Bug 243611

Summary: Quote original message functionality crashes Kmail (Disposition notification)
Product: [Applications] kmail2 Reporter: Sabine Faure <sabine>
Component: composerAssignee: kdepim bugs <kdepim-bugs>
Status: VERIFIED FIXED    
Severity: crash CC: lfranchi
Priority: NOR Keywords: akonadi-ports-regression
Version: 2.0.89   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Bug Depends on:    
Bug Blocks: 223438    

Description Sabine Faure 2010-07-04 23:02:24 UTC 
Application: kmail (2.0.89)
KDE Platform Version: 4.4.5 (KDE 4.4.5) (Compiled from sources)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-19-generic x86_64
Distribution: Ubuntu lucid (development branch)

-- Information about the crash:
- Launch Kmail
- Go to Settings menu/Configure Kmail 
- Click on the Security icon
- In the Message Disposition Notifications section select the 'Ask' radio button and the 'Only headers' one too
- Click on 'Ok'
- Click on 'New' button
- Fill in the recipient, the subject and a few words in the composer dialogue
- Go to Options menu/Request Disposition Notification
- Click on 'Send'
- The email is properly sent

But Kmail crashes
The sender does not receive any Disposition notification email whereas he did when the 'Nothing' radio button was selected instead of 'Only headers' (configure dialogue)

Trunk, Svn Rev 1145265

The crash can be reproduced every time.

 -- Backtrace:
Application: KMail (kmail), signal: Aborted
[Current thread is 1 (Thread 0x7f7e47382780 (LWP 3860))]

Thread 3 (Thread 0x7f7e2a87e710 (LWP 3865)):
#0  0x00007f7e4060935d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f7e406091d0 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f7e3a060607 in WTF::TCMalloc_PageHeap::scavengerThread() () from /d/qt/4/kde-qt/lib/libQtWebKit.so.4
#3  0x00007f7e3a05f5f6 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from /d/qt/4/kde-qt/lib/libQtWebKit.so.4
#4  0x00007f7e410959ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#5  0x00007f7e406456dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f7e27713710 (LWP 3875)):
#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:97
#1  0x00007f7e405de3ac in _L_lock_12430 () from /lib/libc.so.6
#2  0x00007f7e405dce48 in *__GI___libc_free (mem=0x7f7e408dce40) at malloc.c:3736
#3  0x00007f7e390871ba in ?? () from /lib/libglib-2.0.so.0
#4  0x00007f7e414b70f9 in ~QEventDispatcherGlib (this=0x1c17900, __in_chrg=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:366
#5  0x00007f7e4134dcc3 in QThreadPrivate::finish (arg=0x7f7e417fa9c0) at thread/qthread_unix.cpp:284
#6  0x00007f7e4134ea85 in ~__pthread_cleanup_class (this=0x7f7e27712df0, __in_chrg=<value optimized out>) at /usr/include/pthread.h:535
#7  0x00007f7e4134db82 in QThreadPrivate::start (arg=0x7f7e417fa9c0) at thread/qthread_unix.cpp:253
#8  0x00007f7e410959ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#9  0x00007f7e406456dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#10 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f7e47382780 (LWP 3860)):
[KCrash Handler]
#5  0x00007f7e40592a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007f7e405965c0 in *__GI_abort () at abort.c:92
#7  0x00007f7e405cc4fb in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#8  0x00007f7e405d65b6 in malloc_printerr (action=3, str=0x7f7e406a8658 "double free or corruption (out)", ptr=<value optimized out>) at malloc.c:6264
#9  0x00007f7e405dce53 in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3738
#10 0x00007f7e41aece2f in ~Message (this=0x7ffff8daf070, __in_chrg=<value optimized out>) at /d/kde/src/t/kdepimlibs/kmime/kmime_message.cpp:44
#11 0x00007f7e3e11f5a0 in boost::checked_delete<KMime::Message> (x=0x7ffff8daf070) at /usr/include/boost/checked_delete.hpp:34
#12 0x00007f7e3e11f894 in boost::detail::sp_counted_impl_p<KMime::Message>::dispose (this=0x19a4cd0) at /usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp:78
#13 0x00007f7e3e10918e in boost::detail::sp_counted_base::release (this=0x19a4cd0) at /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_x86.hpp:145
#14 0x00007f7e3e10921d in ~shared_count (this=0x7ffff8daf098, __in_chrg=<value optimized out>) at /usr/include/boost/smart_ptr/detail/shared_count.hpp:217
#15 0x00007f7e3e11dc8a in ~shared_ptr (this=0x7ffff8daf090, __in_chrg=<value optimized out>) at /usr/include/boost/smart_ptr/shared_ptr.hpp:169
#16 0x00007f7e3e11a698 in MessageCore::StringUtil::headerAsSendableString (msg=...) at /d/kde/src/t/kdepim/messagecore/stringutil.cpp:761
#17 0x00007f7e3de3c09a in MessageComposer::MessageFactory::createMDN (this=0x7ffff8daf3c0, a=KMime::MDN::ManualAction, d=KMime::MDN::Displayed, s=KMime::MDN::SentAutomatically, mdnQuoteOriginal=2, 
    m=...) at /d/kde/src/t/kdepim/messagecomposer/messagefactory.cpp:615
#18 0x00007f7e45d0529e in KMReaderWin::slotTouchMessage (this=0xe4f7a0) at /d/kde/src/t/kdepim/kmail/kmreaderwin.cpp:423
#19 0x00007f7e45d06223 in KMReaderWin::setMessage (this=0xe4f7a0, item=..., updateMode=MessageViewer::Viewer::Delayed) at /d/kde/src/t/kdepim/kmail/kmreaderwin.cpp:633
#20 0x00007f7e45dca9d1 in KMMainWidget::itemsReceived (this=0x11616d0, list=...) at /d/kde/src/t/kdepim/kmail/kmmainwidget.cpp:4251
#21 0x00007f7e45da910c in KMMainWidget::qt_metacall (this=0x11616d0, _c=QMetaObject::InvokeMetaMethod, _id=147, _a=0x7ffff8daf860) at /d/kde/build/t/kdepim/kmail/kmmainwidget.moc:485
#22 0x00007f7e41482557 in QMetaObject::metacall (object=0x11616d0, cl=QMetaObject::InvokeMetaMethod, idx=174, argv=0x7ffff8daf860) at kernel/qmetaobject.cpp:237
#23 0x00007f7e414989d5 in QMetaObject::activate (sender=0x1b2e290, m=0x7f7e43d4b8a0, local_signal_index=0, argv=0x7ffff8daf860) at kernel/qobject.cpp:3293
#24 0x00007f7e43a239af in Akonadi::ItemFetchJob::itemsReceived (this=0x1b2e290, _t1=...) at /d/kde/build/t/kdepimlibs/akonadi/itemfetchjob.moc:92
#25 0x00007f7e43a23da9 in Akonadi::ItemFetchJobPrivate::timeout (this=0x1391320) at /d/kde/src/t/kdepimlibs/akonadi/itemfetchjob.cpp:65
#26 0x00007f7e43a23956 in Akonadi::ItemFetchJob::qt_metacall (this=0x1b2e290, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7ffff8dafa10) at /d/kde/build/t/kdepimlibs/akonadi/itemfetchjob.moc:80
#27 0x00007f7e41482557 in QMetaObject::metacall (object=0x1b2e290, cl=QMetaObject::InvokeMetaMethod, idx=37, argv=0x7ffff8dafa10) at kernel/qmetaobject.cpp:237
#28 0x00007f7e414989d5 in QMetaObject::activate (sender=0x1b2e290, m=0x7f7e46a97760, local_signal_index=3, argv=0x7ffff8dafa10) at kernel/qobject.cpp:3293
#29 0x00007f7e466ce63f in KJob::result (this=0x1b2e290, _t1=0x1b2e290) at /d/kde/build/t/kdelibs/kdecore/kjob.moc:194
#30 0x00007f7e466cdaad in KJob::emitResult (this=0x1b2e290) at /d/kde/src/t/kdelibs/kdecore/jobs/kjob.cpp:312
#31 0x00007f7e43a366d9 in Akonadi::JobPrivate::delayedEmitResult (this=0x1391320) at /d/kde/src/t/kdepimlibs/akonadi/job.cpp:145
#32 0x00007f7e43a37e98 in Akonadi::Job::qt_metacall (this=0x1b2e290, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0x7ffff8dafc30) at /d/kde/build/t/kdepimlibs/akonadi/job.moc:91
#33 0x00007f7e43a238d7 in Akonadi::ItemFetchJob::qt_metacall (this=0x1b2e290, _c=QMetaObject::InvokeMetaMethod, _id=34, _a=0x7ffff8dafc30) at /d/kde/build/t/kdepimlibs/akonadi/itemfetchjob.moc:73
#34 0x00007f7e41482557 in QMetaObject::metacall (object=0x1b2e290, cl=QMetaObject::InvokeMetaMethod, idx=34, argv=0x7ffff8dafc30) at kernel/qmetaobject.cpp:237
#35 0x00007f7e414989d5 in QMetaObject::activate (sender=0x1b63630, m=0x7f7e417f23e0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3293
#36 0x00007f7e414a257b in QSingleShotTimer::timeout (this=0x1b63630) at .moc/debug-shared/qtimer.moc:82
#37 0x00007f7e414a244b in QSingleShotTimer::timerEvent (this=0x1b63630) at kernel/qtimer.cpp:308
#38 0x00007f7e414941a7 in QObject::event (this=0x1b63630, e=0x7ffff8db04f0) at kernel/qobject.cpp:1212
#39 0x00007f7e424f97aa in QApplicationPrivate::notify_helper (this=0xb173b0, receiver=0x1b63630, e=0x7ffff8db04f0) at kernel/qapplication.cpp:4304
#40 0x00007f7e424f6e65 in QApplication::notify (this=0x7ffff8db09f0, receiver=0x1b63630, e=0x7ffff8db04f0) at kernel/qapplication.cpp:3708
#41 0x00007f7e46cfd773 in KApplication::notify (this=0x7ffff8db09f0, receiver=0x1b63630, event=0x7ffff8db04f0) at /d/kde/src/t/kdelibs/kdeui/kernel/kapplication.cpp:302
#42 0x00007f7e4147a3f8 in QCoreApplication::notifyInternal (this=0x7ffff8db09f0, receiver=0x1b63630, event=0x7ffff8db04f0) at kernel/qcoreapplication.cpp:704
#43 0x00007f7e424ead27 in QCoreApplication::sendEvent (receiver=0x1b63630, event=0x7ffff8db04f0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#44 0x00007f7e414bac73 in QTimerInfoList::activateTimers (this=0xb1adc0) at kernel/qeventdispatcher_unix.cpp:603
#45 0x00007f7e414b5f3b in timerSourceDispatch (source=0xb1ad60) at kernel/qeventdispatcher_glib.cpp:184
#46 0x00007f7e390878c2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#47 0x00007f7e3908b748 in ?? () from /lib/libglib-2.0.so.0
#48 0x00007f7e3908b8fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#49 0x00007f7e414b73d3 in QEventDispatcherGlib::processEvents (this=0xadca90, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#50 0x00007f7e425ca4c0 in QGuiEventDispatcherGlib::processEvents (this=0xadca90, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#51 0x00007f7e414773f0 in QEventLoop::processEvents (this=0x7ffff8db0880, flags=...) at kernel/qeventloop.cpp:149
#52 0x00007f7e41477546 in QEventLoop::exec (this=0x7ffff8db0880, flags=...) at kernel/qeventloop.cpp:201
#53 0x00007f7e4147aafa in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#54 0x00007f7e424f69ec in QApplication::exec () at kernel/qapplication.cpp:3583
#55 0x0000000000403869 in main (argc=3, argv=0x7ffff8db0b88) at /d/kde/src/t/kdepim/kmail/main.cpp:145

This bug may be a duplicate of or related to bug 200762.

Possible duplicates by query: bug 200762.

Reported using DrKonqi
Comment 1 Sabine Faure 2010-07-04 23:12:40 UTC 
- I forgot to mention that when the recipient opens the sent email he is asked whether or not he wants to send a Disposition notification.
- Click on 'Send'
It is only then that Kmail crashes

I retested this selecting the 'Full message' radio button instead of 'Only headers' and Kmail crashes exactly in the same way.

Trunk, Svn Rev 1145265
Comment 2 Leo Franchi 2010-07-19 16:00:31 UTC 
SVN commit 1151752 by lfranchi:

Don't crash when getting message headers or body as string.

BUG: 243611


 M  +10 -10    stringutil.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1151752
Comment 3 Sabine Faure 2010-07-23 19:00:25 UTC 
It is corrected now.

There is no more crash and the disposition notification is properly sent back to the sender now.

When the user selects the 'Only headers' radio button the header is enclosed to the disposition notification email but its fields are empty (see bug #245559  about this).

Trunk, Svn Rev 1153490