GNOME Bugzilla – Bug 595355
using uninitialized variable and incorrect header parsing in mapi_populate_details_from_item
Last modified: 2009-12-08 16:14:50 UTC
This happens on a number of messages. Anonymised information below. The hex should be correct, tried to only modify ascii chars and not change number of letters. exchange-mapi-connection.c:805: Entering exchange_mapi_util_get_recipients (evolution:12025): libexchangemapi-WARNING **: exchange-mapi-connection.c:828: exchange_mapi_util_get_recipients() - object has a recipient without a PR_SMTP_ADDRESS PR_DISPLAY_TYPE: 0 PR_OBJECT_TYPE: 0x8004010f PR_7BIT_DISPLAY_NAME: 0x8004010f PR_ORG_ADDR_TYPE: 0x8004010f PR_ORG_EMAIL_ADDR: 0x8004010f PR_RECIPIENT_NUMBER: 3 PR_SMTP_ADDRESS: 0x8004010f PR_SEND_INTERNET_ENCODING: 0 PR_OFFICE_LOCATION: 0x8004010f PR_RECIPIENT_TRACKSTATUS: 0 PR_RECIPIENTS_FLAGS: 1 PR_RECIPIENT_DISPLAY_NAME_UNICODE: REDACT REDACTX PR_RECIPIENT_ENTRYID [0000] 00 00 00 00 81 2B 1F A4 BE A3 10 19 9D 6E 00 DD .....+.. .....n.. [0010] 01 0F 54 02 00 00 01 00 52 45 44 41 43 54 20 52 ..T..... REDACT R [0020] 45 44 41 43 54 58 00 53 4D 54 50 00 52 45 44 41 EDACTX.S MTP.REDA [0030] 43 54 45 44 40 67 6D 61 69 6C 2E 63 6F 6D 00 CTED@gma il.com. 0x5ff20003: 0 0x5fef0003: 0 0x5ff50003: 0 0x5feb0003: 0 0x5fde000a: 0x8004010f PR_RECIPIENT_TYPE: 1 PR_INTERNET_CPID: 1200 exchange-mapi-connection.c:842: Leaving exchange_mapi_util_get_recipients exchange-mapi-connection.c:272: Entering exchange_mapi_util_read_body_stream exchange-mapi-connection.c:182: Entering exchange_mapi_util_read_generic_stream Attempt to read stream for proptag 0x10130102 Attempt succeeded for proptag 0x10130102 (after name conversion) exchange-mapi-connection.c:250: Leaving exchange_mapi_util_read_generic_stream exchange-mapi-connection.c:390: Leaving exchange_mapi_util_read_body_stream exchange-mapi-connection.c:182: Entering exchange_mapi_util_read_generic_stream Attempt to read stream for proptag 0x10130102 Attempt succeeded for proptag 0x10130102 (after name conversion) exchange-mapi-connection.c:250: Leaving exchange_mapi_util_read_generic_stream libexchangemapi-Message: exchange-mapi-connection.c:1486: exchange_mapi_connection_fetch_item: unlock(connect_lock) ?,();,();;,(),() exchange-mapi-connection.c:1488: Leaving exchange_mapi_connection_fetch_item Inv'lid header line: 'Microsoft Mail Internet Headers Version 2.0 'nvalid header line: ' name="winmail.dat" 'nvalid header line: ' "REDACTED (SOMEORG)" <redacted@some.org>, 'nvalid header line: ' "REDACTED" <REDACTED@gmail.com>, 'nvalid header line: ' "nemo" <redacted@some.org> 'nvalid header line: ' Invalid header line: '' Program received signal SIGSEGV, Segmentation fault.
+ Trace 217607
Thread 2983947120 (LWP 12248)
(gdb) print proptag $1 = 922812674 (gdb) print stream->proptag Cannot access memory at address 0x3a6e7279 (gdb) print stream $2 = (ExchangeMAPIStream *) 0x3a6e7275 ======================== Message =============================== From redacted@some.org Tue Sep 15 14:50:33 2009 Received: by x.some.org id <01CA3635.67A8F222@x.some.org>; Tue, 15 Sep 2009 14:50:33 -0400 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: Uh-oh. iPod Touch with no camera? Date: Tue, 15 Sep 2009 14:50:29 -0400 Message-ID: <CF926326CFC78343922782063B50F07301E7A837@x.some.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Uh-oh. iPod Touch with no camera? Thread-Index: Aco2NTC/nOV99yYIT9qWmJFznFlQ7g== From: "REDACTED (SOMEORG)" <redacted@some.org> To: "REDACTED (SOMEORG)" <redacted@some.org>, "REDACTED (SOMEORG)" <redacted@some.org>, "REDACTED" <REDACTED@gmail.com>, "nemo" <redacted@some.org> X-Evolution-Source: exchange://nemo@some.org/ Content-Transfer-Encoding: 8bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2900.3603" name=GENERATOR></HEAD> <BODY> <DIV><FONT face=Arial size=2><A href="http://dvice.com/archives/2009/09/uh-oh-ipod-touc.php">http://dvice.com/archives/2009/09/uh-oh-ipod-touc.php</A></FONT></DIV> <DIV> </DIV> <DIV align=left> <DIV align=left> <DIV align=left><FONT face=Verdana size=2><STRONG>REDACTED REDACTED</STRONG></FONT></DIV> <DIV align=left><FONT face=Verdana size=2>REDACTED</FONT></DIV> <DIV align=left><FONT face=Verdana size=2>REDACTED REDACTED <DIV align=left><FONT face=Verdana size=2>REDACTED REDACTED</FONT></DIV> <DIV align=left><FONT face=Verdana size=2>REDACTED REDACTED</FONT></DIV> <DIV align=left><FONT face=Verdana size=2>Tel (111) 111-1111</FONT></DIV> <DIV align=left><FONT face=Verdana size=2>redacted@some.org</FONT></DIV></DIV></DIV> <DIV> </DIV></BODY></HTML>
Just for a reference: patch 1 is committed in sources already (commit 07870c0559c in ema) patch 2 is from bug #595260 I see some related crashers in this code, thus using this bug, let's see.
Created attachment 143289 [details] [review] proposed ema patch for evolution-mapi; With this patch I can download the test message you provided without any issue. The main problem was that the 'headers' variable wasn't initialized, which I believe caused the crash. Also, the splitting on \n is inaccurate, as some headers can be folded, thus I used proper header parser. I noticed it also brings in headers like Content-Transfer-Encoding which I think are not the best to use. Maybe they are overwritten later, I didn't investigate so far.
Created commit d3f5a7c in ema master (0.29.1+) Created commit d43ef22 in ema gnome-2-28 (0.28.1+)
*** Bug 595810 has been marked as a duplicate of this bug. ***