GNOME Bugzilla – Bug 608771
evolution crashed while disabling the mapi account
Last modified: 2010-02-02 18:13:07 UTC
evolution 2.29.6 libmapi 0.9 I was disabling the account from preferences and just after disabling, evolution crashed. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xac4dcb70 (LWP 6816)] 0xb48fb136 in mapi_new_mail_fetch (session=0x80d2c48, msg=0xab2118c8) at camel-mapi-notifications.c:96 96 const gchar *folder_id = exchange_mapi_util_mapi_id_to_string (event->FID); (gdb) t a a bt
+ Trace 220376
Thread 13 (Thread 0xac4dcb70 (LWP 6816))
Some times it appears when i disable the account and close evolution.
Created attachment 152819 [details] [review] proposed ema patch for evolution-mapi; I caused that, my fault. This may fix it, just notice it'll be triggered only when some New Mail notification will be received. I also fixed invalid read on messages with attachments: ==20057== Invalid read of size 4 ==20057== at 0x7B5456F: get_SPropValue (property.c:107) ==20057== by 0x7AF1A47: exchange_mapi_util_find_SPropVal_array_propval (exchange-mapi-utils.c:141) ==20057== by 0x5A8FBAA: mapi_folder_item_to_msg (camel-mapi-folder.c:1693) ==20057== by 0x5A90148: mapi_folder_get_message (camel-mapi-folder.c:1826) ==20057== by 0x43910A5: camel_folder_get_message (camel-folder.c:1114) ==20057== by 0x54DC346: get_message_exec (mail-ops.c:1858) ==20057== by 0x54D7C9E: mail_msg_proxy (mail-mt.c:459) ==20057== by 0xBDA0E6: g_thread_pool_thread_proxy (gthreadpool.c:265) ==20057== by 0xBD8A4F: g_thread_create_proxy (gthread.c:635) ==20057== by 0xB29AB4: start_thread (pthread_create.c:297) ==20057== by 0xA8083D: clone (clone.S:130) ==20057== Address 0x4d647b0 is 0 bytes after a block of size 256 alloc'd ==20057== at 0x4004F1B: calloc (vg_replace_malloc.c:418) ==20057== by 0xBB664C: g_malloc0 (gmem.c:151) ==20057== by 0x7AEA504: exchange_mapi_util_get_attachments (exchange-mapi-connection.c:701) ==20057== by 0x7AEC71F: exchange_mapi_connection_fetch_item (exchange-mapi-connection.c:1475) ==20057== by 0x5A900E0: mapi_folder_get_message (camel-mapi-folder.c:1813) ==20057== by 0x43910A5: camel_folder_get_message (camel-folder.c:1114) ==20057== by 0x54DC346: get_message_exec (mail-ops.c:1858) ==20057== by 0x54D7C9E: mail_msg_proxy (mail-mt.c:459) ==20057== by 0xBDA0E6: g_thread_pool_thread_proxy (gthreadpool.c:265) ==20057== by 0xBD8A4F: g_thread_create_proxy (gthread.c:635) ==20057== by 0xB29AB4: start_thread (pthread_create.c:297) ==20057== by 0xA8083D: clone (clone.S:130) I realized that get_SPropValue is traversing through all the properties until it stops on the lpProps[i].ulPropTag == 0, thus allocating buffer one element longer than necessary is fixing it. I'm not sure where everywhere it is required.
Created commit b432e3e in ema master (0.29.90+) The gnome-2-28 doesn't have notification code, thus no need for it there.