Bug 328937 – evolution becomes unusable with a fairly simple malicious message

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 328937 - evolution becomes unusable with a fairly simple malicious message


Summary:	evolution becomes unusable with a fairly simple malicious message


Status:	RESOLVED WONTFIX

Product:	GtkHtml
Classification:	Other
Component:	Rendering
Version:	3.8.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkhtml-maintainers
QA Contact:	gtkhtml-maintainers

URL:
Whiteboard:	gnome[unmaintained]

Depends on:
Blocks:

Reported:	2006-01-28 05:09 UTC by phar
Modified:	2014-12-02 01:06 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description phar 2006-01-28 05:09:15 UTC

Steps to reproduce:
1. perl -e 'printf "A"x40000' > file.xml
2. attach file.xml to an email, selecting  "suggest automatic display of attachment
3 [details]. sent the email to someone you want to annoy


Stack trace:


Other information:

Comment 1 Karsten Bräckelmann 2006-01-29 05:23:03 UTC

For everyone who doesn't know perl: The attached file consist of *one* line only with 40k chars.

Moving over to GtkHTML/Rendering.

Comment 2 Karsten Bräckelmann 2006-01-29 05:24:15 UTC

Setting GtkHTML version according to the previous Evo version.

Comment 3 Harish Krishnaswamy 2006-02-08 08:55:08 UTC

Confirming the bug and yes, i am working on it now :-)

Comment 4 Rohini 2006-03-13 03:40:29 UTC

Backtrace.

+ Trace 66884

#0 __kernel_vsyscall
#1 __write_nocancel
from /lib/tls/libpthread.so.0
#2 XUnlockDisplay
from /usr/X11R6/lib/libX11.so.6
#3 _X11TransWrite
from /usr/X11R6/lib/libX11.so.6
#4 _XError
from /usr/X11R6/lib/libX11.so.6
#5 XRenderCompositeText8
from /usr/X11R6/lib/libXrender.so.1
#6 cairo_xlib_surface_set_drawable
from /usr/lib/libcairo.so.2
#7 cairo_surface_create_similar
from /usr/lib/libcairo.so.2
#8 cairo_scaled_font_destroy
from /usr/lib/libcairo.so.2
#9 cairo_font_options_get_hint_metrics
from /usr/lib/libcairo.so.2
#10 cairo_font_options_get_hint_metrics
from /usr/lib/libcairo.so.2
#11 cairo_font_options_get_hint_metrics
from /usr/lib/libcairo.so.2
#12 cairo_show_glyphs
from /usr/lib/libcairo.so.2
#13 pango_cairo_renderer_get_type
from /opt/gnome/lib/libpangocairo-1.0.so.0
#14 pango_renderer_draw_glyphs
from /opt/gnome/lib/libpango-1.0.so.0
#15 pango_cairo_show_glyph_string
from /opt/gnome/lib/libpangocairo-1.0.so.0
#16 gdk_draw_lines
from /opt/gnome/lib/libgdk-x11-2.0.so.0
#17 draw_glyphs
at htmlgdkpainter.c line 802
#18 html_painter_draw_glyphs
at htmlpainter.c line 637
#19 draw
at htmltextslave.c line 789
#20 html_object_draw
at htmlobject.c line 1042
#21 draw
at htmlclue.c line 268
#22 draw
at htmlclueflow.c line 1371
#23 html_object_draw
at htmlobject.c line 1042
#24 draw
at htmlclue.c line 268
#25 draw
at htmlcluev.c line 395
#26 html_object_draw
at htmlobject.c line 1042
#27 draw
at htmlclue.c line 268
#28 draw
at htmlcluev.c line 395
#29 html_object_draw
at htmlobject.c line 1042
#30 html_engine_draw_real
at htmlengine.c line 4807
#31 html_engine_expose
at htmlengine.c line 4823
#32 expose
at gtkhtml.c line 1066
#33 gtk_marshal_VOID__UINT_STRING
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#34 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#35 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#36 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#37 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#38 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#39 gtk_widget_activate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#40 gtk_main_do_event
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#41 gdk_window_clear_area_e
from /opt/gnome/lib/libgdk-x11-2.0.so.0
#42 gdk_window_process_updates
from /opt/gnome/lib/libgdk-x11-2.0.so.0
#43 gtk_layout_new
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#44 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#45 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#46 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#47 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#48 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#49 gtk_adjustment_value_changed
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#50 size_allocate
at gtkhtml.c line 1161
#51 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#52 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#53 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#54 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#55 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#56 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#57 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#58 gtk_scrolled_window_add_with_viewport
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#59 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#60 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#61 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#62 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#63 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#64 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#65 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#66 gtk_vbox_new
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#67 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#68 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#69 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#70 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#71 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#72 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#73 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#74 bonobo_dock_get_type
from /opt/gnome/lib/libbonoboui-2.so.0
#75 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#76 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#77 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#78 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#79 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#80 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#81 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#82 gtk_vbox_new
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#83 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#84 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#85 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#86 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#87 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#88 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#89 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#90 gtk_window_reshow_with_initial_size
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#91 g_cclosure_marshal_VOID__BOXED
from /opt/gnome/lib/libgobject-2.0.so.0
#92 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#93 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#94 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#95 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#96 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#97 gtk_widget_size_allocate
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#98 gtk_container_resize_children
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#99 gtk_window_get_position
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#100 g_cclosure_marshal_VOID__VOID
from /opt/gnome/lib/libgobject-2.0.so.0
#101 g_cclosure_new_swap
from /opt/gnome/lib/libgobject-2.0.so.0
#102 g_closure_invoke
from /opt/gnome/lib/libgobject-2.0.so.0
#103 g_signal_stop_emission
from /opt/gnome/lib/libgobject-2.0.so.0
#104 g_signal_emit_valist
from /opt/gnome/lib/libgobject-2.0.so.0
#105 g_signal_emit
from /opt/gnome/lib/libgobject-2.0.so.0
#106 gtk_container_check_resize
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#107 gtk_container_check_resize
from /opt/gnome/lib/libgtk-x11-2.0.so.0
#108 g_child_watch_add
from /opt/gnome/lib/libglib-2.0.so.0
#109 g_main_context_dispatch
from /opt/gnome/lib/libglib-2.0.so.0
#110 g_main_context_check
from /opt/gnome/lib/libglib-2.0.so.0
#111 g_main_loop_run
from /opt/gnome/lib/libglib-2.0.so.0
#112 bonobo_main
from /opt/gnome/lib/libbonobo-2.so.0
#113 main
at main.c line 603

Comment 5 Veerapuram Varadhan 2006-03-13 04:55:26 UTC

AFAICS, gedit also crashes with similar XError.  Lowering the severity for now.

Comment 6 André Klapper 2006-06-20 22:18:24 UTC

removing old target milestone, setting new one.

Comment 7 André Klapper 2014-12-02 01:06:21 UTC

Since version 3.6, Evolution uses WebKit instead of GtkHtml for displaying messages. (And for completeness, Evolution 3.14 is planned to use WebKit also for composing and editing messages so GtkHtml will not receive any fixes anymore.)

Hence I am closing this GtkHtml rendering bug report.
We are sorry that your request was not handled in time when it was reported but unfortunately manpower is very limited (and does not allow testing every single reported issue separately again either).

Please feel free to reopen this report (and move it to the "Evolution" product and the "Mail" component) if the problem described in this bug report still happens in a recent supported Evolution version which uses WebKit (the current stable Evolution version is 3.12).