Public bug reported:
Binary package hint: evolution
Ubuntu 10.04 LTS, Evolution 2.28.3-0ubuntu10
After accepting an appointment invitation in Outlook 2007 MS Exchange
client, moving it to another IMAP account and then opening it from there
with Evolution, I get a buffer overflow and Evolution crashes. Error
obviously occurs in tnef plugin (libytnef.so.0 of libytnef0-1.5-2 in
particular). It does not occur if I remove evolution-plugins-
experimental-2.28.3-0ubuntu10. Evolution 2.30 (from ppa:jacob/evo230)
does not resolve this issue either.
Here is the error dump:
/home/anzez/.evolution/cache/tmp/tnef-attachment-SCDwr8/calendar.vcf
*** buffer overflow detected ***: evolution terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fa9065e7207]
/lib/libc.so.6(+0xfe0c0)[0x7fa9065e60c0]
/usr/lib/libytnef.so.0(DecompressRTF+0x3c)[0x7fa8f7d9c4ec]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(saveVCalendar+0x3f3)[0x7fa8f7fb41b3]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(processTnef+0x28d)[0x7fa8f7fb490d]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(org_gnome_format_tnef+0xfc)[0x7fa8f7fb4d8c]
/usr/lib/evolution/2.28/libeutil.so.0(+0x2b192)[0x7fa91070a192]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x37c72)[0x7fa8fbed1c72]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3b1d7)[0x7fa8fbed51d7]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0xfd)[0x7fa8fbc4a41d]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7fa8fbc4a5e2]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x54302)[0x7fa8fbc4b302]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0x15e)[0x7fa8fbc4a47e]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7fa8fbc4a5e2]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3e0ee)[0x7fa8fbed80ee]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3ce60)[0x7fa8fbed6e60]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x691df)[0x7fa8fbc601df]
/lib/libglib-2.0.so.0(+0x69a5f)[0x7fa9068d4a5f]
/lib/libglib-2.0.so.0(+0x67b84)[0x7fa9068d2b84]
/lib/libpthread.so.0(+0x69ca)[0x7fa90d4e79ca]
/lib/libc.so.6(clone+0x6d)[0x7fa9065ce6fd]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:06 15639
/usr/bin/evolution
00620000-00621000 r--p 00020000 08:06 15639
/usr/bin/evolution
00621000-00625000 rw-p 00021000 08:06 15639
/usr/bin/evolution
01a5b000-024a2000 rw-p 00000000 00:00 0 [heap]
7fa8dc538000-7fa8dc53c000 rw-p 00000000 00:00 0
7fa8dc53c000-7fa8dc53e000 rw-p 00000000 00:00 0
7fa8dcd3f000-7fa8dcd40000 ---p 00000000 00:00 0
7fa8dcd40000-7fa8dd540000 rw-p 00000000 00:00 0
7fa8dd540000-7fa8dd541000 ---p 00000000 00:00 0
7fa8dd541000-7fa8ddd41000 rw-p 00000000 00:00 0
7fa8ddd41000-7fa8e1d42000 rw-s 00000000 00:10 76443
/dev/shm/pulse-shm-425152416
7fa8e1d42000-7fa8e1f05000 r-xp 00000000 08:06 79504
/usr/lib/libvorbisenc.so.2.0.6
7fa8e1f05000-7fa8e2105000 ---p 001c3000 08:06 79504
/usr/lib/libvorbisenc.so.2.0.6
7fa8e2105000-7fa8e211c000 r--p 001c3000 08:06 79504
/usr/lib/libvorbisenc.so.2.0.6
7fa8e211c000-7fa8e211d000 rw-p 001da000 08:06 79504
/usr/lib/libvorbisenc.so.2.0.6
7fa8e211d000-7fa8e2166000 r-xp 00000000 08:06 79489
/usr/lib/libFLAC.so.8.2.0
7fa8e2166000-7fa8e2366000 ---p 00049000 08:06 79489
/usr/lib/libFLAC.so.8.2.0
7fa8e2366000-7fa8e2367000 r--p 00049000 08:06 79489
/usr/lib/libFLAC.so.8.2.0
7fa8e2367000-7fa8e2368000 rw-p 0004a000 08:06 79489
/usr/lib/libFLAC.so.8.2.0
7fa8e2368000-7fa8e23c6000 r-xp 00000000 08:06 79511
/usr/lib/libsndfile.so.1.0.21
7fa8e23c6000-7fa8e25c6000 ---p 0005e000 08:06 79511
/usr/lib/libsndfile.so.1.0.21
7fa8e25c6000-7fa8e25c8000 r--p 0005e000 08:06 79511
/usr/lib/libsndfile.so.1.0.21
7fa8e25c8000-7fa8e25c9000 rw-p 00060000 08:06 79511
/usr/lib/libsndfile.so.1.0.21
7fa8e25c9000-7fa8e25cd000 rw-p 00000000 00:00 0
7fa8e25cd000-7fa8e25d6000 r-xp 00000000 08:06 65675
/lib/libwrap.so.0.7.6
7fa8e25d6000-7fa8e27d5000 ---p 00009000 08:06 65675
/lib/libwrap.so.0.7.6
7fa8e27d5000-7fa8e27d6000 r--p 00008000 08:06 65675
/lib/libwrap.so.0.7.6
7fa8e27d6000-7fa8e27d7000 rw-p 00009000 08:06 65675
/lib/libwrap.so.0.7.6
7fa8e27d7000-7fa8e27d8000 rw-p 00000000 00:00 0
7fa8e27d8000-7fa8e2823000 r-xp 00000000 08:06 22719
/usr/lib/libpulsecommon-0.9.21.so
7fa8e2823000-7fa8e2a22000 ---p 0004b000 08:06 22719
/usr/lib/libpulsecommon-0.9.21.so
7fa8e2a22000-7fa8e2a23000 r--p 0004a000 08:06 22719
/usr/lib/libpulsecommon-0.9.21.so
7fa8e2a23000-7fa8e2a24000 rw-p 0004b000 08:06 22719
/usr/lib/libpulsecommon-0.9.21.so
7fa8e2a24000-7fa8e2a29000 r-xp 00000000 08:06 34842
/usr/lib/libXtst.so.6.1.0
7fa8e2a29000-7fa8e2c29000 ---p 00005000 08:06 34842
/usr/lib/libXtst.so.6.1.0
7fa8e2c29000-7fa8e2c2a000 r--p 00005000 08:06 34842
/usr/lib/libXtst.so.6.1.0
7fa8e2c2a000-7fa8e2c2b000 rw-p 00006000 08:06 34842
/usr/lib/libXtst.so.6.1.0
7fa8e2c2b000-7fa8e2c6b000 r-xp 00000000 08:06 22698
/usr/lib/libpulse.so.0.12.2
7fa8e2c6b000-7fa8e2e6b000 ---p 00040000 08:06 22698
/usr/lib/libpulse.so.0.12.2
7fa8e2e6b000-7fa8e2e6c000 r--p 00040000 08:06 22698
/usr/lib/libpulse.so.0.12.2
7fa8e2e6c000-7fa8e2e6d000 rw-p 00041000 08:06 22698
/usr/lib/libpulse.so.0.12.2
7fa8e2e6d000-7fa8e2e73000 r-xp 00000000 08:06 1189033
/usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e2e73000-7fa8e3072000 ---p 00006000 08:06 1189033
/usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3072000-7fa8e3073000 r--p 00005000 08:06 1189033
/usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3073000-7fa8e3074000 rw-p 00006000 08:06 1189033
/usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3074000-7fa8e307c000 r-xp 00000000 08:06 1052776
/usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e307c000-7fa8e327b000 ---p 00008000 08:06 1052776
/usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327b000-7fa8e327c000 r--p 00007000 08:06 1052776
/usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327c000-7fa8e327d000 rw-p 00008000 08:06 1052776
/usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327d000-7fa8e32bc000 r-xp 00000000 08:06 85318
/usr/lib/libibus.so.1.0.0
7fa8e32bc000-7fa8e34bc000 ---p 0003f000 08:06 85318
/usr/lib/libibus.so.1.0.0Aborted
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: evolution 2.28.3-0ubuntu10
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Wed Jul 21 09:33:08 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_EU.utf8
SHELL=/bin/bash
SourcePackage: evolution
** Affects: evolution (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug lucid
--
Buffer overflow when opening mail with calendar.vcf tnef attachment
https://bugs.launchpad.net/bugs/608085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
