {parent_object = {klass = 0xb1410488, magic = 2007188717, hooks = 0x0, ref_count = 1, flags = 0, next = 0x88ea760,
        prev = 0x0}, eos = 0}, position = 1313, bound_start = 0, bound_end = 0}, owner = 0, secure = 0, buffer = 0xffffffff}

ii evolution 2.30.1.2-2ubuntu1 groupware suite with mail client and organiz
ii evolution-common 2.30.1.2-2ubuntu1 architecture independent files for Evolution
ii evolution-couchdb 0.4.5-0ubuntu1 Evolution support for CouchDB databases
ii evolution-data-server 2.30.1-4ubuntu1 evolution database backend server
ii evolution-data-server-common 2.30.1-4ubuntu1 architecture independent files for Evolution
ii evolution-dbg 2.30.1.2-2ubuntu1 debugging symbols for Evolution
ii evolution-exchange 2.30.1-2ubuntu2 Exchange plugin for the Evolution groupware
ii evolution-indicator 0.2.8-0ubuntu1 GNOME panel indicator applet for Evolution
ii evolution-plugins 2.30.1.2-2ubuntu1 standard plugins for Evolution
ii evolution-webcal 2.28.0-1 webcal: URL handler for GNOME and Evolution

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for the report, trace matches bug https://bugzilla.gnome.org/show_bug.cgi?id=619427 ; linking the report.

Changed in evolution (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
status: Unknown → New
Revision history for this message
Fabien Tassin (fta) wrote :

seems related to --enable-largefile in eds, but only on 32bit.
There are already 17 duplicates in the Gnome BTS.

Changed in evolution:
status: New → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
status: Unknown → New
Fabien Tassin (fta)
affects: evolution (Debian) → evolution-data-server (Debian)
affects: evolution (Ubuntu) → evolution-data-server (Ubuntu)
Bug Watch Updater (bug-watch-updater)
Changed in evolution-data-server (Debian):
status: Unknown → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evolution-data-server (Debian):
status: Fix Released → New
Bug Watch Updater (bug-watch-updater)
Changed in evolution-data-server (Debian):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evolution-data-server - 2.30.3-1ubuntu1

---------------
evolution-data-server (2.30.3-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable. Remaining changes:
    + debian/control:
      - add Vcs-Bzr tag
      - don't use libgnome
    + debian/evolution-data-server.install,
      debian/patches/45_libcamel_providers_version.patch:
      - use the upstream versioning, not a Debian-specific one
    + debian/rules:
      - don't build documentation it's shipped with the tarball
  * use dh_autoreconf now, as in debian (it's in main now)
    - remove debian/patches/90_autoreconf.patch
    - change debian/rules to include it
    - build-dep in debian/control
  * disable large file support, like in debian, which causes crashes
    (LP: #584536)
  * debian/patches/91_revert_formatted_adress.patch: removed, upstream
  * debian/patches/01_build_with_deprecated_symbols.patch:
    - remove -DGDK_DISABLE_DEPRECATED to build it
 -- Didier Roche <email address hidden> Wed, 01 Sep 2010 18:51:26 +0200

Changed in evolution-data-server (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evolution:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.