[Alpine-info] Crash on calendar invite;
ical_parse_generic_comp() NULL pointer
Mark Hills via Alpine-info
alpine-info at u.washington.edu
Thu Sep 11 07:22:19 PDT 2025
In general, calendar invitation emails are working though I rarely receive
them.
In this case I have one that crashes Alpine.
The actual email contains private names and information, so I won't share
it here on a public list (though happy to provide in private if
needed). It originates from lfx.linuxfoundation.org.
However I think there's some good clear debug below, showing the parser
dereferencing a NULL pointer on a piece of content.
This is current Git master (fb3f153ac) on Slackware-current.
---
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f4a2989d7a1 in pthread_kill@@GLIBC_2.34 () from
/lib64/libc.so.6
[Current thread is 1 (Thread 0x7f4a2a20f780 (LWP 26832))]
(gdb) bt
#0 0x00007f4a2989d7a1 in pthread_kill@@GLIBC_2.34 () from /lib64/libc.so.6
#1 0x00007f4a29844092 in raise () from /lib64/libc.so.6
#2 0x00007f4a29828ed2 in abort () from /lib64/libc.so.6
#3 0x0000000000409ef2 in coredump () at coredump.c:25
#4 0x000000000042f036 in alpine_panic (
message=message at entry=0x7ffe34300c40 "Received abort signal(sig=11)")
at alpine.c:3517
#5 0x00000000004d8feb in auger_in_signal (sig=11) at signal.c:187
#6 <signal handler called>
#7 0x00007f4a29981c99 in __strlen_avx2 () from /lib64/libc.so.6
#8 0x0000000000573533 in ical_parse_generic_comp (
text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1398
#9 0x000000000057397f in ical_parse_unknown_comp (
text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1497
#10 0x0000000000575735 in ical_parse_vcalendar (text=text at entry=0x7ffe34301480)
at ical.c:902
#11 0x0000000000575868 in ical_parse_text (text=<optimized out>) at ical.c:693
#12 0x000000000059e66f in format_calendar (msgno=msgno at entry=242,
body=body at entry=0xe320830, handlesp=handlesp at entry=0x7ffe34301618,
flgs=flgs at entry=3, width=width at entry=80,
pc=pc at entry=0x49a2d0 <view_writec>) at mailview.c:543
#13 0x000000000059f509 in format_message (msgno=msgno at entry=242,
env=env at entry=0xe324ee0, body=0xe320830,
handlesp=handlesp at entry=0x7ffe34301618, flgs=flgs at entry=3,
pc=pc at entry=0x49a2d0 <view_writec>) at mailview.c:196
#14 0x00000000004a3fd3 in mail_view_screen (ps=0xe289010) at mailview.c:334
#15 0x000000000040bcce in main (argc=<optimized out>, argv=<optimized out>)
at alpine.c:1447
(gdb) up 8
#8 0x0000000000573533 in ical_parse_generic_comp (
text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1398
1398 token = fs_get(strlen(ical->comp) + 2 + 1);
(gdb) list
1393 ical_debug("ical_parse_generic_comp", *text);
1394 ical = fs_get(sizeof(ICAL_S));
1395 memset((void *)ical, 0, sizeof(ICAL_S));
1396
1397 ical->comp = ical_get_value(text);
1398 token = fs_get(strlen(ical->comp) + 2 + 1);
1399 sprintf(token, "%s\r\n", ical->comp); /* this is allocated memory */
1400
1401 /* s must always point the the beginning of a line */
1402 for(s = *text; s && *s != '\0';){
(gdb) print ical->comp
$1 = 0x0
(gdb) print *ical
$2 = {comp = 0x0, value = 0x0, branch = 0x0, next = 0x0}
(gdb) print text
$3 = (char **) 0x7ffe343013f8
(gdb) print *text
$4 = 0xe332e8b
"ATTENDEE;VALUE=TEXT:mark at XXXX.org\r\nCREATED;TZID=America/New_York:20250828T154222\r\nDESCRIPTION:\\nYou have been invited to a meeting for XXXXXXX\\n\\n\\n\\nWays to join meeting:\\n\\n1. Join from PC\\, Mac\\, i"...
(gdb)
--
Mark
More information about the Alpine-info
mailing list