GNOME Bugzilla – Bug 694159
Malformed content-type header causes infinite recursion
Last modified: 2013-09-13 01:07:09 UTC
Created attachment 236744 [details] sample email that causes this issue Found this while trying to test some script. I had created an email and mis-spelled the MIME header: Content-Type: text/plain; and had instead put: Content-Type: test/plain; Was able to read the email in Thunderbird and OWA fine, but attempts to view this message crashed evolution once clicking on the message in the message list. Under normal circumstances this shouldn't be a problem, but mis-named content-types shouldn't crash evolution. I'll work on getting a stack trace, but with the attachment, is simple to reproduce.
adding myself to cc so I receive the reports.
Testing with 3.6.3 (latest stable version) is welcome, plus a stacktrace.
Confirming, the test message consistently crashes Evolution 3.7.90 as well. GDB backtrace shows the crash deep within libc trying to assemble a formatted HTML string originating from g_strdup_printf(). Both the format string itself and the string arguments seem fine to me. valgrind does not reveal any bad memory accesses before it up and dies. Some kind of deep memory corruption at play here, but no idea from where.
Turned out to be infinite recursion, which eventually blew the frame stack. Fixed for Evolution 3.7.91 and 3.6.4 in: http://git.gnome.org/browse/evolution/commit/?id=ca30703f70b56e91afa84ccb41ac02fbe87fd0df http://git.gnome.org/browse/evolution/commit/?h=gnome-3-6&id=881533927325432a0bab7eabea3a1d4008b5bcff