evolution crashes when trying to forward email with strange subject encoding
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
evolution (Ubuntu) |
Fix Released
|
Medium
|
Sebastien Bacher |
Bug Description
** Filed upstream as bug #300679 **
From <email address hidden> Thu Apr 14 08:28:24 2005
From: "Outlook User" <email address hidden>
To: anyone <nobody@nowhere>
Subject: =?Windows-
Date: Thu, 14 Apr 2005 08:31:13 -0400
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
This message causes evolution to crash on forwarding.
If you put the above data into a mbox file and import it into Evolution you
should import a single message. If you go to it and click "Forward" evolution
crashes.
The crash appears to be related to the strange =?Windows-1252?Q? encoding in the
subject line. If you take this away, the crash no longer occurs.
Evolution is Ubuntu-packaged 2.2.1.1.
Here's the important part of the trace from gdb:
#4 <signal handler called>
#5 0xb7a786e9 in strcasecmp () from /lib/tls/
#6 0xb7ed2d2d in camel_header_
/usr/lib/
#7 0xb7ed3151 in camel_header_
from /usr/lib/
#8 0xb7ed0392 in camel_mime_
from /usr/lib/
#9 0xb67bb7f7 in mail_tool_
from /usr/lib/
#10 0xb67b4740 in mail_get_folderinfo ()
from /usr/lib/
#11 0xb67b58ae in mail_get_message ()
from /usr/lib/
#12 0xb67b07ac in mail_cancel_all ()
from /usr/lib/
#13 0xb6cd5eb1 in g_vasprintf () from /usr/lib/
#14 0xb6cb2d0f in g_main_depth () from /usr/lib/
#15 0xb6cb3cb5 in g_main_
/usr/lib/
#16 0xb6cb3fd7 in g_main_
/usr/lib/
#17 0xb6cb451e in g_main_loop_run () from /usr/lib/
#18 0xb745f6f3 in bonobo_main () from /usr/lib/
#19 0x08066e8c in main ()
Cheers
http://
Created an attachment (id=2120)
duct tape fix
Ok. As mentioned upstream, the problem is due to a function returned an
unchecked NULL, and then that NULL being passed to another function which
passes it directly to strcasecmp.
Here's a duct tape fix to check for non-NULL before strcasecmp is called. It's
not the best fix, but it's made with the aim of changing as little as humanly
possible (as not to introduce new bugs). I'm posting the patch here instead of
upstream for this reason (since upstream will probably want to fix it
properly).
The only case in with the behaviour of the program changes (at all) is the
where 'type' is NULL (in which case the program used to crash) so I think this
patch is 100% regression-free.