After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 520233 - Crash in imap_body_decode at camel-imap-utils.c line 979
Crash in imap_body_decode at camel-imap-utils.c line 979
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: Mailer
2.30.x (obsolete)
Other All
: High critical
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
: 575298 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-03-04 04:38 UTC by mordkoff
Modified: 2010-04-01 12:29 UTC
See Also:
GNOME target: ---
GNOME version: 2.23/2.24

Attachments
evolution crash repor in /var/crash (66.39 KB, text/plain)
2009-03-30 17:32 UTC, Amin 		  Details
eds patch (1.69 KB, patch)
2010-03-31 13:14 UTC, Milan Crha 		committed Details | Review

Description mordkoff 2008-03-04 04:38:48 UTC 
Version: 2.10

What were you doing when the application crashed?
opening a new email


Distribution: Fedora release 7 (Moonshine)
Gnome Release: 2.18.3 2007-11-13 (Red Hat, Inc)
BugBuddy Version: 2.18.0

System: Linux 2.6.23.8-34.fc7 #1 SMP Thu Nov 22 23:05:33 EST 2007 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10300000
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: Fedora

Memory status: size: 111509504 vsize: 111509504 resident: 37679104 share: 30412800 rss: 37679104 rss_rlim: 4294967295
CPU usage: start_time: 1204605489 rtime: 227 utime: 201 stime: 26 cutime:2 cstime: 3 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evolution'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208822048 (LWP 7195)]
[New Thread -1233777776 (LWP 7222)]
[New Thread -1222874224 (LWP 7212)]
0x00110402 in __kernel_vsyscall ()

+ Trace 191224

Thread 2 (Thread -1233777776 (LWP 7222))

  • #0 __kernel_vsyscall
  • #1 __lll_mutex_lock_wait
    from /lib/libpthread.so.0
  • #2 _L_mutex_lock_79
    from /lib/libpthread.so.0
  • #3 pthread_mutex_lock
    from /lib/libpthread.so.0
  • #4 segv_redirect
    at main.c line 417
  • #5 <signal handler called>
  • #6 imap_body_decode
    at camel-imap-utils.c line 979
  • #7 imap_body_decode
    at camel-imap-utils.c line 861
  • #8 imap_parse_body
    at camel-imap-utils.c line 1056
  • #9 imap_get_message
    at camel-imap-folder.c line 2122
  • #10 camel_folder_get_message
    at camel-folder.c line 1070
  • #11 get_message_exec
    at mail-ops.c line 1700
  • #12 mail_msg_proxy
    at mail-mt.c line 500
  • #13 ??
    from /lib/libglib-2.0.so.0
  • #14 ??
    from /lib/libglib-2.0.so.0
  • #15 start_thread
    from /lib/libpthread.so.0
  • #16 clone
    from /lib/libc.so.6 


----------- .xsession-errors (26 sec old) ---------------------
alCalDAV Eplugin starting up ...
** (evolution:7103): DEBUG: mailto URL command: evolution --component=mail %s
** (evolution:7103): DEBUG: mailto URL program: evolution
libnm_glib_nm_state_cb: dbus returned an error.
  (org.freedesktop.DBus.Error.ServiceUnknown) The name org.freedesktop.NetworkManager was not provided by any .service files
CalDAV Eplugin starting up ...
** (evolution:7152): DEBUG: mailto URL command: evolution --component=mail %s
** (evolution:7152): DEBUG: mailto URL program: evolution
libnm_glib_nm_state_cb: dbus returned an error.
  (org.freedesktop.DBus.Error.ServiceUnknown) The name org.freedesktop.NetworkManager was not provided by any .service files
CalDAV Eplugin starting up ...
** (evolution:7195): DEBUG: mailto URL command: evolution --component=mail %s
** (evolution:7195): DEBUG: mailto URL program: evolution
libnm_glib_nm_state_cb: dbus returned an error.
  (org.freedesktop.DBus.Error.ServiceUnknown) The name org.freedesktop.NetworkManager was not provided by any .service files
--------------------------------------------------
Comment 1 Pedro Villavicencio 2008-05-16 09:58:17 UTC 
there's a similar crash on https://bugs.edge.launchpad.net/ubuntu/+source/evolution/+bug/229669 with Evolution 2.22.1.
Comment 2 Oli 2008-10-16 20:57:02 UTC 
And another here (if you need another debug trace):
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/249624

It's been a while since I filed that bug report but the problem is *still* very much current for me. I can't use Evolution at all.

I've since done a clean install so I'm sure it's something to do with my IMAP server. As good as Evo might be over Thunderbird+Plugins, I can't justify moving my whole mail architecture just to suit a certain client... Is there any chance this might be fixed one day?

I can provide private access to anybody who needs an email account on my particular server (if you need to see exactly what's causing the problem). Just ping me an email.
Comment 3 Akhil Laddha 2009-03-24 04:24:52 UTC 
*** Bug 575298 has been marked as a duplicate of this bug. ***
Comment 4 Akhil Laddha 2009-03-24 04:25:43 UTC 
see bug 575298 for latest traces and a sample mbox file
Comment 5 Andrea Mayer 2009-03-30 15:02:16 UTC 
How can I help to CONFIRM this bug? Please advice
Comment 6 Amin 2009-03-30 17:32:37 UTC 
Created attachment 131716 [details]
evolution crash repor in /var/crash
Comment 7 bernhard 2009-03-31 09:42:13 UTC 
Can confirm this
Comment 8 Dennis Melentyev 2009-06-12 16:25:17 UTC 
Camel.IMAP code (2.26.1) calls for a good review.

Please, consider reading my comments at:
https://bugs.launchpad.net/ubuntu/+source/evolution/+bug/229669

There is an obvious bugs: NULL pointer dereference and possible stack blow-out (unrestricted recursive calls to imap_body_decode()).

Sincerely,
Dennis Melentyev
Comment 9 Akhil Laddha 2010-03-26 05:27:56 UTC 
Please try out improved IMAP support IMAPX (IMAP+) which is a part of upcoming evolution 2.30.0 and let us know your feedback, thanks.
Comment 10 Milan Crha 2010-03-31 12:03:58 UTC 
It seems patch from bug #495086 committed on 2007-11-12 didn't cover all cases, though I see only one line shift here, so it's possible it's the same issue. The patch is part of 2.21.2.
Comment 11 Milan Crha 2010-03-31 12:47:02 UTC 
I can reproduce something similar with "(("text" "plain" ("charset" "UTF-8") NIL NIL "7bit" 7352 153) ("text" "html" ("charset" "UTF-8") NIL NIL "7bit" 30313 320) "alternative") UID 156097)" passing to imap_body_decode. The issue with this string is the space in this part: "153) ("text"" removing it makes it work properly. I'll add more NULL checking to the function, to ensure it'll not break itself. Though the result will be uncertain.
Comment 12 Milan Crha 2010-03-31 13:14:52 UTC 
Created attachment 157580 [details] [review]
eds patch

for evolution-data-server;

This fixes it. Note the last chunk, it skips the space between parts, if it seems like a part. I only didn't get from RFC3501 whether the space can or cannot be there. An example at FETCH response shows list without the space, same as my IMAP server returns, but I didn't understand from the text whether it is also correct.
Comment 13 Milan Crha 2010-04-01 12:29:05 UTC 
Created commit 500e0e9 in eds master (2.31.1+)
Created commit 5cfb419 in eds gnome-2-30 (2.30.1+)