Ubuntu
libytnef package

  1. Zesty (17.04)
  2. Bug #1666884
  3. Comment #6

Comment 6 for bug 1666884

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The testing for the Trusty update did not go as expected. The test case linked to from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556#5 crashes Evolution the same way with and without the updated libytnef0 package.

Testing on Trusty isn't straightforward because Evolution's handling of tnef attachments is buggy in Trusty. You have to use this workaround:

  https://bugs.launchpad.net/ubuntu-gnome/+bug/1390466/comments/2

I then used mutt to create an email with the previously mentioned reproducer tnef file attached. Before sending, I had to manually set the attachment content type to "application/ms-tnef". (In hindsight, I could have probably set the content type to "application/ms-tnefl" and then not needed to binary patch the Evolution tnef module.)

Evolution crashes as soon as you click on the email containing the crafted tnef file. The backtrace is:

(gdb) bt
#0 0x00007fb1ec652be8 in TNEFFreeMapiProps () from /usr/lib/x86_64-linux-gnu/libytnef.so.0
#1 0x00007fb1ec652e1b in TNEFFree () from /usr/lib/x86_64-linux-gnu/libytnef.so.0
#2 0x00007fb1ec869dcd in ?? () from /usr/lib/evolution/3.10/modules/module-tnef-attachment.so
#3 0x00007fb1f737060c in e_mail_parser_parse_part_as () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#4 0x00007fb1f73706cd in e_mail_parser_parse_part () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#5 0x00007fb1f73731b2 in ?? () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#6 0x00007fb1f737060c in e_mail_parser_parse_part_as () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#7 0x00007fb1f73718cb in ?? () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#8 0x00007fb1f736ff12 in ?? () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#9 0x00007fb1f73700b1 in e_mail_parser_parse_sync () from /usr/lib/evolution/3.10/libevolution-mail-formatter.so.0
#10 0x00007fb1eeac09bd in ?? () from /usr/lib/evolution/3.10/libevolution-mail.so.0
#11 0x00007fb21dc4f2af in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#12 0x00007fb21dc3c4e6 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#13 0x00007fb21dc5f065 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#14 0x00007fb21d6f388c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007fb21d6f2f05 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007fb220cb0184 in start_thread (arg=0x7fb1dbfff700) at pthread_create.c:312
#17 0x00007fb21d3babed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

I don't plan to move forward with this update since it doesn't fix the crasher.