After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 601680 - [abrt] crash in exchange-mapi-cal-utils.c:1225 check_server_for_object
[abrt] crash in exchange-mapi-cal-utils.c:1225 check_server_for_object
Status: RESOLVED FIXED
Product: evolution-mapi
Classification: Applications
Component: Calendar
0.28.x
Other Linux
: Normal critical
: ---
Assigned To: evolution-mapi-maint
evolution-mapi-maint
Depends on:
Blocks:
 
 
Reported: 2009-11-12 12:46 UTC by Milan Crha
Modified: 2010-05-13 09:41 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Milan Crha 2009-11-12 12:46:29 UTC 
Moving this from a downstream bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=537047

Comment: Unfortunately I came back to my PC to find it crashed, I don't have
any additionally information (or debug code).
Attached file: backtrace
cmdline: evolution
component: evolution
executable: /usr/bin/evolution
kernel: 2.6.31.5-127.fc12.i686.PAE
package: evolution-2.28.0-2.fc12
rating: 4
reason: Process was terminated by signal 11

[New Thread 13308]
[New Thread 13315]
[New Thread 15087]
[New Thread 13256]
[New Thread 13294]
[New Thread 13295]
[New Thread 13297]
[New Thread 13298]
[New Thread 13318]
[New Thread 13416]
[New Thread 13417]
[New Thread 15086]
[New Thread 13310]
Core was generated by `evolution'.
Program terminated with signal 11, Segmentation fault.

+ Trace 219048

Thread 1 (Thread 15166)

  • #0 check_server_for_object
    at exchange-mapi-cal-utils.c line 1225
  • #1 exchange_mapi_cal_util_camel_helper
    at exchange-mapi-cal-utils.c line 1279
  • #2 fetch_item_cb
    at camel-mapi-folder.c line 1284
  • #3 exchange_mapi_connection_fetch_item
    at exchange-mapi-connection.c line 1482
  • #4 mapi_folder_get_message
    at camel-mapi-folder.c line 1686
  • #5 camel_folder_get_message
    at camel-folder.c line 1121
  • #6 offline_downsync_sync
    at camel-offline-folder.c line 114
  • #7 session_thread_proxy
    at camel-session.c line 592
  • #8 g_thread_pool_thread_proxy
    at gthreadpool.c line 265
  • #9 g_thread_create_proxy
    at gthread.c line 635
  • #10 start_thread
    at pthread_create.c line 297
  • #11 clone
    at ../sysdeps/unix/sysv/linux/i386/clone.S line 130 






Comment 1


Milan Crha





          2010-05-05 11:55:00 UTC
        



An updated backtrace from 0.30.1:
check_server_for_object (properties=0x7fffc75d2a40, mid=0x7fffc75d28a8) at exchange-mapi-cal-utils.c:1244
1244		proptag = array->aulPropTag[0];





+
Trace
    221729






Thread 1
          (Thread 26785)


    

  • 
#0
check_server_for_object

    
                at exchange-mapi-cal-utils.c
                  line
                  1244

    

    • 

  • 
#1
exchange_mapi_cal_util_camel_helper

    
                at exchange-mapi-cal-utils.c
                  line
                  1298

    

    • 

  • 
#2
fetch_item_cb

    
                at camel-mapi-folder.c
                  line
                  1346

    

    • 

  • 
#3
exchange_mapi_connection_fetch_item

    
                at exchange-mapi-connection.c
                  line
                  1567

    

    • 

  • 
#4
mapi_folder_get_message

    
                at camel-mapi-folder.c
                  line
                  1892

    

    • 

  • 
#5
camel_folder_get_message

    
                at camel-folder.c
                  line
                  1128

    

    • 

  • 
#6
get_message_exec

    
                at mail-ops.c
                  line
                  1858

    

    • 

  • 
#7
mail_msg_proxy

    
                at mail-mt.c
                  line
                  471

    

    • 

  • 
#8
g_thread_pool_thread_proxy

    
                at gthreadpool.c
                  line
                  315

    

    • 

  • 
#9
g_thread_create_proxy

    
                at gthread.c
                  line
                  1893

    

    • 

  • 
#10
start_thread

    
                at pthread_create.c
                  line
                  301

    

    • 

  • 
#11
clone

    
                at ../sysdeps/unix/sysv/linux/x86_64/clone.S
                  line
                  115

    

    • 













Comment 2


Milan Crha





          2010-05-13 09:41:52 UTC
        



After help from Chad in the other downstream bug report
https://bugzilla.redhat.com/show_bug.cgi?id=587726

I guess I got it.

> 1241	fid = exchange_mapi_get_default_folder_id (olFolderCalendar);
> 1242
> 1243	array = exchange_mapi_util_resolve_named_prop (olFolderCalendar, fid,
>               0x0023, PSETID_Meeting);
> 1244	proptag = array->aulPropTag[0];
> 1245
> 1246	res.rt = RES_PROPERTY;

The call to exchange_mapi_util_resolve_named_prop failed
for some reason, returning NULL, and then it crashed when dereferencing NULL
pointer. I added a check for this situation in the code, thus should be fine.

Note this is for 0.30 only, the 0.31 doesn't have there this code.

Created commit f4f98b3 in ema gnome-2-30 (0.30.2+)