Bug 440831

Summary: Segmentation Fault on syncing MeContact
Product: [Frameworks and Libraries] Akonadi Reporter: Andreas Merl <merl.andreas>
Component: EWS ResourceAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: carl, krissn
Priority: NOR    
Version: 5.17.3   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In: 23.04.2
Sentry Crash Report:
Attachments: gdb backtrace of segfault

Description Andreas Merl 2021-08-10 11:36:12 UTC
Created attachment 140630 [details]
gdb backtrace of segfault

SUMMARY
At least some accounts of outlook.com do have one element in MeContact.
(tested with two separated accounts, same behavior).
On trying to sync this element a Segmentation Fault occurs.
This Segmentation Fault appears only if the element is not locally available already.


STEPS TO REPRODUCE
1. Create an outlook.com account.
   Account must have one element in MeContact (element type EwsItemTypeItem or 0)
2. Add account to Akonadi.
3. Open akonadiconsole and synchronize all elements of the resource.

OBSERVED RESULT
As soon as the synchronizing process tries to sync MeContact a
Segmentation Fault occurs.

EXPECTED RESULT
No Segmentation Faults at all.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Arch Linux Kernel 5.1.9-arch1-1
(available in About System)
KDE Plasma Version: 5.22.4
KDE Frameworks Version: 5.84.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
I'm no expert at this (RF Engineer) but I was able to find this log message
org.kde.pim.ews: "Could not find handler for item type 0"
after which a nullptr is returned.
So I thought maybe someone tries to access this nullptr.
I managed to make a debug build and get gdb to work.
back trace is attached.
In ewsfetchitemsjob.cpp:300 we can find this:
QString mimeType = EwsItemHandler::itemHandler(type)->mimeType();
As I understand it EwsItemTypeItem does not have a itemHandler and therefor
creating it returns a nullptr and calling mimeType() gets me a Segmentation Fault. To prevent it I tested an addition where I firstly check if there is a
nullptr and skip the element if itemHanlder(type) returns nullptr.
This removed the issue.
Comment 1 Bug Janitor Service 2023-04-25 11:18:54 UTC
A possibly relevant merge request was started @ https://invent.kde.org/pim/kdepim-runtime/-/merge_requests/108
Comment 2 Thomas Karpiniec 2023-04-27 19:54:33 UTC
Git commit e6007c7e81d8987fa402f70084675f7ad3e33eac by Thomas Karpiniec.
Committed on 25/04/2023 at 11:06.
Pushed by carlschwan into branch 'master'.

Skip EWS items where there is no registered handler

Prevents nullptr dereference when handling an unexpected item type
EwsItemTypeItem, such as can be found in "MeContact" on
outlook.com.

M  +6    -1    resources/ews/ewsfetchitemsjob.cpp

https://invent.kde.org/pim/kdepim-runtime/commit/e6007c7e81d8987fa402f70084675f7ad3e33eac
Comment 3 Carl Schwan 2023-04-27 19:54:50 UTC
Git commit 20f001338153724d899e9e586a290be6c3f66394 by Carl Schwan, on behalf of Thomas Karpiniec.
Committed on 27/04/2023 at 19:54.
Pushed by carlschwan into branch 'release/23.04'.

Skip EWS items where there is no registered handler

Prevents nullptr dereference when handling an unexpected item type
EwsItemTypeItem, such as can be found in "MeContact" on
outlook.com.


(cherry picked from commit e6007c7e81d8987fa402f70084675f7ad3e33eac)

M  +6    -1    resources/ews/ewsfetchitemsjob.cpp

https://invent.kde.org/pim/kdepim-runtime/commit/20f001338153724d899e9e586a290be6c3f66394