GNOME Bugzilla – Bug 655120
CalDAV account: crash when opening an event containing an externally stored attachment
Last modified: 2011-08-17 12:18:58 UTC
Using an alternative client (e.g. Apple iCal), create an event containing an attachment. The event is of type external i.e. something like: ATTACH:http://example.com/truc.txt From Evolution 2.32.2, open any view: the event is correctly shown with the attachment icon. Try to open the event --> Evolution crashes You can try with the account caldav://aries.demo.sun.com/dav/home/ghislain/calendar/ (user id = ghislain, password = secret) On July 22, 2011, at 6PM EST there is an event called "from Apple iCal with attachment". Opening it causes Evolution to crash
I can reproduce the crash with master build (evolution 3.1.4) ==16678== Process terminating with default action of signal 11 (SIGSEGV) ==16678== Access not within mapped region at address 0x2F2F3A73 ==16678== at 0x40299B6: strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==16678== by 0x464D20A: e_cal_component_get_attachment_list (e-cal-component.c:1665) ==16678== by 0x740EDBD: fill_widgets (comp-editor.c:3032) ==16678== by 0x740F0B1: real_edit_comp (comp-editor.c:3081) ==16678== by 0x7415AC0: event_editor_edit_comp (event-editor.c:625) ==16678== by 0x740F81A: comp_editor_edit_comp (comp-editor.c:3276) ==16678== by 0x738BB1F: e_calendar_view_open_event_with_flags (e-calendar-view.c:1604) ==16678== by 0x738BD6A: e_calendar_view_edit_appointment (e-calendar-view.c:1645) ==16678== by 0x73A31AD: e_day_view_on_event_double_click (e-day-view.c:3554) ==16678== by 0x73A29C6: e_day_view_on_event_button_press (e-day-view.c:3334) ==16678== by 0x73A2367: e_day_view_on_main_canvas_button_press (e-day-view.c:3166) ==16678== by 0x50E8AE3: _gtk_marshal_BOOLEAN__BOXED (gtkmarshalers.c:85)
Thanks for a bug report. This took me quite some time to realize it's not evolution's fault, but something in ical library. I'm attaching a test application to demonstrate it.
Created attachment 193957 [details] test program a.c This a.c test program demonstrates the issue. It contains two sanitized components, one is "good", which doesn't crash the application, the other is "bad", which crashes the application when it tries to access URL of the attachment. The debugger claims that the memory returned by the libical is out of range. It doesn't matter on the order, the bad component always crashes application for me. The first line of the a.c shows how to compile it.
I moved this to the libical folks [1], as it has not much to do with evolution/evolution-data-server. Please see it for any further updates. By the way, you found a very nice catch, as it depends on the actual data being processed. [1] http://sourceforge.net/mailarchive/forum.php?thread_name=1313559562.14299.7.camel%40localhost&forum_name=freeassociation-devel
Glad that you could isolate the problem but why did you marked it as resolved ? I'm not familiar with the Gnome bug tracking procedures so bear with me but wouldn't it be better to wait until the libical library containing the fix is integrated ? Otherwise, how can one figure out in which version of Evolution/Gnome the problem is actually fixed ?
The problem is that technically nothing in Gnome can fix it, because the libical is an external project. I closed this as Resolved/NotGnome, which means exactly this. When you look on this from the other side, then you can use your "ancient" 2.32.2 evolution-data-server (or even older), but if you'll have the libical which will have this fixed then you'll not see this issue.