Bug #215

Segmentation fault in gtkut_text_buffer_insert_with_tag_by_name ()

Added by Remi Pointel 5 months ago. Updated 5 months ago.

Status:NewStart date:07/20/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-Spent time:-
Target version:-

Description

Hi,

I use Sylpheed version 3.4.1 on OpenBSD-current, and I have a segmentation fault:

Program received signal SIGSEGV, Segmentation fault.
0x000005f3ec20c8c5 in gtkut_text_buffer_insert_with_tag_by_name (buffer=0x5f6d318ed50, iter=0x7f7ffffbe6a0, text=0x5f5eda4e000 "", len=0, tag=0x0) at gtkutils.c:918

918 if (text[len - 1] != '\n') {

len is equal to 0 for me, don't know why.

================================================================
(gdb) r
Starting program: /usr/local/bin/sylpheed

Program received signal SIGSEGV, Segmentation fault.
0x000005f3ec20c8c5 in gtkut_text_buffer_insert_with_tag_by_name (buffer=0x5f6d318ed50, iter=0x7f7ffffbe6a0, text=0x5f5eda4e000 "", len=0, tag=0x0) at gtkutils.c:918

(gdb) bt
#0 0x000005f3ec20c8c5 in gtkut_text_buffer_insert_with_tag_by_name (buffer=0x5f6d318ed50, iter=0x7f7ffffbe6a0, text=0x5f5eda4e000 "", len=0, tag=0x0) at gtkutils.c:918
#1 0x000005f3ec174166 in textview_make_clickable_parts (textview=0x5f6abe97f80, fg_tag=0x0, uri_tag=0x5f3ec334305 "link", linebuf=0x5f5eda4e000 "") at textview.c:1522
#2 0x000005f3ec17433f in textview_write_line (textview=0x5f6abe97f80, str=0x5f6e8067e00 "", conv=0x0) at textview.c:1577
#3 0x000005f3ec1736e4 in textview_show_html (textview=0x5f6abe97f80, fp=0x5f6abcfc310 <usual+304>, conv=0x5f62d549c40) at textview.c:1245
#4 0x000005f3ec1735d8 in textview_write_body (textview=0x5f6abe97f80, mimeinfo=0x5f6e379d500, fp=0x5f6abcfc278 <usual+152>, charset=0x5f6e5f25a70 "UTF-8") at textview.c:1217
#5 0x000005f3ec171763 in textview_show_part (textview=0x5f6abe97f80, mimeinfo=0x5f6e379d500, fp=0x5f6abcfc278 <usual+152>) at textview.c:647
#6 0x000005f3ec179982 in mimeview_show_message_part (mimeview=0x5f62d91e400, partinfo=0x5f6e379d500) at mimeview.c:564
#7 0x000005f3ec17a37e in mimeview_selection_changed (selection=0x5f6ba73ef40, mimeview=0x5f62d91e400) at mimeview.c:814
#8 0x000005f6e568c19d in g_closure_invoke_va () from /usr/local/lib/libgobject-2.0.so.4000.0
#9 0x000005f6e56a459f in g_signal_emit_valist () from /usr/local/lib/libgobject-2.0.so.4000.0
#10 0x000005f6e56a57a1 in g_signal_emit () from /usr/local/lib/libgobject-2.0.so.4000.0
#11 0x000005f681218e5c in gtk_tree_view_real_set_cursor () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#12 0x000005f68122191b in gtk_tree_view_button_press () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#13 0x000005f681118abf in _gtk_marshal_BOOLEAN
_BOXED () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#14 0x000005f6e568c423 in g_closure_invoke () from /usr/local/lib/libgobject-2.0.so.4000.0
#15 0x000005f6e56a2eda in signal_emit_unlocked_R () from /usr/local/lib/libgobject-2.0.so.4000.0
#16 0x000005f6e56a4b53 in g_signal_emit_valist () from /usr/local/lib/libgobject-2.0.so.4000.0
#17 0x000005f6e56a57a1 in g_signal_emit () from /usr/local/lib/libgobject-2.0.so.4000.0
#18 0x000005f68123674f in gtk_widget_event_internal () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#19 0x000005f681111419 in gtk_propagate_event () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#20 0x000005f68111275f in gtk_main_do_event () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#21 0x000005f67ca76c80 in gdk_event_dispatch () from /usr/local/lib/libgdk-x11-2.0.so.2400.0
#22 0x000005f5f14d5f1f in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.4000.0
#23 0x000005f5f14d7f1e in g_main_context_iterate () from /usr/local/lib/libglib-2.0.so.4000.0
#24 0x000005f5f14d8eb5 in g_main_loop_run () from /usr/local/lib/libglib-2.0.so.4000.0
#25 0x000005f681112b31 in gtk_main () from /usr/local/lib/libgtk-x11-2.0.so.2400.0
#26 0x000005f3ec1467e2 in main (argc=1, argv=0x7f7ffffc3ab8) at main.c:387

(gdb) p text
$1 = (const gchar *) 0x5f5eda4e000 ""
(gdb) p strlen(text)
$2 = 0
(gdb) p len
$3 = 0
(gdb) p text[len-1]
Cannot access memory at address 0x5f5eda4dfff ================================================================

With the patch attached it seems to work fine, do you need more information?

Cheers,

Remi.

patch-src_gtkutils_c (1.08 KB) Remi Pointel, 07/20/2014 11:25 PM

mail.html Magnifier (189 KB) Remi Pointel, 07/23/2014 09:18 PM

History

#1 Updated by Hiroyuki Yamamoto 5 months ago

Hello,

It seems that Sylpheed crashed with a HTML mail.
Can you also attach the mail that caused crash?

#2 Updated by Remi Pointel 5 months ago

Oh yes sorry, I forgot to indicate that it segfaults only on HTML mail.

Sylpheed crashes with the attached mail.

Also available in: Atom PDF