Bug 160149

Summary: application crash, eip contains 4 byte ascii string
Product: [Unmaintained] kmail Reporter: Thomas Pollet <thomas.pollet>
Component: IMAPAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: 1.9.4   
Target Milestone: ---   
Platform: RedHat Enterprise Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Thomas Pollet 2008-03-31 10:56:43 UTC 
Version:           1.9.4 (using KDE 3.5.9DevelKDE 3.5.6)
Installed from:    RedHat RPMsRedHat RPMsRedHat RPMs
OS:                Linux

Hi,

I found kmail crashing when downloading imap mail.

#6  0x53205349 in ?? ()
#7  0x03c6adb0 in KMail::ImapJob::slotGetNextMessage ()
   from /usr/lib/libkmailprivate.so
...

>>> print struct.pack("<L",0x53205349)
IS S

so 0x53205349 is too much of anascii string to be sane. It looks like part of the subject of a mail I received. But I can't reproduce. 

the disassembly looks like this:

0x03c6adaa <_ZN5KMail7ImapJob18slotGetNextMessageEv+74>:        call   *0xe0(%eax)
0x03c6adb0 <_ZN5KMail7ImapJob18slotGetNextMessageEv+80>:        test   %eax,%eax
 
the correspending code from imapjob.cpp here:

KMFolderImap *msgParent = msg ? static_cast<KMFolderImap*>(msg->storage()) : 0;
if ( !msgParent || !msg || msg->UID() == 0 )

msg->UID() is the call   *0xe0(%eax)

so it looks like the msg vtable memory got corrupted earlier on. Though, the call to msg->storage() was successful, yet msg->storage() is in a different part of the class hierarchy.

I've been looking/testing the code to see where it got corrupted but I couldn't figure that out.

Regards,
Thomas Pollet
Comment 1 Thomas Pollet 2008-03-31 10:57:47 UTC 
full bt:

#6  0x53205349 in ?? ()
#7  0x03c6adb0 in KMail::ImapJob::slotGetNextMessage ()
   from /usr/lib/libkmailprivate.so
#8  0x03c6bb29 in KMail::ImapJob::init () from /usr/lib/libkmailprivate.so
#9  0x03c6cfed in KMail::ImapJob::execute () from /usr/lib/libkmailprivate.so
#10 0x03c6022d in KMail::FolderJob::start () from /usr/lib/libkmailprivate.so
#11 0x03c41d0d in KMMainWidget::slotMsgSelected ()
   from /usr/lib/libkmailprivate.so
#12 0x03c55810 in KMMainWidget::qt_invoke () from /usr/lib/libkmailprivate.so
#13 0x022b2f3a in QObject::activate_signal ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#14 0x03aa975e in KMHeaders::selected () from /usr/lib/libkmailprivate.so
#15 0x03aab7b9 in KMHeaders::highlightMessage ()
   from /usr/lib/libkmailprivate.so
#16 0x03aabbac in KMHeaders::highlightMessage ()
   from /usr/lib/libkmailprivate.so
Comment 2 Tommi Tervo 2008-03-31 12:29:10 UTC 
Which version of Kmail do you use, this bug should be fixed.
http://bugs.kde.org/show_bug.cgi?id=126715
Comment 3 Thomas McGuire 2008-03-31 15:39:08 UTC 
As Tommi mentioned, this bug should already be fixed in a more recent version, 1.9.4 is too old.

*** This bug has been marked as a duplicate of 126715 ***