Evolution SIGSEGV when accepting VCS/ICS calendar attachment

Bug #704846 reported by mio75 on 2011-01-19
This bug affects 1 person
Affects Status Importance Assigned to Milestone
evolution (Ubuntu)

Bug Description

Binary package hint: evolution

(The following description is a copy of what I wrote in Bug #683705. Opening this new bug report because I was asked to provide information from Apport. See bug #683705 for attachments.)

Received an Email with an event invitation from an apple user (iCal). Clicked on "Accept" button below the email. Evolution immediately crashes.

Stripped down the attachment (removed additional recipients/real email addresses), attaching file "test_ical.ics". I can reproduce the SIGSEGV 100% of the times by just sending myself this file as an email attachment, then clicking "Accept".

Marking this a "security vulnerability" because people can send me emails that crash my software. Not sure if they could do anything more harmful.

ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: evolution 2.28.3-0ubuntu10.2
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic
Uname: Linux 2.6.32-27-generic i686
NonfreeKernelModules: wl nvidia
Architecture: i386
Date: Wed Jan 19 12:01:24 2011
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evolution
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcCmdline: evolution
 PATH=(custom, user)
 Segfault happened at: 0x66da6b6: mov 0x10(%edi),%eax
 PC (0x066da6b6) ok
 source "0x10(%edi)" (0x00000010) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: evolution
 ?? ()
 itip_send_comp ()
 ?? ()
 g_cclosure_marshal_VOID(int0_t) ()
 g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
Title: evolution crashed with SIGSEGV in itip_send_comp()
UserGroups: adm admin avahi cdrom dialout kvm libvirtd lpadmin plugdev sambashare vboxusers
 (polkit-gnome-authentication-agent-1:2234): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (gnome-panel:2221): GConf-WARNING **: Directory `/apps/panel/toplevels/bottom_panel_screen1/screen' was not being monitored by GConfClient 0x962db60

mio75 (mio75) wrote :
mio75 (mio75) on 2011-01-19
description: updated
Kees Cook (kees) wrote :

Thanks for getting the Apport details. This looks like "just" a regular crash, so I'm going to make the bug public and unmark it as security so hopefully some evolution developers can get a chance to look at it.

security vulnerability: yes → no
visibility: private → public
Changed in evolution (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Jörg Frings-Fürst (jff-de) wrote :

Bug from 2011. Version not longer supportet.
Change status to Invalid

Changed in evolution (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers