[Kolab-devel] [issue4438] kmail crash when verifying a multipart-signed message with embedded chiasmus-encrypted content

Marc Mutz issues at kolab.org
Wed Jun 30 14:30:03 CEST 2010 

New submission from Marc Mutz <marc at kdab.net>:

How to reproduce:
1. Forward a chiasmus-encrypted message as attachment
2. Sign that mail with S/MIME or OpenPGP/MIME
3. Choose send-later
4. Open the mail in the outbox
-> The chiasmus dialog appears
5. Wait a few seconds, then select a keyfile and press OK
-> crash

Valgrind log attached.

----------
assignedto: marc
files: kmail-crash-chiasmus-smime.txt
keyword: crypto, enterprise35, kde client
messages: 25574
nosy: allen, bernhard, emanuel, laurent, ludwig, marc, sergio, till, tmcguire, vkrause
priority: bug
status: unread
title: kmail crash when verifying a multipart-signed message with embedded chiasmus-encrypted content

______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4438>
______________________________________
-------------- next part --------------
==21316== Invalid read of size 8
==21316==    at 0xC521F3F: QListViewItem::QListViewItem(QListViewItem*, QString, QString, QString, QString, QString, QString, QString, QString) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x538E4A1: KMMimePartTreeItem::KMMimePartTreeItem(KMMimePartTreeItem*, partNode*, QString const&, QString const&, QString const&, unsigned long long, bool) (kmmimeparttree.cpp:346)
==21316==    by 0x53B7F70: partNode::fillMimePartTree(KMMimePartTreeItem*, KMMimePartTree*, QString, QString, QString, unsigned long long, bool) (partNode.cpp:527)
==21316==    by 0x53A6DC3: KMail::ObjectTreeParser::insertAndParseNewChildNode(partNode&, char const*, char const*, bool, bool) (objecttreeparser.cpp:229)
==21316==    by 0x53A8802: KMail::ObjectTreeParser::processMessageRfc822Subtype(partNode*, KMail::ProcessResult&) (objecttreeparser.cpp:1517)
==21316==    by 0x53B2E60: (anonymous namespace)::MessageRfc822BodyPartFormatter::process(KMail::ObjectTreeParser*, partNode*, KMail::ProcessResult&) const (bodypartformatter.cpp:120)
==21316==    by 0x53A64BD: KMail::ObjectTreeParser::parseObjectTree(partNode*) (objecttreeparser.cpp:315)
==21316==    by 0x53A65D0: KMail::ObjectTreeParser::stdChildHandling(partNode*) (objecttreeparser.cpp:1210)
==21316==    by 0x53A689D: KMail::ObjectTreeParser::processMultiPartMixedSubtype(partNode*, KMail::ProcessResult&) (objecttreeparser.cpp:1246)
==21316==    by 0x53B2E34: (anonymous namespace)::MultiPartMixedBodyPartFormatter::process(KMail::ObjectTreeParser*, partNode*, KMail::ProcessResult&) const (bodypartformatter.cpp:122)
==21316==    by 0x53A64BD: KMail::ObjectTreeParser::parseObjectTree(partNode*) (objecttreeparser.cpp:315)
==21316==    by 0x53A9F5E: KMail::ObjectTreeParser::writeOpaqueOrMultipartSignedData(partNode*, partNode&, QString const&, bool, QCString*, std::vector<GpgME::Signature, std::allocator<GpgME::Signature> > const&, bool) (objecttreeparser.cpp:710)
==21316==    by 0x53AA9F6: KMail::ObjectTreeParser::processMultiPartSignedSubtype(partNode*, KMail::ProcessResult&) (objecttreeparser.cpp:1330)
==21316==    by 0x53B2DDC: (anonymous namespace)::MultiPartSignedBodyPartFormatter::process(KMail::ObjectTreeParser*, partNode*, KMail::ProcessResult&) const (bodypartformatter.cpp:124)
==21316==    by 0x53A64BD: KMail::ObjectTreeParser::parseObjectTree(partNode*) (objecttreeparser.cpp:315)
==21316==    by 0x528F139: KMReaderWin::parseMsg(KMMessage*) (kmreaderwin.cpp:1535)
==21316==    by 0x5288477: KMReaderWin::displayMessage() (kmreaderwin.cpp:1453)
==21316==    by 0x52885EE: KMReaderWin::updateReaderWin() (kmreaderwin.cpp:1388)
==21316==    by 0x528B46E: KMReaderWin::qt_invoke(int, QUObject*) (kmreaderwin.moc:315)
==21316==    by 0xC45136B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC451B03: QObject::activate_signal(int) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC46FB84: QTimer::event(QEvent*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC3FB952: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC3FC667: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xB548C61: KApplication::notify(QObject*, QEvent*) (in /usr/lib/libkdecore.so.4.2.0)
==21316==    by 0xC3F222A: QEventLoop::activateTimers() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC3B1C4C: QEventLoop::processEvents(unsigned) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC410000: QEventLoop::enterLoop() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC40FEB1: QEventLoop::exec() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x403709: main (main.cpp:110)
==21316==  Address 0x136602e8 is 0 bytes inside a block of size 88 free'd
==21316==    at 0x4C20E0D: operator delete(void*) (vg_replace_malloc.c:342)
==21316==    by 0x53902A0: KMMimePartTreeItem::~KMMimePartTreeItem() (kmmimeparttree.h:98)
==21316==    by 0xC529B19: QListViewItem::~QListViewItem() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x539028E: KMMimePartTreeItem::~KMMimePartTreeItem() (kmmimeparttree.h:98)
==21316==    by 0xC529B19: QListViewItem::~QListViewItem() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x539028E: KMMimePartTreeItem::~KMMimePartTreeItem() (kmmimeparttree.h:98)
==21316==    by 0xC51D759: QListView::clear() (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x52882F5: KMReaderWin::displayMessage() (kmreaderwin.cpp:1433)
==21316==    by 0x52885EE: KMReaderWin::updateReaderWin() (kmreaderwin.cpp:1388)
==21316==    by 0x5289E8C: KMReaderWin::update(KMail::Interface::Observable*) (kmreaderwin.cpp:793)
==21316==    by 0x542CFBB: KMail::ISubject::notify() (isubject.cpp:40)
==21316==    by 0x53AE2B5: KMail::VerifyDetachedBodyPartMemento::slotKeyListJobDone() (objecttreeparser_p.cpp:236)
==21316==    by 0x53AF0EB: KMail::VerifyDetachedBodyPartMemento::qt_invoke(int, QUObject*) (objecttreeparser_p.moc:257)
==21316==    by 0xC45136B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC451B03: QObject::activate_signal(int) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x6D1C60E: Kleo::Job::done() (job.moc:111)
==21316==    by 0x6D2DB58: Kleo::QGpgMEKeyListJob::slotOperationDoneEvent(GpgME::Context*, GpgME::Error const&) (qgpgmekeylistjob.cpp:188)
==21316==    by 0x6D2DD66: Kleo::QGpgMEKeyListJob::qt_invoke(int, QUObject*) (qgpgmekeylistjob.moc:97)
==21316==    by 0xC45136B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0x6FBBDD1: QGpgME::EventLoopInteractor::operationDoneEventSignal(GpgME::Context*, GpgME::Error const&) (eventloopinteractor.moc:153)
==21316==    by 0x6FBBE24: QGpgME::EventLoopInteractor::operationDoneEvent(GpgME::Context*, GpgME::Error const&) (eventloopinteractor.cpp:96)
==21316==    by 0x7202BF0: GpgME::EventLoopInteractor::Private::eventIOCb(void*, gpgme_event_io_t, void*) (eventloopinteractor.cpp:125)
==21316==    by 0x74335ED: (within /usr/lib/libgpgme.so.11.6.4)
==21316==    by 0x7202749: GpgME::EventLoopInteractor::actOn(int, GpgME::EventLoopInteractor::Direction) (eventloopinteractor.cpp:180)
==21316==    by 0x6FBC1C1: QGpgME::EventLoopInteractor::slotReadActivity(int) (eventloopinteractor.cpp:84)
==21316==    by 0x6FBC263: QGpgME::EventLoopInteractor::qt_invoke(int, QUObject*) (eventloopinteractor.moc:166)
==21316==    by 0xC45136B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC451A23: QObject::activate_signal(int, int) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC46B34A: QSocketNotifier::event(QEvent*) (in /usr/lib/libqt-mt.so.3.3.8)
==21316==    by 0xC3FB952: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/libqt-mt.so.3.3.8)

More information about the devel mailing list