[Alpine-info] Crash on calendar invite;
ical_parse_generic_comp() NULL pointer
Eduardo Chappa via Alpine-info
alpine-info at u.washington.edu
Thu Sep 11 11:46:57 PDT 2025
Dear Mark,
thank you for the report, and apologies for the inconvenience. Any
chance you can share with me a copy of the invitation so I can debug it? I
see your report, but I do not understand why it crashed yet. My email
address is alpine.chappa at yandex.com.
Thank you.
--
Eduardo
On Thu, 11 Sep 2025, Mark Hills via Alpine-info wrote:
> In general, calendar invitation emails are working though I rarely receive
> them.
>
> In this case I have one that crashes Alpine.
>
> The actual email contains private names and information, so I won't share
> it here on a public list (though happy to provide in private if
> needed). It originates from lfx.linuxfoundation.org.
>
> However I think there's some good clear debug below, showing the parser
> dereferencing a NULL pointer on a piece of content.
>
> This is current Git master (fb3f153ac) on Slackware-current.
>
> ---
>
> Program terminated with signal SIGABRT, Aborted.
> #0 0x00007f4a2989d7a1 in pthread_kill@@GLIBC_2.34 () from
> /lib64/libc.so.6
> [Current thread is 1 (Thread 0x7f4a2a20f780 (LWP 26832))]
> (gdb) bt
> #0 0x00007f4a2989d7a1 in pthread_kill@@GLIBC_2.34 () from /lib64/libc.so.6
> #1 0x00007f4a29844092 in raise () from /lib64/libc.so.6
> #2 0x00007f4a29828ed2 in abort () from /lib64/libc.so.6
> #3 0x0000000000409ef2 in coredump () at coredump.c:25
> #4 0x000000000042f036 in alpine_panic (
> message=message at entry=0x7ffe34300c40 "Received abort signal(sig=11)")
> at alpine.c:3517
> #5 0x00000000004d8feb in auger_in_signal (sig=11) at signal.c:187
> #6 <signal handler called>
> #7 0x00007f4a29981c99 in __strlen_avx2 () from /lib64/libc.so.6
> #8 0x0000000000573533 in ical_parse_generic_comp (
> text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1398
> #9 0x000000000057397f in ical_parse_unknown_comp (
> text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1497
> #10 0x0000000000575735 in ical_parse_vcalendar (text=text at entry=0x7ffe34301480)
> at ical.c:902
> #11 0x0000000000575868 in ical_parse_text (text=<optimized out>) at ical.c:693
> #12 0x000000000059e66f in format_calendar (msgno=msgno at entry=242,
> body=body at entry=0xe320830, handlesp=handlesp at entry=0x7ffe34301618,
> flgs=flgs at entry=3, width=width at entry=80,
> pc=pc at entry=0x49a2d0 <view_writec>) at mailview.c:543
> #13 0x000000000059f509 in format_message (msgno=msgno at entry=242,
> env=env at entry=0xe324ee0, body=0xe320830,
> handlesp=handlesp at entry=0x7ffe34301618, flgs=flgs at entry=3,
> pc=pc at entry=0x49a2d0 <view_writec>) at mailview.c:196
> #14 0x00000000004a3fd3 in mail_view_screen (ps=0xe289010) at mailview.c:334
> #15 0x000000000040bcce in main (argc=<optimized out>, argv=<optimized out>)
> at alpine.c:1447
> (gdb) up 8
> #8 0x0000000000573533 in ical_parse_generic_comp (
> text=text at entry=0x7ffe343013f8, level=level at entry=0) at ical.c:1398
> 1398 token = fs_get(strlen(ical->comp) + 2 + 1);
> (gdb) list
> 1393 ical_debug("ical_parse_generic_comp", *text);
> 1394 ical = fs_get(sizeof(ICAL_S));
> 1395 memset((void *)ical, 0, sizeof(ICAL_S));
> 1396
> 1397 ical->comp = ical_get_value(text);
> 1398 token = fs_get(strlen(ical->comp) + 2 + 1);
> 1399 sprintf(token, "%s\r\n", ical->comp); /* this is allocated memory */
> 1400
> 1401 /* s must always point the the beginning of a line */
> 1402 for(s = *text; s && *s != '\0';){
> (gdb) print ical->comp
> $1 = 0x0
> (gdb) print *ical
> $2 = {comp = 0x0, value = 0x0, branch = 0x0, next = 0x0}
> (gdb) print text
> $3 = (char **) 0x7ffe343013f8
> (gdb) print *text
> $4 = 0xe332e8b
> "ATTENDEE;VALUE=TEXT:mark at XXXX.org\r\nCREATED;TZID=America/New_York:20250828T154222\r\nDESCRIPTION:\\nYou have been invited to a meeting for XXXXXXX\\n\\n\\n\\nWays to join meeting:\\n\\n1. Join from PC\\, Mac\\, i"...
> (gdb)
>
>
More information about the Alpine-info
mailing list