1843 – segfault with HTML spam message

Bug 1843 - segfault with HTML spam message

Summary: segfault with HTML spam message

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Claws Mail (GTK 2)
Classification:	Unclassified
Component:	Plugins/Gtkhtml2 Viewer (show other bugs)
Version:	3.7.1
Hardware:	PC Linux

Importance:	P3 normal
Assignee:	users

URL:	http://bugs.debian.org/cgi-bin/bugrep...

Depends on:
Blocks:

Reported:	2009-02-09 01:16 UTC by Ricardo Mones
Modified:	2009-02-20 08:59 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Ricardo Mones 2009-02-09 01:16:48 UTC

Quoting original submitter:
"
I just received a spam mail containing HTML, and that SEGFAULT'd claws-mail.
After a quick investigation, the culprit was found in gtkhtml2.so, or so it
seemed. I then added proper -dbg packages to my system to give a full Backtrace
of the fault.
"

There's a backtrace, and the triggering message at the bug's URL. Just put it (decrypted) in the inbox folder (renum if required) open it, and click the HTML mime part to display it with gtkhtml2 viewer (has to be loaded previously, of course). Crash follows.

My backtrace (amd64):
-----
#0  html_box_text_relayout (self=0x1d71320, relayout=0x1f77630)
    at htmlboxtext.c:470
	box_child = <value optimized out>
	text = <value optimized out>
	ptr = <value optimized out>
	end = <value optimized out>
	master = <value optimized out>
	width = <value optimized out>
	create_no_slave = <value optimized out>
	log_rect = {x = 1, y = 0, width = -682734447, height = 32657}
	canon_text = <value optimized out>
	canon_end = <value optimized out>
	i = <value optimized out>
#1  0x00007f91cd482688 in html_box_relayout (self=0x1d71320, 
    relayout=0x1f77630) at htmlbox.c:601
No locals.
#2  0x00007f91cd4815c3 in html_line_box_add_inlines (line=0x1f7a750, 
    relayout=0x1f77630, box=0x1d71320, next_box=0x7fffe2436da0, 
    parent=0x19d7520, iterator=0x7fffe2436e28, y=0, left_margin=0, 
    max_width=-1, float_list=0x7fffe2436d98, boxwidth=919) at htmllinebox.c:300
	real_max_width = 919
#3  0x00007f91cd48ca66 in html_box_block_create_inline_lines (self=0x19d7520, 
    relayout=0x1f77630, box=0x7fffe2436e30, iterator=0x7fffe2436e28,
    boxwidth=0x7fffe2436e40, boxheight=0x7fffe2436e44, y=0x7fffe2436e38)
    at htmlboxblock.c:174
	left_margin = 0
	max_width = -1
	next_box = <value optimized out>
	line = (HtmlLineBox *) 0x1f7a750
	state = <value optimized out>
	old_iterator = (GSList *) 0x0
	float_list = (GSList *) 0x0
	tmp = <value optimized out>
#4  0x00007f91cd48d0d0 in html_box_block_relayout (self=0x19d7520, 
    relayout=0x1f77630) at htmlboxblock.c:321
	block = (HtmlBoxBlock *) 0x19d7520
	boxheight = 375
	boxwidth = 919
#5  0x00007f91cd482688 in html_box_relayout (self=0x19d7520, 
    relayout=0x1f77630) at htmlbox.c:601
No locals.
#6  0x00007f91cd480d11 in html_line_box_add_block (line=0x1f7a7d0, 
    relayout=0x1f77630, box=0x19d7520, y=0, force_relayout=1, 
    old_margin=0x7fffe2436f3c, boxwidth=935) at htmllinebox.c:438
	cbox = (HtmlBox *) 0x1d711e0
	width = <value optimized out>
	margin_top = 0
	margin_bottom = <value optimized out>
	margin_collapse = 0
#7  0x00007f91cd48d020 in html_box_block_relayout (self=0x1d711e0, 
    relayout=0x1f77630) at htmlboxblock.c:258
	block = (HtmlBoxBlock *) 0x1d711e0
	boxheight = 391
	boxwidth = 935
#8  0x00007f91cd484d44 in html_box_root_relayout (self=0x1d711e0, 
    relayout=<value optimized out>) at htmlboxroot.c:138
No locals.
#9  0x00007f91cd482688 in html_box_relayout (self=0x1d711e0, 
    relayout=0x1f77630) at htmlbox.c:601
No locals.
#10 0x00007f91cd49d706 in html_view_relayout (view=0x1943880)
    at htmlview.c:1729
	relayout = (HtmlRelayout *) 0x1f77630
#11 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#12 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#13 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#14 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#16 0x00007f91d97ba5fd in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#17 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#21 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#22 0x00007f91d977e6d8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#23 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#24 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#25 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#26 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#27 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#28 0x00007f91d9870cd0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#29 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#30 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#31 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#32 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#33 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#34 0x00007f91d9872f78 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#35 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#36 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#37 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#38 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#39 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#40 0x00007f91d971df3f in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#41 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#42 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#43 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#44 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#45 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#46 0x00007f91d9870cd0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#47 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#48 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#49 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#50 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#51 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#52 0x00007f91d9872f62 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#53 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#54 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#55 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#56 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#57 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#58 0x00007f91d971e65b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#59 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#60 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#61 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#62 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#63 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#64 0x00007f91d9870cd0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#65 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#66 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#67 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#68 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#69 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#70 0x00007f91d9870cd0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#71 0x00007f91d775cdef in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#72 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#73 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#74 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#75 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#76 0x00007f91d988aab6 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#77 0x00007f91d775ce9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#78 0x00007f91d776f518 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#79 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#80 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#81 0x00007f91d987a95a in gtk_widget_size_allocate ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#82 0x00007f91d988af7c in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#83 0x00007f91d775ce9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#84 0x00007f91d776f8dc in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#85 0x00007f91d77710ee in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#86 0x00007f91d77715f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#87 0x00007f91d96c9f00 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#88 0x00007f91d938c82b in ?? () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#89 0x00007f91d74c778b in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#90 0x00007f91d74caf5d in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#91 0x00007f91d74cb11b in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#92 0x00007f91d975a5e1 in gtk_main_iteration ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#93 0x00007f91cd4678a5 in gtkhtml2_show_mimepart_real (_viewer=0x1d32e30)
    at gtkhtml2_viewer.c:367
	got_charset = 1
	insert_in_header = 0
	insert_all_header = 1
	fp = (FILE *) 0x1e74990
	buf = "<FONT face=Courier> </FONT>\n<DIV align=center><SPAN></SPAN><SPAN><SPAN><FONT face=Courier>\"CONGRATULAZIONI\"</FONT></SPAN></SPAN></DIV>\n<DIV align=center><FONT face=Courier><SPAN><FONT face=Courier><SP"...
	loaded = 4096
	charset = (const gchar *) 0x622e14 "UTF-8"
	messageview = (MessageView *) 0x1a2c940
	partinfo = (MimeInfo *) 0x1d30fa0
#94 0x00007f91d74c7f4b in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#95 0x00007f91d74c778b in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#96 0x00007f91d74caf5d in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#97 0x00007f91d74cb48d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#98 0x00007f91d975a737 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#99 0x00000000004df43d in main (argc=1, argv=0x7fffe243ea98) at main.c:1658
	connection = (DBusGConnection *) 0x17cf8e8
	error = (GError *) 0x0
	nm_proxy = (DBusGProxy *) 0x17c69c0
	mainwin = (MainWindow *) 0x18324c0
	folderview = (FolderView *) 0x1965be0
	icon = (GdkPixbuf *) 0x18162d0
	crash_file_present = <value optimized out>
	asked_for_migration = <value optimized out>
	start_done = <value optimized out>
	plug_list = (GSList *) 0x0
	never_ran = 0
	start = {tv_sec = 1234119530, tv_usec = 339834}
	end = {tv_sec = 1234119531, tv_usec = 39077}
	__FUNCTION__ = "main"
-----

HTH, best regards.

Comment 1 Paul 2009-02-09 08:33:41 UTC

cannot reproduce this (with the msg provided on the debian big report), therefore downsizing the 'severity'

Note You need to log in before you can comment on or make changes to this bug.