135360 – kmail crashes when reading the exact specified spam message

Bug 135360 - kmail crashes when reading the exact specified spam message

Summary: kmail crashes when reading the exact specified spam message

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kmail
Classification:	Unmaintained
Component:	general (show other bugs)
Version:	1.9.1
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-10-09 20:15 UTC by Mariusz Kozlowski
Modified:	2008-02-17 02:24 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
the spam message that causes kmail to crash (13.56 KB, text/plain) 2006-10-09 20:16 UTC, Mariusz Kozlowski	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mariusz Kozlowski 2006-10-09 20:15:20 UTC

Version:           1.9.1 (using KDE 3.5.2, Gentoo)
Compiler:          gcc version 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)
OS:                Linux (i686) release 2.6.18

Hi, I got spam folder to which messages that contain 'X-Spam-Flag: YES' are moved. Today I noticed that one single spam message causes reproducible kmail crash _every_ time I click on it and kmail tries to display it. Not sure what causing this. Maybe some (headers/html/gif) parser error or so ... anyway this is raw message copy from my ~/Mail/spam/cur/ directory: http://tuxland.pl/spam-causing-kmail-to-crash.mail . The way to reproduce it ... copy the message to your Mail dir and (maybe ?) you'll see the crash :-) If not or if you simply need more information feel free to mail me. Mariusz.

Comment 1 Mariusz Kozlowski 2006-10-09 20:16:39 UTC

Created attachment 18069 [details]
the spam message that causes kmail to crash

Comment 2 Dave Rowe 2006-10-09 20:30:02 UTC

Do you happen to have -debug enabled?  Can you provide the backtrace from the crash handler?  Prefer pasted in comments rather than attachment, if you can.

Comment 3 Mariusz Kozlowski 2006-10-09 20:37:07 UTC

Unfortunately -debug was not enabled during compilation. Funny thing is that almost every time it crashes the backtrace is a bit different so I'm posting a few backtraces ... maybe you'll make something out of it.

--------------------------------------------------------------------------------
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1247721808 (LWP 16726)]
[New Thread -1275081824 (LWP 16730)]
[New Thread -1266689120 (LWP 16729)]
[New Thread -1258296416 (LWP 16728)]
[New Thread -1249903712 (LWP 16727)]
[KCrash handler]
#9  0xb5aad911 in free () from /lib/libc.so.6
#10 0xb5aaf1be in malloc () from /lib/libc.so.6
#11 0xb62587e6 in QTextEngine::QTextEngine () from /usr/qt/3/lib/libqt-mt.so.3
#12 0xb613681a in QPainter::drawText () from /usr/qt/3/lib/libqt-mt.so.3
#13 0xb7947001 in non-virtual thunk to khtml::RenderPartObject::layout() ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#14 0x083288e8 in ?? ()
#15 0x00000060 in ?? ()
#16 0x000000ac in ?? ()
#17 0xbfd349e0 in ?? ()
#18 0x00000000 in ?? ()
--------------------------------------------------------------------------------
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1248647504 (LWP 16346)]
[New Thread -1275819104 (LWP 16350)]
[New Thread -1267426400 (LWP 16349)]
[New Thread -1259033696 (LWP 16348)]
[New Thread -1250640992 (LWP 16347)]
[KCrash handler]
#9  0xb6094536 in QImageDecoder::decode () from /usr/qt/3/lib/libqt-mt.so.3
#10 0xb60e167a in QMoviePrivate::flushBuffer ()
   from /usr/qt/3/lib/libqt-mt.so.3
#11 0xb60e2339 in QMoviePrivate::refresh () from /usr/qt/3/lib/libqt-mt.so.3
#12 0xb60e3305 in QMoviePrivate::qt_invoke () from /usr/qt/3/lib/libqt-mt.so.3
#13 0xb60eaa07 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#14 0xb60ea84e in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#15 0xb64126b5 in QTimer::timeout () from /usr/qt/3/lib/libqt-mt.so.3
#16 0xb610a5ed in QTimer::event () from /usr/qt/3/lib/libqt-mt.so.3
#17 0xb6091a52 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#18 0xb6090ec4 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#19 0xb66c98d2 in KApplication::notify ()
   from /usr/kde/3.5/lib/libkdecore.so.4
#20 0xb6081ba9 in QEventLoop::activateTimers ()
   from /usr/qt/3/lib/libqt-mt.so.3
#21 0xb603e3ba in QEventLoop::processEvents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#22 0xb60a2e02 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#23 0xb60a2cbe in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#24 0xb6091c59 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#25 0x0804a427 in ?? ()
#26 0xbfeb1a40 in ?? ()
#27 0xbfeb1950 in ?? ()
#28 0x00000000 in ?? ()
--------------------------------------------------------------------------------
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1248663888 (LWP 16704)]
[New Thread -1275835488 (LWP 16708)]
[New Thread -1267442784 (LWP 16707)]
[New Thread -1259050080 (LWP 16706)]
[New Thread -1250657376 (LWP 16705)]
[KCrash handler]
#9  0xb782192b in QValueVectorPrivate<QPoint>::growAndCopy ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#10 0xb783f879 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#11 0xb783d184 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#12 0xb78391a6 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#13 0xb7810ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#14 0xb783f906 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#15 0xb783d184 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#16 0xb78391a6 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#17 0xb7810ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#18 0xb781089a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#19 0xb7810ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#20 0xb781089a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#21 0xb7810ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#22 0xb781089a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#23 0xb783289d in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#24 0xb7832678 in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#25 0xb78324c9 in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#26 0xb77378ff in KHTMLView::drawContents ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#27 0xb61f69f9 in QScrollView::drawContentsOffset ()
   from /usr/qt/3/lib/libqt-mt.so.3
#28 0xb61f55f6 in QScrollView::viewportPaintEvent ()
   from /usr/qt/3/lib/libqt-mt.so.3
#29 0xb61f5133 in QScrollView::eventFilter () from /usr/qt/3/lib/libqt-mt.so.3
#30 0xb773ca77 in KHTMLView::eventFilter ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#31 0xb60e448b in QObject::activate_filters ()
   from /usr/qt/3/lib/libqt-mt.so.3
#32 0xb60e43e7 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#33 0xb611a6c2 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#34 0xb608da52 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#35 0xb608cec4 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#36 0xb66c58d2 in KApplication::notify ()
   from /usr/kde/3.5/lib/libkdecore.so.4
#37 0xb60592e6 in QWidget::repaint () from /usr/qt/3/lib/libqt-mt.so.3
#38 0xb61f692a in QScrollView::repaintContents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#39 0xb61f67bf in QScrollView::repaintContents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#40 0xb7743e64 in KHTMLView::timerEvent () from /usr/kde/3.5/lib/libkhtml.so.4
#41 0xb60e43b4 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#42 0xb611a6c2 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#43 0xb608da52 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#44 0xb608cec4 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#45 0xb66c58d2 in KApplication::notify ()
   from /usr/kde/3.5/lib/libkdecore.so.4
#46 0xb607dba9 in QEventLoop::activateTimers ()
   from /usr/qt/3/lib/libqt-mt.so.3
#47 0xb603a3ba in QEventLoop::processEvents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#48 0xb609ee02 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#49 0xb609ecbe in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#50 0xb608dc59 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#51 0x0804a427 in ?? ()
#52 0xbfa80610 in ?? ()
#53 0xbfa80520 in ?? ()
#54 0x00000000 in ?? ()
--------------------------------------------------------------------------------
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1247721808 (LWP 16715)]
[New Thread -1274893408 (LWP 16719)]
[New Thread -1266500704 (LWP 16718)]
[New Thread -1258108000 (LWP 16717)]
[New Thread -1249715296 (LWP 16716)]
[KCrash handler]
#9  0xb617a7ab in QColor::QColor () from /usr/qt/3/lib/libqt-mt.so.3
#10 0xb7926a6b in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#11 0xb78f6b36 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#12 0xb7925906 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#13 0xb7923184 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#14 0xb791f1a6 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#15 0xb78f6ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#16 0xb7925906 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#17 0xb7923184 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#18 0xb791f1a6 in QPtrVector<khtml::RenderLayer>::deleteItem ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#19 0xb78f6ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#20 0xb78f689a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#21 0xb78f6ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#22 0xb78f689a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#23 0xb78f6ae7 in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#24 0xb78f689a in QMemArray<khtml::BidiIterator>::detach ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#25 0xb79187a4 in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#26 0xb7918678 in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#27 0xb79184c9 in QPtrVector<khtml::InlineTextBox>::~QPtrVector ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#28 0xb781d8ff in KHTMLView::drawContents ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#29 0xb62dc9f9 in QScrollView::drawContentsOffset ()
   from /usr/qt/3/lib/libqt-mt.so.3
#30 0xb62db5f6 in QScrollView::viewportPaintEvent ()
   from /usr/qt/3/lib/libqt-mt.so.3
#31 0xb62db133 in QScrollView::eventFilter () from /usr/qt/3/lib/libqt-mt.so.3
#32 0xb7822a77 in KHTMLView::eventFilter ()
   from /usr/kde/3.5/lib/libkhtml.so.4
#33 0xb61ca48b in QObject::activate_filters ()
   from /usr/qt/3/lib/libqt-mt.so.3
#34 0xb61ca3e7 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#35 0xb62006c2 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#36 0xb6173a52 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#37 0xb6172ec4 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#38 0xb67ab8d2 in KApplication::notify ()
   from /usr/kde/3.5/lib/libkdecore.so.4
#39 0xb613f2e6 in QWidget::repaint () from /usr/qt/3/lib/libqt-mt.so.3
#40 0xb62dc92a in QScrollView::repaintContents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#41 0xb62dc7bf in QScrollView::repaintContents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#42 0xb7829e64 in KHTMLView::timerEvent () from /usr/kde/3.5/lib/libkhtml.so.4
#43 0xb61ca3b4 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#44 0xb62006c2 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#45 0xb6173a52 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#46 0xb6172ec4 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#47 0xb67ab8d2 in KApplication::notify ()
   from /usr/kde/3.5/lib/libkdecore.so.4
#48 0xb6163ba9 in QEventLoop::activateTimers ()
   from /usr/qt/3/lib/libqt-mt.so.3
#49 0xb61203ba in QEventLoop::processEvents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#50 0xb6184e02 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#51 0xb6184cbe in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#52 0xb6173c59 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#53 0x0804a427 in ?? ()
#54 0xbf993d20 in ?? ()
#55 0xbf993c30 in ?? ()
#56 0x00000000 in ?? ()

Comment 4 Martin Koller 2006-10-29 15:36:34 UTC

I can reproduce it with KDE-3.5.5; When I do not show attachments, I can save the attachment to a file, which is a GIF image.
It seems that there is a bug in Qt, because when trying to view that GIF, a lot of other KDE apps also crash, e.g. kolourpaint, konqueror, even the GIMP GIF plugin crashes (/opt/gnome/lib/gimp/2.0/plug-ins/gifload: fatal error: Segmentation fault)
kuickshow can open it but I see that the bottom part of the image is somehow destroyed.

Comment 5 Martin Koller 2006-10-29 15:51:15 UTC

I can also reproduce this with a trivial Qt testprogram, so I reported this to the Trolls.

Comment 6 Thomas McGuire 2008-02-17 02:24:20 UTC

>I can also reproduce this with a trivial Qt testprogram, so I reported this to the Trolls. 
Thanks Martin. Since this is a Qt bug, I'll close the KMail bug report about it.