GNOME Bugzilla – Bug 544506
Crash. Reading message info from db
Last modified: 2013-09-13 01:01:14 UTC
Crash when trying to read cinfo from db.
+ Trace 203660
Culprit : #define EXTRACT_FIRST_STRING(val) len=strtoul (part, &part, 10); part++; val=g_strndup (part, len); #define EXTRACT_STRING(val) part++; len=strtoul (part, &part, 10); part++; val=g_strndup (part, len); #define EXTRACT_FIRST_DIGIT(val) val=strtoul (part, &part, 10); #define EXTRACT_DIGIT(val) part++; val=strtoul (part, &part, 10); and itz usage in message_info_from_db (CamelFolderSummary *s, CamelMIRecord *record). Looks like the expected count from cinfo is not being put in the expected position in the DB. So in my db : sqlite> select cinfo from Inbox 9-multipart 11-alternative 1 8-boundary 28-____UZJSHDHNGATVUEGXPUDO____ 0- 0- 0- 0 0 I think the 'count' is expected at position 1 but somehow moved to position 3 which screwsup the entire parsing leading to overflow .. Also add more checks for strtoul (errno, ret val == ULONG_MAX .. )
Could migration code be responsible for this ?
Johnny, No. This is some serious issue. Lemme see. I have never tested played with cinfo. IMAP provider right?
Yep. IMAP.
Bug fixed in this revision. http://svn.gnome.org/viewvc/evolution-data-server?view=revision&revision=9192 Closing.