4442 – vcalendar segfault if in invitation email and switch to another folder

Bug 4442 - vcalendar segfault if in invitation email and switch to another folder

Summary: vcalendar segfault if in invitation email and switch to another folder

Status:	RESOLVED FIXED

Alias:	None

Product:	Claws Mail
Classification:	Unclassified
Component:	Plugins/vCalendar (show other bugs)
Version:	4.0.0
Hardware:	PC Linux

Importance:	P3 normal
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2021-02-05 00:01 UTC by GZU
Modified:	2022-01-19 16:31 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description GZU 2021-02-05 00:01:29 UTC

Hi,
I thought this had been fixed, perhaps a regression, recompiled claws this morning.

[ 3816.916723] claws-mail[3420]: segfault at 88 ip 00007f0510f9cfa8 sp 00007fff73a7b530 error 4 in vcalendar.so[7f0510f89000+39000]
[ 3816.916732] Code: 1f 00 f3 0f 1e fa 55 31 c0 53 48 89 fb 48 83 ec 08 e8 ec b7 ff ff 48 8d 3d 05 c9 01 00 48 89 c6 e8 fd ce ff ff 48 85 c0 74 09 <48> 39 83 88 00 00 00 74 0f 48 83 c4 08 5b 5d c3 0f 1f 84 00 00 00


vcal_folder.c:502:fetching
vcal_folder.c:505:no uri!
vcal_folder.c:502:fetching
vcal_folder.c:505:no uri!
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s002ms
vcal_folder.c:1196:exporting calendar

** (claws-mail:497508): WARNING **: 10:59:29.124: Can't get XML DTD in /home/george/.claws-mail/vcalendar/internal.ics.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.124: xml_parse_next_tag(): Can't parse next tag  in /home/george/.claws-mail/vcalendar/internal.ics.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.124: no node

** (claws-mail:497508): WARNING **: 10:59:29.135: xml_parse_next_tag(): Can't parse next tag  in /home/george/.claws-mail/vcalendar/internal.ifb.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.135: no node

** (claws-mail:497508): WARNING **: 10:59:29.167: Can't get XML DTD in /home/george/.claws-mail/vcalendar/internal.ics.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.167: xml_parse_next_tag(): Can't parse next tag  in /home/george/.claws-mail/vcalendar/internal.ics.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.167: no node

** (claws-mail:497508): WARNING **: 10:59:29.177: xml_parse_next_tag(): Can't parse next tag  in /home/george/.claws-mail/vcalendar/internal.ifb.backup.20170209

** (claws-mail:497508): WARNING **: 10:59:29.177: no node
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s004ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s004ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s004ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s004ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s002ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
file-utils.c:58:TIMING safe_fclose : 0s001ms
vcal_meeting_gtk.c:2078:DTSTART:20210204T000000
DTEND:20220204T235959
file-utils.c:58:TIMING safe_fclose : 0s002ms
vcal_folder.c:1210:exporting freebusy
vcalendar.c:867:TIMING vcal_viewer_show_mimepart : 1s270ms
summaryview.c:3808:TIMING summary_display_msg_full : 1s360ms
summaryview.c:1668:
summaryview.c:1673:called inc_unlock (lock count 0)
summaryview.c:1674:TIMING summary_show : 1s391ms
folder.c:2603:Total cache memory usage: 54785
folderview.c:2384:TIMING folderview_selected : 2s398ms
folderview.c:2260:newly selected 0x560e6d5edd80, opened 0x560e6d5edd80
folderview.c:2264:TIMING folderview_selected : 0s000ms
folderview.c:2260:newly selected 0x560e6d5cef20, opened 0x560e6d5edd80
summaryview.c:1278:called inc_lock (lock count 1)
summaryview.c:1352:empty folder ((nil) (null) (nil) 0)
mimeview.c:864:text/calendar
vcalendar.c:253:vcal_viewer_clear_viewer
vcalendar.c:258:unlinking /home/george/.claws-mail/mimetmp/00000000.mimetmp
vcalendar.c:244:vcal_viewer_get_widget
vcalendar.c:838:vcal_viewer_show_mimepart : /home/george/.claws-mail/imapcache/outlook.office365.com/u4444016@anu.edu.au/Trash/35436
vcalendar.c:253:vcal_viewer_clear_viewer
vcalendar.c:227:creating /home/george/.claws-mail/mimetmp/00000001.mimetmp
vcal_folder.c:2188:Converting DTSTART to UTC.
vcal_folder.c:2204:Converting DTEND to UTC.
Segmentation fault (core dumped)

Comment 1 GZU 2021-02-05 00:49:15 UTC

More information,

This is a cancellation email with no action visible at the bottom of the email.
I've tested with invitations with actions and they don't seem to cause the segfault.

Comment 2 Paul 2021-02-05 14:21:52 UTC

does not crash here

Comment 3 GZU 2021-02-06 01:09:29 UTC

Don't know if below is of any use, first time using gdb.
Seems to bit of an edge case so can be ignored.

Thread 7 (Thread 0x7fffd920d700 (LWP 4439)):
#0  0x00007ffff54742fc in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007ffff31aa9eb in mailsem_internal_wait () from /lib64/libetpan.so.20
#2  0x000055555586b1f1 in thread_run (data=0x555555c934b0) at etpan-thread-manager.c:320
#3  0x00007ffff546e14a in start_thread () from /lib64/libpthread.so.0
#4  0x00007ffff2ea8f23 in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7fffda190700 (LWP 4435)):
#0  0x00007ffff2e9dca1 in poll () from /lib64/libc.so.6
#1  0x00007ffff3b399b6 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#2  0x00007ffff3b39d72 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#3  0x00007ffff435855a in gdbus_shared_thread_func () from /lib64/libgio-2.0.so.0
#4  0x00007ffff3b61d4a in g_thread_proxy () from /lib64/libglib-2.0.so.0
#5  0x00007ffff546e14a in start_thread () from /lib64/libpthread.so.0
#6  0x00007ffff2ea8f23 in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7fffda991700 (LWP 4434)):
#0  0x00007ffff2e9dca1 in poll () from /lib64/libc.so.6
#1  0x00007ffff3b399b6 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#2  0x00007ffff3b39ae0 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3  0x00007ffff3b39b31 in glib_worker_main () from /lib64/libglib-2.0.so.0
#4  0x00007ffff3b61d4a in g_thread_proxy () from /lib64/libglib-2.0.so.0
#5  0x00007ffff546e14a in start_thread () from /lib64/libpthread.so.0
#6  0x00007ffff2ea8f23 in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7ffff7faddc0 (LWP 4430)):
#0  0x00007fffb8e43fa8 in vcalendar_refresh_folder_contents (item=0x0) at vcalendar.c:928
#1  0x00007fffb8e44999 in vcalviewer_display_event (vcalviewer=0x555556632fa0, event=0x555556654260) at vcalendar.c:497
#2  0x00007fffb8e44de6 in vcalviewer_get_request_values (vcalviewer=0x555556632fa0, mimeinfo=<optimized out>, is_todo=<optimized out>)
    at vcalendar.c:678
#3  0x00007fffb8e45153 in vcalviewer_get_event (mimeinfo=0x555555d17910, vcalviewer=0x555556632fa0) at vcalendar.c:809
#4  vcal_viewer_show_mimepart (_mimeviewer=0x555556632fa0, file=<optimized out>, mimeinfo=0x555555d17910) at vcalendar.c:846
#5  0x0000555555732e2a in mimeview_show_part (mimeview=mimeview@entry=0x5555560d7c70, partinfo=partinfo@entry=0x555555d17910) at mimeview.c:950
#6  0x0000555555733032 in mimeview_selected (selection=<optimized out>, mimeview=0x5555560d7c70) at mimeview.c:1489
#7  0x00007ffff3e15616 in _g_closure_invoke_va () from /lib64/libgobject-2.0.so.0
#8  0x00007ffff3e31a4c in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
#9  0x00007ffff3e32526 in g_signal_emit_by_name () from /lib64/libgobject-2.0.so.0
#10 0x00007ffff721b849 in gtk_tree_view_row_deleted () from /lib64/libgtk-3.so.0
#11 0x00007ffff3e153bd in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#12 0x00007ffff3e28945 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
#13 0x00007ffff3e31a06 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
#14 0x00007ffff3e32043 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#15 0x00007ffff7209279 in gtk_tree_store_remove () from /lib64/libgtk-3.so.0
#16 0x00007ffff7209420 in gtk_tree_store_clear_traverse () from /lib64/libgtk-3.so.0
#17 0x00007ffff72093c5 in gtk_tree_store_clear_traverse () from /lib64/libgtk-3.so.0
#18 0x00007ffff72093c5 in gtk_tree_store_clear_traverse () from /lib64/libgtk-3.so.0
#19 0x00007ffff72093c5 in gtk_tree_store_clear_traverse () from /lib64/libgtk-3.so.0
#20 0x00007ffff720a83e in gtk_tree_store_clear () from /lib64/libgtk-3.so.0
#21 0x000055555573320e in mimeview_clear (mimeview=0x5555560d7c70) at mimeview.c:999
#22 mimeview_clear (mimeview=0x5555560d7c70) at mimeview.c:986
#23 0x00005555557cb938 in summary_clear_all (summaryview=summaryview@entry=0x55555612d540) at summaryview.c:1735
#24 0x00005555557d085d in summary_show (summaryview=0x55555612d540, item=0x0, avoid_refresh=<optimized out>) at summaryview.c:1360
#25 0x00005555556e5e8a in folderview_close_opened (folderview=<optimized out>, dirty=<optimized out>) at folderview.c:2232
#26 0x00005555556e60e3 in folderview_selected (ctree=<optimized out>, row=<optimized out>, column=<optimized out>, folderview=<optimized out>)
    at folderview.c:2295
#27 0x00007ffff3e153bd in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#28 0x00007ffff3e28945 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
--Type <RET> for more, q to quit, c to continue without paging--
#29 0x00007ffff3e31a06 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
#30 0x00007ffff3e32043 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#31 0x000055555588b11c in gtk_cmctree_select (ctree=ctree@entry=0x555555f86430, node=0x555555e78140) at gtkcmctree.c:3862
#32 0x000055555588b662 in real_unselect_all (clist=0x555555f86430) at gtkcmctree.c:2839
#33 0x00005555558abf8e in gtk_sctree_real_unselect_all (clist=0x555555f86430) at gtksctree.c:796
#34 0x00005555558aa202 in select_row (sctree=sctree@entry=0x555555f86430, row=1, col=0, state=<optimized out>, _node=_node@entry=0x0)
    at gtksctree.c:385
#35 0x00005555558acc4f in gtk_sctree_button_press (widget=<optimized out>, event=0x55555659fbc0) at gtksctree.c:558
#36 0x00007ffff70e3dfb in _gtk_marshal_BOOLEAN__BOXED () from /lib64/libgtk-3.so.0
#37 0x00007ffff3e153bd in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#38 0x00007ffff3e2819d in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
#39 0x00007ffff3e3106b in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
#40 0x00007ffff3e32043 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#41 0x00007ffff7231244 in gtk_widget_event_internal () from /lib64/libgtk-3.so.0
#42 0x00007ffff70e0d16 in propagate_event () from /lib64/libgtk-3.so.0
#43 0x00007ffff70e2edb in gtk_main_do_event () from /lib64/libgtk-3.so.0
#44 0x00007ffff6be2679 in _gdk_event_emit () from /lib64/libgdk-3.so.0
#45 0x00007ffff6c14016 in gdk_event_source_dispatch () from /lib64/libgdk-3.so.0
#46 0x00007ffff3b3967d in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#47 0x00007ffff3b39a48 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#48 0x00007ffff3b39d72 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#49 0x00007ffff70e1f3d in gtk_main () from /lib64/libgtk-3.so.0
#50 0x000055555568609f in main (argc=<optimized out>, argv=<optimized out>) at main.c:1648
(gdb)

Comment 4 Paul 2022-01-19 16:31:51 UTC

with some further information I was able to reproduce the bug. It is now fixed in git.

Note You need to log in before you can comment on or make changes to this bug.