Bug 2656

Summary: crash: claws-mail assert failure when using SSL or STARTTLS with SMTP
Product: Claws Mail (GTK 2) Reporter: John Beaumont <john.beaumont>
Component: SMTPAssignee: users
Status: RESOLVED INVALID    
Severity: normal CC: kardan, mones
Priority: P3    
Version: 3.8.0   
Hardware: PC   
OS: Linux   
URL: https://bugs.launchpad.net/ubuntu/+source/claws-mail/+bug/900656
See Also: http://bugs.debian.org/698460
Attachments:
Description Flags
gdb backtrace none

Description John Beaumont 2012-05-03 09:32:48 UTC
Created attachment 1109 [details]
gdb backtrace

OS: Xubuntu 12.04 32bit i386

Version 3.8.0

When I try to send mail using any kind of encryption claws mail crashes. With no encryption everything is great.

My encrypted connection via IMAP SSL is working just fine however. So the problem seems specific to SMTP (not tried POP3).

Text from console:
~$ claws-mail
WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-XcGw3m/pkcs11: No such file or directory

Claws-Mail-WARNING **: can't open signature file: /home/john/.signature

claws-mail: /build/buildd/cairo-1.10.2/src/cairo-surface.c:1287: cairo_surface_set_device_offset: Assertion `status == CAIRO_STATUS_SUCCESS' failed.
Aborted (core dumped)

Note the first two lines of output happen on start and are not related to the crash. I have also attached a backtrace via GDB. If you need any further information from me I'd be happy to supply it.

I have reported this bug #900656 on Ubuntu launchpad but after 5 months and no reply I realise it's probably better to go upstream :)
Comment 1 Paul 2012-05-04 06:06:56 UTC
I'm using the same version of ubuntu, I don't have any problems, so it must be down to your particular usage. (Which is why you didn't have much of a response, I suppose: no-one else gets this problem)

What are your settings?
I guess this is self-compiled?
If so, what version of GnuTLS are you building with?
Comment 2 John Beaumont 2012-05-04 09:42:13 UTC
Which settings do you mean exactly Paul?.

Machine is stock Xubuntu updated to final release. Claws-mail installed is from the Ubuntu repo.

It is really odd how SSL SMTP is causing issues with cairo.  According to cairo-surface.c:
cairo_surface_set_device_offset
Sets an offset that is added to the device coordinates determined by the CTM when drawing to @surface.

I don't understand how the two might cause issues with one another.

Since it might be a display thing I tried disabling the send dialog and changing my Xfce theme, but no luck.
Comment 3 Paul 2012-05-06 14:19:07 UTC
I'm talking about your SSL settings.
I'm using ubuntu 12.04, SMTP with SSL. I do see the benign gnome-keyring warning message, but I don't see any cairo warning/error.

Despite what "Launchpad janitor" claims, this does seem to be something particular to your setup, and more than likely not a Claws bug, but in one of the library dependencies.
Comment 4 Paul 2012-05-06 14:32:02 UTC
doing a quick search for this cairo error message confirms my suspicions (or at least make me more confident) that the bug is in cairo/pango
Comment 5 John Beaumont 2012-05-08 15:56:14 UTC
Agreed. I think it is likely this bug, also affecting other software such as pidgin and chromium.

https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/887850
Comment 6 Paul 2013-04-12 17:17:57 UTC
*** Bug 2907 has been marked as a duplicate of this bug. ***
Comment 7 kardan 2013-04-12 19:52:36 UTC
Ok, we have an interesting concidence here. So far I do not understand, why a gtk library causes a SEGFAULT when I send mails over an encrypted connection.

are there any plans to fix this like catching the failing state?

citing from the linked ticket:

> The developers of the other software blame cairo, and the developer of cairo
> blames the other software.
That happens more than you'd think ;)
But in this case, the particular error message and the resulting abort is due to the application (or a library it's using) calling cairo_surface_set_device_offset() when the cairo context is already in an error state.
So unless it's a memory corruption or something similar in cairo, checking for the error state (or not causing it in the first place) is definitely something the application developers should look into.
Comment 8 kardan 2013-04-14 12:20:22 UTC
> I suppose: no-one else gets this problem
So far this has reported twice, by John and me.

> I'm talking about your SSL settings.
> I'm using ubuntu 12.04, SMTP with SSL.
Can you please explain, how these can be changed to make claws work?

Which version of libcairo2 are you using known to work?
cm 3.8.1-2 depends on libcairo2 (>= 1.2.4), but 1.12.2 is installed here which makes me wonder.

Affected are at least
ii  libcairo2                              1.10.2-6.1ubuntu3
ii  libcairo2:i386                         1.12.2-1ubuntu2.2

Honestly i strongly disagree that this bug is RESOLVED INVALID, as claws crashes because of a claimed bug in a display library. I trustworthy application would silently ignore this and send the mail as intended.
Instead it is not possible to send mails via ssl. Do you think to disable encryption is the solution?

Somebody said using libgcrypt11 1.4.3 would work, i dont know if this suitable.

I will test with latest cairo as soon as i find time.
Comment 9 Paul 2013-04-14 12:28:19 UTC
I'm using libcairo 1.12.2 and libgcrypt 1.5.0
Comment 10 kardan 2013-04-14 12:41:54 UTC
thanks, same for me then. could we please try to find out, what the real problem is.

> What are your settings?
"Use SSL for SMTL connection"

> I guess this is self-compiled?
3.8.1 from package.

> If so, what version of GnuTLS are you building with?
2.12.14-5ubuntu4.2

>>> so it must be down to your particular usage.
>> Which settings do you mean exactly Paul?.
> I'm talking about your SSL settings
I do not see how to influence this bug with my settings/usage.

logically, what is the connection of SSL and the UI?
Comment 11 Paul 2013-04-14 12:49:16 UTC
Can you upgrade to the latest Claws Mail release, 3.9.0?
Comment 12 kardan 2013-04-14 13:07:39 UTC
pretty much the same :/

$ claws-mail -v
Claws Mail version 3.9.0
claws-mail: /build/buildd/cairo-1.12.2/src/cairo-surface.c:1591: cairo_surface_set_device_offset: Zusicherung »status == CAIRO_STATUS_SUCCESS« nicht erfüllt.
Abgebrochen (Speicherabzug geschrieben)
Comment 13 kardan 2013-04-14 13:48:35 UTC
Please help to bring this forward.

> Let me quote the (shortened) source:
> 
> void
> cairo_surface_set_device_offset (cairo_surface_t *surface, double
> x_offset, double y_offset) {
>     cairo_status_t status;
> 
>     if (unlikely (surface->status))
>  return;
> 
> [...]
> 
>     surface->device_transform.x0 = x_offset;
>     surface->device_transform.y0 = y_offset;
> 
>     surface->device_transform_inverse = surface->device_transform;
>     status = cairo_matrix_invert (&surface->device_transform_inverse);
>     /* should always be invertible unless given pathological input */
>     assert (status == CAIRO_STATUS_SUCCESS);
> 
> [...]
> }
> 
> You can see different things:
> - This function doesn't do anything on error surface (=> cairo
> correctly ignores operations on error surfaces)
> - The only assert() in there has a comment which says "it's virtually
> impossible for this to fail"
> 
> I agree with this assert(). The device_transform should always be a
> translation matrix and those are always invertible. So unless I missed
> something, this leaves "random memory corruption" as the most likely
> case for this assert() to trigger (and debugging random memory
> corruption is hard and most likely not a bug in cairo).
> 
> Also, this is why I asked for someone to ask gdb which values the
> device_transform contains after a crash.
(https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/887850/comments/34)

I sent my gdb output to him and find him baffled:

> this looks a lot like what Sergio showed before and I still have no
> clue what this would mean. The device_transform is all set to -NaN
> which is quite weird. Sadly, this doesn't look like memory
> corruption. No idea how to figure out where those NaNs are coming
> from. Sorry.

He referred to
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/887850/comments/41

> What Chris meant to say was this:
> This problem can only happen with broken applications.
> Cairo 1.8 was written in a way to cope with these breakages. But
> somewhere along the way we lost that feature, because we don't test
> broken applications (and I don't think we intend to).
> 
> But in this case, the particular error message and the resulting abort
> is due to the application (or a library it's using) calling
> cairo_surface_set_device_offset() when the cairo context is already in
> an error state.

Can you tell how to check if this is true via gdb or somethin else?
Comment 14 Paul 2013-04-14 14:30:14 UTC
Claws Mail does not call cairo_surface_set_device_offset()
Comment 15 kardan 2013-04-15 00:55:53 UTC
>Claws Mail does not call cairo_surface_set_device_offset()
true, it's gdk_window_begin_paint_region ()

#4  0x00bf4147 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6
#5  0x00705f0a in cairo_surface_set_device_offset ()
   from /usr/lib/i386-linux-gnu/libcairo.so.2
#6  0x00615194 in gdk_window_begin_paint_region ()
   from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#7  0x002ac0f3 in gtk_main_do_event ()
   from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#8  0x0061a2bf in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#9  0x0064ccd3 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#10 0x00614dc4 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#11 0x00617218 in gdk_window_process_updates ()
   from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#12 0x08267a7c in gtkut_widget_draw_now (widget=0x850fa58) at gtkutils.c:661

The problem is not in cairo_surface_set_device_offset(). The state is
already corrupt before. And before this function is called, pretty much anything could be going on.

One start for debugging is to add 

  cairo_matrix_t m = surface->device_transform;
  cairo_status_t status = cairo_matrix_invert(&m);
  assert(status == CAIRO_STATUS_SUCCESS);

to gtkut_widget_draw_now () before 569:

 gdk_window_process_updates(gtk_widget_get_window(widget), FALSE);

as this is essentially what cairo_surface_set_device_offset() does when it fails. (http://git.claws-mail.org/?p=claws.git;a=blob;f=src/gtk/gtkutils.c#l656)
Comment 16 Ricardo Mones 2013-04-17 10:31:37 UTC
FWIW this is fixed on Debian with libcairo2 version 1.12.2-3
See http://bugs.debian.org/698460 for details.
Comment 17 kardan 2013-04-18 07:28:51 UTC
ii  libcairo2:i386                            1.12.14-0ubuntu1

claws-mail: /build/buildd/cairo-1.12.14/src/cairo-surface.c:1721: cairo_surface_set_device_offset: Zusicherung »status == CAIRO_STATUS_SUCCESS« nicht erfüllt.
Program received signal SIGABRT, Aborted.
0xb7fdd424 in __kernel_vsyscall ()

#4  0xb73b6927 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6
#5  0xb799e12c in INT_cairo_surface_set_device_offset (surface=0x8a6c000, x_offset=-5, y_offset=-644)
    at /build/buildd/cairo-1.12.14/src/cairo-surface.c:1721
#6  0xb7ab0e58 in gdk_window_begin_paint_region () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#7  0xb7c5d913 in gtk_main_do_event () from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#8  0xb7ab5f88 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#9  0xb7ae87b3 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#10 0xb7ab0a72 in ?? () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#11 0xb7ab2fb8 in gdk_window_process_updates () from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0


(gdb) frame 5
#5  0xb799e12c in INT_cairo_surface_set_device_offset (surface=0x8a6c000, x_offset=-5, y_offset=-644)
    at /build/buildd/cairo-1.12.14/src/cairo-surface.c:1721
1721	/build/buildd/cairo-1.12.14/src/cairo-surface.c: Datei oder Verzeichnis nicht gefunden.
(gdb) print *surface
$1 = {backend = 0xb7a45a60 <cairo_xlib_surface_backend>, device = 0x868df00, type = CAIRO_SURFACE_TYPE_XLIB, 
  content = CAIRO_CONTENT_COLOR, ref_count = {ref_count = 1}, status = CAIRO_STATUS_SUCCESS, unique_id = 789, serial = 0, 
  damage = 0x0, _finishing = 0, finished = 0, is_clear = 0, has_font_options = 0, owns_device = 1, user_data = {size = 0, 
    num_elements = 0, element_size = 12, elements = 0x0}, mime_data = {size = 0, num_elements = 0, element_size = 12, 
    elements = 0x0}, device_transform = {xx = -nan(0x8000000000000), yx = -nan(0x8000000000000), 
    xy = -nan(0x8000000000000), yy = -nan(0x8000000000000), x0 = -5, y0 = -644}, device_transform_inverse = {
    xx = -nan(0x8000000000000), yx = -nan(0x8000000000000), xy = -nan(0x8000000000000), yy = -nan(0x8000000000000), 
    x0 = -5, y0 = -644}, device_transform_observers = {next = 0x8a6c0a8, prev = 0x8a6c0a8}, x_resolution = 72, 
  y_resolution = 72, x_fallback_resolution = 300, y_fallback_resolution = 300, snapshot_of = 0x0, 
  snapshot_detach = 0x8a6c1c0, snapshots = {next = 0x8a6c0d8, prev = 0x8a6c0d8}, snapshot = {next = 0x0, prev = 0x0}, 
  font_options = {antialias = 64, subpixel_order = 48, lcd_filter = 145145976, hint_style = 1073741836, 
    hint_metrics = CAIRO_HINT_METRICS_DEFAULT, round_glyph_positions = CAIRO_ROUND_GLYPH_POS_DEFAULT}}