Bug 409419

Summary: Mail system crashed
Product: [Frameworks and Libraries] Akonadi Reporter: Nicolas Fella <nicolas.fella>
Component: IMAP resourceAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: crash Keywords: drkonqi
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: https://commits.kde.org/kimap/8bc38d948c5386716c1d91cfe2ae2e9413da6541 Version Fixed In: 5.11.3
Sentry Crash Report:

Description Nicolas Fella 2019-07-02 13:49:11 UTC 
Application: akonadi_imap_resource (5.11.41)
 (Compiled from sources)
Qt Version: 5.12.3
Frameworks Version: 5.60.0
Operating System: Linux 5.1.8-1-MANJARO x86_64
Distribution: "Manjaro Linux"

-- Information about the crash:
- What I was doing when the application crashed:
Nothing Mail related, KMail wasn't open. 

Dr Konqi says "GMX Freemail (nicolas.fella) crashed"

-- Backtrace:
Application: GMX Freemail (nicolas.fella) (akonadi_imap_resource), signal: Aborted
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f5aabc53b40 (LWP 10003))]

Thread 7 (Thread 0x7f5aa0ca6700 (LWP 11021)):
#0  0x00007f5abe4a7c54 in read () from /usr/lib/libc.so.6
#1  0x00007f5ab4ad4961 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f5ab4b24f70 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#3  0x00007f5ab4b26766 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#5  0x00007f5abeb41984 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#6  0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#7  0x00007f5abe930239 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#8  0x00007f5abe93163c in ?? () from /usr/lib/libQt5Core.so.5
#9  0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#10 0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 6 (Thread 0x7f5aa15ad700 (LWP 11016)):
#0  0x00007f5abe4ac0d1 in poll () from /usr/lib/libc.so.6
#1  0x00007f5ab4b267c0 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f5abeb41984 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#4  0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#5  0x00007f5abe930239 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#6  0x00007f5abe93163c in ?? () from /usr/lib/libQt5Core.so.5
#7  0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#8  0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 5 (Thread 0x7f5aa25ed700 (LWP 10120)):
#0  0x00007f5abe4ac0d1 in poll () from /usr/lib/libc.so.6
#1  0x00007f5ab4b267c0 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f5abeb41984 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#4  0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#5  0x00007f5abe930239 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#6  0x00007f5abe93163c in ?? () from /usr/lib/libQt5Core.so.5
#7  0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#8  0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 4 (Thread 0x7f5aa37fe700 (LWP 10062)):
#0  0x00007f5abe4a7c54 in read () from /usr/lib/libc.so.6
#1  0x00007f5ab4ad4961 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f5ab4b24f70 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#3  0x00007f5ab4b26766 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#5  0x00007f5abeb41984 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#6  0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#7  0x00007f5abe930239 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#8  0x00007f5abe93163c in ?? () from /usr/lib/libQt5Core.so.5
#9  0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#10 0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 3 (Thread 0x7f5aa3fff700 (LWP 10059)):
#0  0x00007f5abe4a7c54 in read () from /usr/lib/libc.so.6
#1  0x00007f5ab4ad4961 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f5ab4b24f70 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#3  0x00007f5ab4b26766 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#5  0x00007f5abeb41984 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#6  0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#7  0x00007f5abe930239 in QThread::exec() () from /usr/lib/libQt5Core.so.5
#8  0x00007f5abfbfdba6 in ?? () from /usr/lib/libQt5DBus.so.5
#9  0x00007f5abe93163c in ?? () from /usr/lib/libQt5Core.so.5
#10 0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#11 0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7f5aa9cc4700 (LWP 10058)):
#0  0x00007f5ab6141bac in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f5aaa2b3304 in ?? () from /usr/lib/dri/i965_dri.so
#2  0x00007f5aaa2b3028 in ?? () from /usr/lib/dri/i965_dri.so
#3  0x00007f5ab613ba92 in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007f5abe4b6cd3 in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7f5aabc53b40 (LWP 10003)):
[KCrash Handler]
#6  0x00007f5abe3f382f in raise () from /usr/lib/libc.so.6
#7  0x00007f5abe3de672 in abort () from /usr/lib/libc.so.6
#8  0x00007f5abe8f77fc in QMessageLogger::fatal(char const*, ...) const () from /usr/lib/libQt5Core.so.5
#9  0x00007f5abe8f6c28 in qt_assert(char const*, char const*, int) () from /usr/lib/libQt5Core.so.5
#10 0x00007f5ac107c124 in KIMAP::ImapSet::add (this=0x7ffda5781aa0, values=...) at /home/nico/kde/src/kimap/src/imapset.cpp:249
#11 0x00007f5ac107bdb9 in KIMAP::ImapSet::ImapSet (this=0x7ffda5781aa0, value=140026739181952) at /home/nico/kde/src/kimap/src/imapset.cpp:203
#12 0x000055a506b6cb20 in RetrieveItemTask::triggerFetchJob (this=0x7f5a9402dab0) at /home/nico/kde/src/kdepim-runtime/resources/imap/retrieveitemtask.cpp:80
#13 0x000055a506b6c8fc in RetrieveItemTask::doStart (this=0x7f5a9402dab0, session=0x55a507f5a430) at /home/nico/kde/src/kdepim-runtime/resources/imap/retrieveitemtask.cpp:62
#14 0x000055a506b5f896 in ResourceTask::onSessionRequested (this=0x7f5a9402dab0, requestId=42, session=0x55a507f5a430, errorCode=0, errorString=...) at /home/nico/kde/src/kdepim-runtime/resources/imap/resourcetask.cpp:121
#15 0x000055a506b62dfb in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1, 2, 3>, QtPrivate::List<long long, KIMAP::Session*, int, QString const&>, void, void (ResourceTask::*)(long long, KIMAP::Session*, int, QString const&)>::call (f=(void (ResourceTask::*)(ResourceTask * const, long long, KIMAP::Session *, int, const QString &)) 0x55a506b5f602 <ResourceTask::onSessionRequested(long long, KIMAP::Session*, int, QString const&)>, o=0x7f5a9402dab0, arg=0x7ffda5781e80) at /usr/include/qt/QtCore/qobjectdefs_impl.h:152
#16 0x000055a506b62cc2 in QtPrivate::FunctionPointer<void (ResourceTask::*)(long long, KIMAP::Session*, int, QString const&)>::call<QtPrivate::List<long long, KIMAP::Session*, int, QString const&>, void> (f=(void (ResourceTask::*)(ResourceTask * const, long long, KIMAP::Session *, int, const QString &)) 0x55a506b5f602 <ResourceTask::onSessionRequested(long long, KIMAP::Session*, int, QString const&)>, o=0x7f5a9402dab0, arg=0x7ffda5781e80) at /usr/include/qt/QtCore/qobjectdefs_impl.h:185
#17 0x000055a506b629c3 in QtPrivate::QSlotObject<void (ResourceTask::*)(long long, KIMAP::Session*, int, QString const&), QtPrivate::List<long long, KIMAP::Session*, int, QString const&>, void>::impl (which=1, this_=0x55a507fbab00, r=0x7f5a9402dab0, a=0x7ffda5781e80, ret=0x0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:414
#18 0x00007f5abeb1731b in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#19 0x000055a506b3100d in SessionPool::sessionRequestDone (this=0x55a507eb14c0, _t1=42, _t2=0x55a507f5a430, _t3=0, _t4=...) at /home/nico/kde/build/kdepim-runtime/resources/imap/imapresource_autogen/EWIEGA46WW/moc_sessionpool.cpp:294
#20 0x000055a506b7957f in SessionPool::processPendingRequests (this=0x55a507eb14c0) at /home/nico/kde/src/kdepim-runtime/resources/imap/sessionpool.cpp:290
#21 0x000055a506b7f043 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (SessionPool::*)()>::call(void (SessionPool::*)(), SessionPool*, void**) (f=(void (SessionPool::*)(SessionPool * const)) 0x55a506b794bc <SessionPool::processPendingRequests()>, o=0x55a507eb14c0, arg=0x7ffda5781ff0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:152
#22 0x000055a506b7eafe in QtPrivate::FunctionPointer<void (SessionPool::*)()>::call<QtPrivate::List<>, void>(void (SessionPool::*)(), SessionPool*, void**) (f=(void (SessionPool::*)(SessionPool * const)) 0x55a506b794bc <SessionPool::processPendingRequests()>, o=0x55a507eb14c0, arg=0x7ffda5781ff0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:185
#23 0x000055a506b7e2bb in QtPrivate::QSlotObject<void (SessionPool::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x55a50802ac70, r=0x55a507eb14c0, a=0x7ffda5781ff0, ret=0x0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:414
#24 0x00007f5abeb23327 in ?? () from /usr/lib/libQt5Core.so.5
#25 0x00007f5abeb17a3b in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5
#26 0x00007f5abf66ada4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#27 0x00007f5abf6723c1 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#28 0x00007f5abeaec849 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#29 0x00007f5abeb40d15 in QTimerInfoList::activateTimers() () from /usr/lib/libQt5Core.so.5
#30 0x00007f5abeb415da in ?? () from /usr/lib/libQt5Core.so.5
#31 0x00007f5ab4b2490f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#32 0x00007f5ab4b26869 in ?? () from /usr/lib/libglib-2.0.so.0
#33 0x00007f5ab4b268ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#34 0x00007f5abeb41969 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#35 0x00007f5abeaeb4dc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#36 0x00007f5abeaf3596 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#37 0x00007f5ac0e4683a in Akonadi::ResourceBase::init (r=...) at /home/nico/kde/src/akonadi/src/agentbase/resourcebase.cpp:611
#38 0x000055a506b0f665 in Akonadi::ResourceBase::init<ImapResource> (argc=3, argv=0x7ffda57827d8) at /home/nico/kde/usr/include/KF5/AkonadiAgentBase/resourcebase.h:199
#39 0x000055a506b0f520 in main (argc=3, argv=0x7ffda57827d8) at /home/nico/kde/src/kdepim-runtime/resources/imap/main.cpp:22
[Inferior 1 (process 10003) detached]

Reported using DrKonqi
Comment 1 Daniel Vrátil 2019-07-07 16:47:28 UTC 
Git commit 8bc38d948c5386716c1d91cfe2ae2e9413da6541 by Daniel Vrátil.
Committed on 07/07/2019 at 16:47.
Pushed by dvratil into branch 'Applications/19.04'.

Fix int overflow when parsing ImapSet

Summary:
The ImapSet is a vector of qint64s, but while iteraring over
the vector the code stored the value as an int, which could've
caused overflow if the Id was large enough, triggering the
Q_ASSERT below.
FIXED-IN: 5.11.3

Reviewers: #kde_pim, vkrause

Reviewed By: #kde_pim, vkrause

Subscribers: kde-pim

Tags: #kde_pim

Differential Revision: https://phabricator.kde.org/D22271

M  +2    -2    src/imapset.cpp

https://commits.kde.org/kimap/8bc38d948c5386716c1d91cfe2ae2e9413da6541