Bug 290150

Summary: When filter action "Set Reply-To To" executes on an email which has no "Reply-To:" header, KMail segfaults
Product: [Frameworks and Libraries] Akonadi Reporter: Andrew Munkres <amunkres>
Component: Mail Filter AgentAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: montel
Priority: NOR    
Version: 4.7   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: http://commits.kde.org/kdepim/fdf25a314cd9638a9194428739e33352164689d4 Version Fixed In: 4.8.5
Sentry Crash Report:

Description Andrew Munkres 2011-12-30 06:19:33 UTC 
Version:           4.7 (using KDE 4.7.3) 
OS:                Linux

I had a filter configured with one filter criterion (match on the "From:" header contents) and two filter actions: 1) set the "Reply-To:" to a cetain value, and 2) move the message into a certain folder. This morning, a message arrived which had a "From:" header that matched that filter's filter criterion and did not have any "Reply-To:" header. When it arrived, KMail segfaulted (the traceback showed that the segfault occurred in thread #1 from within the library libkmime.so.4; I'm using Arch's packages of KMail and KDEPIM, which don't have debugging symbols, so I don't have a detailed traceback). What's more, the offending message remained in the inbox after the crash, so KMail would try again to process the message upon startup; this would cause KMail to crash immediately upon startup every time.

I figured out which message was causing the problem by manually moving the message files out of the maildir and then trying to start KMail, until it would start without crashing; I confirmed that it was this one particular message that made it crash by starting KMail with only that message removed from the maildir directory (in which case KMail started without crashing) and with that message present in the maildir directory (in which case KMail crashed upon startup).

After successfully starting KMail, I then replaced the "Set Reply-To To" filter action with an "Add Header" action, quit KMail, put the message file back in the maildir directory, and started KMail. This time, KMail did not crash, and processed the incoming message appropriately according to the filter rule.


Reproducible: Always

Steps to Reproduce:
1) Create a filter with some arbitrary filter criteria and a "Set Reply-To To" filter action.
2) Compose a message which matches the filter's criteria and does not contain a "Reply-To:" header.
3) Save the message into a local maildir folder.
3) Quit KMail.
4) Move the message into the "new" subdirectory of your local "inbox" maildir (renaming the message file appropriately if necessary).
5) Start KMail.

Actual Results:  
KMail will segfault, the traceback showing that the segfault occurred in thread #1 from within the library libkmime.so.4.

Expected Results:  
KMail should have either left the message's headers unchanged or added a "Reply-To:" header, in either case it shouldn't have crashed.

This actually happened with KMail 4.7.4 from KDEPIM 4.7.4 (Arch packages "kdepim-kmail 4.7.4-1" and "kdepimlibs 4.7.4-1"), but 4.7.4 isn't currently listed in the "KDE Version" drop-down in this Bugzilla.
Comment 1 Christophe Marin 2012-01-06 20:52:43 UTC 
valid in master with the steps described:

#4  0x00007f12849b5fe4 in qFatal (msg=<optimized out>) at global/qglobal.cpp:2481
#5  0x00007f12849b602a in qt_assert (assertion=<optimized out>, file=<optimized out>, line=<optimized out>) at global/qglobal.cpp:1999
#6  0x00007f128447ab2a in KMime::Content::header<KMime::Headers::ReplyTo> (this=0x7e8ae0, create=true) at /kde/src/pim/kdepimlibs/kmime/kmime_content.h:797
#7  0x00007f128447a32f in KMime::Message::replyTo (this=0x7e8ae0, create=true) at /kde/src/pim/kdepimlibs/kmime/kmime_message.cpp:158
#8  0x00007f12700083e3 in Akonadi::SerializerPluginMail::serialize (this=0x7de800, item=..., label=..., data=..., version=@0x7fff801f663c) at /kde/src/pim/kdepim-runtime/plugins/akonadi_serializer_mail.cpp:176
#9  0x00007f1284f82161 in Akonadi::ItemSerializer::serialize (item=..., label=..., data=..., version=@0x7fff801f663c) at /kde/src/pim/kdepimlibs/akonadi/itemserializer.cpp:126
#10 0x00007f1284f82062 in Akonadi::ItemSerializer::serialize (item=..., label=..., data=..., version=@0x7fff801f663c) at /kde/src/pim/kdepimlibs/akonadi/itemserializer.cpp:116
#11 0x00007f1284f84232 in Akonadi::ItemModifyJobPrivate::nextPartHeader (this=0x801bf0) at /kde/src/pim/kdepimlibs/akonadi/itemmodifyjob.cpp:60
#12 0x00007f1284f85ff3 in Akonadi::ItemModifyJob::doHandleResponse (this=0x7fbea0, _tag=..., data=...) at /kde/src/pim/kdepimlibs/akonadi/itemmodifyjob.cpp:230
#13 0x00007f1284f8cf5d in Akonadi::JobPrivate::handleResponse (this=0x801bf0, tag=..., data=...) at /kde/src/pim/kdepimlibs/akonadi/job.cpp:80
#14 0x00007f1284fc2ae1 in Akonadi::SessionPrivate::dataReceived (this=0x54a960) at /kde/src/pim/kdepimlibs/akonadi/session.cpp:218
#15 0x00007f1284fc41f5 in Akonadi::Session::qt_static_metacall (_o=0x507550, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fff801f6d70) at /kde/build/pim/kdepimlibs/akonadi/session.moc:73
#16 0x00007f1284ad1751 in QMetaObject::activate (sender=0x53fc20, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3556
#17 0x00007f1284ad1751 in QMetaObject::activate (sender=0x529948, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at kernel/qobject.cpp:3556
#18 0x00007f1281c6f79f in QAbstractSocketPrivate::canReadNotification (this=0x501350) at socket/qabstractsocket.cpp:651
---Type <return> to continue, or q <return> to quit---
#19 0x00007f1281c772f1 in event (this=<optimized out>, e=<optimized out>) at socket/qnativesocketengine.cpp:1151
#20 QReadNotifier::event (this=<optimized out>, e=<optimized out>) at socket/qnativesocketengine.cpp:1148
#21 0x00007f1283597e84 in notify_helper (e=0x7fff801f7470, receiver=0x546550, this=0x455560) at kernel/qapplication.cpp:4550
#22 QApplicationPrivate::notify_helper (this=0x455560, receiver=0x546550, e=0x7fff801f7470) at kernel/qapplication.cpp:4522
#23 0x00007f128359cd03 in QApplication::notify (this=0x7fff801f7750, receiver=0x546550, e=0x7fff801f7470) at kernel/qapplication.cpp:4411
#24 0x00007f12856e55a3 in KApplication::notify (this=0x7fff801f7750, receiver=0x546550, event=0x7fff801f7470) at /kde/src/kdelibs/kdeui/kernel/kapplication.cpp:311
#25 0x00007f1284abd88c in QCoreApplication::notifyInternal (this=0x7fff801f7750, receiver=0x546550, event=0x7fff801f7470) at kernel/qcoreapplication.cpp:876
#26 0x00007f1284aebf37 in sendEvent (event=0x7fff801f7470, receiver=<optimized out>) at kernel/qcoreapplication.h:231
#27 socketNotifierSourceDispatch (source=0x45cd30) at kernel/qeventdispatcher_glib.cpp:110
#28 0x00007f127eac258d in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#29 0x00007f127eac2d88 in ?? () from /usr/lib64/libglib-2.0.so.0
#30 0x00007f127eac2f59 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#31 0x00007f1284aec8df in QEventDispatcherGlib::processEvents (this=0x42a000, flags=<optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#32 0x00007f128363b2de in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=<optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#33 0x00007f1284abc672 in QEventLoop::processEvents (this=<optimized out>, flags=...) at kernel/qeventloop.cpp:149
#34 0x00007f1284abc8c7 in QEventLoop::exec (this=0x7fff801f76b0, flags=...) at kernel/qeventloop.cpp:204
#35 0x00007f1284ac1425 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1148
#36 0x00007f1284ed8771 in Akonadi::AgentBase::init (r=0x6d25f0) at /kde/src/pim/kdepimlibs/akonadi/agentbase.cpp:564
#37 0x0000000000417499 in Akonadi::AgentBase::init<MailFilterAgent> (argc=3, argv=0x7fff801f78a8) at /kde/inst/kdepimlibs/include/akonadi/agentbase.h:342
#38 0x00000000004168e3 in main (argc=3, argv=0x7fff801f78a8) at /kde/src/pim/kdepim/mailfilteragent/mailfilteragent.cpp:197
Comment 2 Laurent Montel 2012-06-08 10:29:39 UTC 
Git commit ef533353523ce05a004791b7731dc1cbb3fdf18b by Montel Laurent.
Committed on 08/06/2012 at 12:29.
Pushed by mlaurent into branch 'master'.

Fix Bug 290150 - When filter action "Set Reply-To To" executes on an

email which has no "Reply-To:" header, KMail segfaults
FIXED-IN: 4.8.5

M  +7    -1    mailcommon/filter/filteractionreplyto.cpp

http://commits.kde.org/kdepim/ef533353523ce05a004791b7731dc1cbb3fdf18b
Comment 3 Laurent Montel 2012-06-08 10:31:38 UTC 
Git commit fdf25a314cd9638a9194428739e33352164689d4 by Montel Laurent.
Committed on 08/06/2012 at 12:31.
Pushed by mlaurent into branch 'KDE/4.8'.

Fix Bug 290150 - When filter action "Set Reply-To To" executes on an

email which has no "Reply-To:" header, KMail segfaults
FIXED-IN: 4.8.5

M  +7    -1    mailcommon/filteraction.cpp

http://commits.kde.org/kdepim/fdf25a314cd9638a9194428739e33352164689d4