[Bug 28661] mailer crashes while trying to format message

Dan Kortschak dan.kortschak at adelaide.edu.au
Thu Jan 26 05:31:20 UTC 2006 

Public bug report changed:
https://launchpad.net/malone/bugs/28661

Comment:
The following spam causes the crash (identifying headers removed):

Date: Tue, 24 Jan 2006 00:29:44 +1030 (CST)
Date-warning: Date header was inserted by unimail.services.adelaide.edu.au
From: =?EUC-KR?B?w9a5zsGk?=
 <7RbE3AD1cMOc4rrsYeRCr at NhiB9RTAhrnUHjYmjLisB.rkdmfdldhaus4.biz>
Subject:
 =?EUC-KR?B?u/O787y9vboovLy287q5tc647bD6KV9fX19fX19fX19fX19fX18xeE51TThv?=
To:
Message-id: <0ITJ00542TJKZ220 at unimail.services.adelaide.edu.au>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 8BIT
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	correa.adelaide.edu.au
X-Spam-Report: 
	*  1.3 SUBJ_HAS_UNIQ_ID Subject contains a unique ID
	*  3.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
	*      [score: 0.9992]
	*  3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
	*      [<http://dsbl.org/listing?220.76.241.179>]
X-Spam-Status: Yes, score=8.5 required=5.0 tests=BAYES_99,RCVD_IN_DSBL,
	SUBJ_HAS_UNIQ_ID autolearn=disabled version=3.0.4
X-Spam-Level: ********

 =?EUC-KR?B?NXd5T3F1R2ZWaDVVUE4=?=
To:
Content-Type: text/html
Date: Mon, 23 Jan 2006 22:59:33 +0900
X-Priority: 3
X-Library: Indy 9.00.10
X-Mailer: B4SGkqh0yCqM4SY3fU8cS

<!-- body --><html><head><meta http-equiv="content-type"
content="text/html; charset=euc-kr"><title>Çѱ¹Ÿßµ¿ °­Ãß! ³ë·¡¹æµµ¿ì¹Ì
<3>  05.12.17  </title><meta name="generator" content="Namo WebEditor
v5.0"></head><body bgcolor="white" text="black" link="blue"
vlink="purple" alink="red"><p><a href="http://ž®ŸóxÁž.ah.to"
target="_blank"><span style="font-size:10pt;"> Çѱ¹Ÿßµ¿
ŽÙ¹þŽÂÈ­»óÀÆÃ2ºÎ <3>  05.12.19  </span></a></p><p><a
href="http://ž®ŸóxÁž.ah.to" target="_blank"><span style="font-
size:10pt;"> Çѱ¹Ÿßµ¿ ¹Ì°ø°³<<»¡°£ž¶¿ì¶óÈÄÆí <3>  05.12.28
 </span></a></p><p><a href="http://ž®ŸóxÁž.ah.to"
target="_blank"><span style="font-size:10pt;"> Çѱ¹Ÿßµ¿
»ó»óŒœœº(ŒŒ¶óº¹µÎží°ú) <1>  05.12.24
 </span></a></p></body></html>__________________YKqhaabHcAJmqCo4a778X


Debugging Information:

Backtrace was generated from '/usr/bin/evolution'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
`system-supplied DSO at 0xffffe000' has disappeared; keeping its
symbols.
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1230275776 (LWP 8106)]
[New Thread -1300702288 (LWP 8125)]
[New Thread -1292309584 (LWP 8124)]
[New Thread -1272972368 (LWP 8115)]
[New Thread -1262318672 (LWP 8114)]
[New Thread -1253925968 (LWP 8112)]
[New Thread -1245533264 (LWP 8111)]
[New Thread -1237140560 (LWP 8110)]
0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb79aa56b in waitpid () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7828508 in libgnomeui_module_info_get ()
   from /usr/lib/libgnomeui-2.so.0
#3  0x08060cac in es_menu_hook_get_type ()
#4  <signal handler called>
#5  0xb78fc274 in get_glyph_items_in_range (slave=0x87feb28, 
    painter=0x8363dd8, start_offset=488, len=105) at
htmltextslave.c:608
#6  0xb78fc4a1 in html_text_slave_get_glyph_items (slave=0x87feb28, 
    painter=0x8363dd8) at htmltextslave.c:667
#7  0xb78fc901 in draw_text (self=0x87feb28, p=0x8363dd8,
font_style=131, 
    x=-17, y=-261, width=904, height=406, tx=17, ty=261)
    at htmltextslave.c:782
#8  0xb78fd23a in draw (o=0x87feb28, p=0x8363dd8, x=-17, y=-261,
width=904, 
    height=406, tx=17, ty=261) at htmltextslave.c:929
#9  0xb78dc724 in html_object_draw (o=0x87feb28, p=0x8363dd8, x=-17,
y=-261, 
    width=904, height=406, tx=17, ty=261) at htmlobject.c:1042
#10 0xb789d96f in draw (o=0x8540860, p=0x8363dd8, x=-6, y=-114,
width=904, 
    height=406, tx=17, ty=261) at htmlclue.c:270
#11 0xb78a201b in draw (self=0x8540860, painter=0x8363dd8, x=-6, y=-114,

    width=904, height=406, tx=6, ty=114) at htmlclueflow.c:1338
#12 0xb78dc724 in html_object_draw (o=0x8540860, p=0x8363dd8, x=-6,
y=-114, 
    width=904, height=406, tx=6, ty=114) at htmlobject.c:1042
#13 0xb789d96f in draw (o=0x8785418, p=0x8363dd8, x=-6, y=-6, width=904,

    height=406, tx=6, ty=114) at htmlclue.c:270
#14 0xb78a7862 in draw (o=0x8785418, p=0x8363dd8, x=-6, y=-6, width=904,

    height=406, tx=6, ty=6) at htmlcluev.c:395
#15 0xb78dc724 in html_object_draw (o=0x8785418, p=0x8363dd8, x=-6,
y=-6, 
    width=904, height=406, tx=6, ty=6) at htmlobject.c:1042
#16 0xb789d96f in draw (o=0x85392b8, p=0x8363dd8, x=0, y=0, width=904, 
    height=406, tx=6, ty=6) at htmlclue.c:270
#17 0xb78a7862 in draw (o=0x85392b8, p=0x8363dd8, x=0, y=0, width=904, 
    height=406, tx=0, ty=0) at htmlcluev.c:395
#18 0xb78dc724 in html_object_draw (o=0x85392b8, p=0x8363dd8, x=0, y=0,

    width=904, height=406, tx=0, ty=0) at htmlobject.c:1042
#19 0xb78cbe47 in html_engine_draw_real (e=0x8363470, x=0, y=0,
width=904, 
    height=406, expose=1) at htmlengine.c:4803
#20 0xb78cbf2d in html_engine_expose (e=0x8363470, event=0xbfde1b40)
    at htmlengine.c:4819
#21 0xb788cf33 in expose (widget=0x83559f8, event=0xbfde1b40)
    at gtkhtml.c:1066
#22 0xb70bf02c in _gtk_marshal_BOOLEAN__BOXED ()
   from /usr/lib/libgtk-x11-2.0.so.0
#23 0xb6c38d75 in g_cclosure_new_swap () from
/usr/lib/libgobject-2.0.so.0
#24 0xb6c393a8 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#25 0xb6c47c9f in g_signal_stop_emission () from
/usr/lib/libgobject-2.0.so.0
#26 0xb6c48ec3 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#27 0xb6c494c3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#28 0xb71a116f in gtk_widget_activate () from
/usr/lib/libgtk-x11-2.0.so.0
#29 0xb70bdd72 in gtk_main_do_event () from
/usr/lib/libgtk-x11-2.0.so.0
#30 0xb6f4fbfa in gdk_window_clear_area_e () from
/usr/lib/libgdk-x11-2.0.so.0
#31 0xb6f4fccd in gdk_window_process_all_updates ()
   from /usr/lib/libgdk-x11-2.0.so.0
#32 0xb70356c5 in gtk_container_check_resize ()
   from /usr/lib/libgtk-x11-2.0.so.0
#33 0xb6bcf750 in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
#34 0xb6bcd4ee in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#35 0xb6bd04f6 in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
#36 0xb6bd07e3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#37 0xb7348590 in bonobo_main () from /usr/lib/libbonobo-2.so.0
#38 0x08061324 in main ()

Thread 8 (Thread -1237140560 (LWP 8110)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb727ac96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb79f48b7 in pthread_cond_wait () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7aa6fc8 in e_msgport_wait () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#4  0xb7aa76a9 in e_thread_busy () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#5  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 7 (Thread -1245533264 (LWP 8111)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb727ac96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb79f48b7 in pthread_cond_wait () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7aa6fc8 in e_msgport_wait () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#4  0xb7aa76a9 in e_thread_busy () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#5  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 6 (Thread -1253925968 (LWP 8112)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb727ac96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb79f48b7 in pthread_cond_wait () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7aa6fc8 in e_msgport_wait () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#4  0xb7aa76a9 in e_thread_busy () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#5  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 5 (Thread -1262318672 (LWP 8114)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb727ac96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb79f48b7 in pthread_cond_wait () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7aa6fc8 in e_msgport_wait () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#4  0xb7aa76a9 in e_thread_busy () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#5  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 4 (Thread -1272972368 (LWP 8115)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb727ac96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb79f48b7 in pthread_cond_wait () from
/lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0xb7aa6fc8 in e_msgport_wait () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#4  0xb7aa76a9 in e_thread_busy () from
/usr/lib/libedataserver-1.2.so.4
No symbol table info available.
#5  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 3 (Thread -1292309584 (LWP 8124)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb79de0f4 in poll () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb6bd0348 in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#3  0xb6bd07e3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#4  0xb7e0c3cb in e_book_set_default_source () from
/usr/lib/libebook-1.2.so.5
No symbol table info available.
#5  0xb6be98c4 in g_static_private_free () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#6  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#7  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 2 (Thread -1300702288 (LWP 8125)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb79de0f4 in poll () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb6bd0348 in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#3  0xb6bd07e3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#4  0xb72c837e in link_thread_io_context () from
/usr/lib/libORBit-2.so.0
No symbol table info available.
#5  0xb6be98c4 in g_static_private_free () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#6  0xb7278361 in start_thread () from
/lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#7  0xb79e7bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 1 (Thread -1230275776 (LWP 8106)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb79aa56b in waitpid () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb7828508 in libgnomeui_module_info_get ()
   from /usr/lib/libgnomeui-2.so.0
No symbol table info available.
#3  0x08060cac in es_menu_hook_get_type ()
No symbol table info available.
#4  <signal handler called>
No symbol table info available.
#5  0xb78fc274 in get_glyph_items_in_range (slave=0x87feb28, 
    painter=0x8363dd8, start_offset=488, len=105) at
htmltextslave.c:608
	tmp_gi = (PangoGlyphItem *) 0x0
	split_index = 1
	glyph_item = (HTMLTextSlaveGlyphItem *) 0x8744740
	item = (PangoItem *) 0x8811d08
	pi = (HTMLTextPangoInfo *) 0x8809dc0
	i = 19
	offset = 487
	end_offset = 593
	n_items = 0
	glyph_items = (GSList *) 0x0
#6  0xb78fc4a1 in html_text_slave_get_glyph_items (slave=0x87feb28, 
    painter=0x8363dd8) at htmltextslave.c:667
No locals.
#7  0xb78fc901 in draw_text (self=0x87feb28, p=0x8363dd8,
font_style=131, 
    x=-17, y=-261, width=904, height=406, tx=17, ty=261)
    at htmltextslave.c:782
	obj = (HTMLObject *) 0x87feb28
	text = (HTMLText *) 0x85408e0
	cur = (GSList *) 0x3
	run_width = 0
	selection_start_index = -1075965352
	selection_end_index = -1225482464
	isect_start = 488
	isect_end = 0
	selection = 0
	selection_fg = {pixel = 3079290470, red = 0, green = 0, blue = 892}
	selection_bg = {pixel = 139694776, red = 1, green = 0, blue = 4616}
	e = (HTMLEngine *) 0x8363470
#8  0xb78fd23a in draw (o=0x87feb28, p=0x8363dd8, x=-17, y=-261,
width=904, 
    height=406, tx=17, ty=261) at htmltextslave.c:929
	slave = (HTMLTextSlave *) 0x87feb28
	owner = (HTMLText *) 0x85408e0
	font_style = 131
	end = 593
	paint = {x = 0, y = 85, width = 834, height = 17}
#9  0xb78dc724 in html_object_draw (o=0x87feb28, p=0x8363dd8, x=-17,
y=-261, 
    width=904, height=406, tx=17, ty=261) at htmlobject.c:1042
No locals.
#10 0xb789d96f in draw (o=0x8540860, p=0x8363dd8, x=-6, y=-114,
width=904, 
    height=406, tx=17, ty=261) at htmlclue.c:270
	obj = (HTMLObject *) 0x87feb28
#11 0xb78a201b in draw (self=0x8540860, painter=0x8363dd8, x=-6, y=-114,

    width=904, height=406, tx=6, ty=114) at htmlclueflow.c:1338
No locals.
#12 0xb78dc724 in html_object_draw (o=0x8540860, p=0x8363dd8, x=-6,
y=-114, 
    width=904, height=406, tx=6, ty=114) at htmlobject.c:1042
No locals.
#13 0xb789d96f in draw (o=0x8785418, p=0x8363dd8, x=-6, y=-6, width=904,

    height=406, tx=6, ty=114) at htmlclue.c:270
	obj = (HTMLObject *) 0x8540860
#14 0xb78a7862 in draw (o=0x8785418, p=0x8363dd8, x=-6, y=-6, width=904,

    height=406, tx=6, ty=6) at htmlcluev.c:395
	aclue = (HTMLObject *) 0xfffffffa
	cluev = (HTMLClueV *) 0x8785418
	paint = {x = 0, y = 108, width = 892, height = 292}
#15 0xb78dc724 in html_object_draw (o=0x8785418, p=0x8363dd8, x=-6,
y=-6, 
    width=904, height=406, tx=6, ty=6) at htmlobject.c:1042
No locals.
#16 0xb789d96f in draw (o=0x85392b8, p=0x8363dd8, x=0, y=0, width=904, 
    height=406, tx=6, ty=6) at htmlclue.c:270
	obj = (HTMLObject *) 0x8785418
#17 0xb78a7862 in draw (o=0x85392b8, p=0x8363dd8, x=0, y=0, width=904, 
    height=406, tx=0, ty=0) at htmlcluev.c:395
	aclue = (HTMLObject *) 0xb78caaaf
	cluev = (HTMLClueV *) 0x85392b8
	paint = {x = 6, y = 6, width = 892, height = 400}
#18 0xb78dc724 in html_object_draw (o=0x85392b8, p=0x8363dd8, x=0, y=0,

    width=904, height=406, tx=0, ty=0) at htmlobject.c:1042
No locals.
#19 0xb78cbe47 in html_engine_draw_real (e=0x8363470, x=0, y=0,
width=904, 
    height=406, expose=1) at htmlengine.c:4803
	x1 = 0
	x2 = 904
	y1 = 0
	y2 = 406
#20 0xb78cbf2d in html_engine_expose (e=0x8363470, event=0xbfde1b40)
    at htmlengine.c:4819
No locals.
#21 0xb788cf33 in expose (widget=0x83559f8, event=0xbfde1b40)
    at gtkhtml.c:1066
No locals.
#22 0xb70bf02c in _gtk_marshal_BOOLEAN__BOXED ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#23 0xb6c38d75 in g_cclosure_new_swap () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#24 0xb6c393a8 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#25 0xb6c47c9f in g_signal_stop_emission () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#26 0xb6c48ec3 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#27 0xb6c494c3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#28 0xb71a116f in gtk_widget_activate () from
/usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#29 0xb70bdd72 in gtk_main_do_event () from
/usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#30 0xb6f4fbfa in gdk_window_clear_area_e () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#31 0xb6f4fccd in gdk_window_process_all_updates ()
   from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#32 0xb70356c5 in gtk_container_check_resize ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#33 0xb6bcf750 in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#34 0xb6bcd4ee in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#35 0xb6bd04f6 in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#36 0xb6bd07e3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#37 0xb7348590 in bonobo_main () from /usr/lib/libbonobo-2.so.0
No symbol table info available.
#38 0x08061324 in main ()
No symbol table info available.
#0  0xffffe410 in __kernel_vsyscall ()

More information about the desktop-bugs mailing list