Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232576 - *** buffer overflow detected ***: evolution terminated
Summary: *** buffer overflow detected ***: evolution terminated
Alias: None
Product: Fedora
Classification: Fedora
Component: cairo
Version: rawhide
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Behdad Esfahbod
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-16 06:51 UTC by sangu
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.4.2-1.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-04-04 11:50:49 UTC

Attachments (Terms of Use)
evolution backtrace file (deleted)
2007-03-16 06:51 UTC, sangu
no flags Details
~/.xsession-errors (deleted)
2007-03-16 06:52 UTC, sangu
no flags Details
Patch (deleted)
2007-03-16 12:47 UTC, Matthew Barnes
no flags Details | Diff

Description sangu 2007-03-16 06:51:11 UTC
Description of problem:
Clicking printview on calendar, *** buffer overflow detected ***: evolution

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. click print preview
Additional info:

Comment 1 sangu 2007-03-16 06:51:11 UTC
Created attachment 150199 [details]
evolution backtrace file

Comment 2 sangu 2007-03-16 06:52:08 UTC
Created attachment 150200 [details]

Comment 3 sangu 2007-03-16 06:57:49 UTC
Clicking print preview, ***  buffer overflow detected ***:  evolution
terminatedin  all evo component.

Comment 4 Matthew Barnes 2007-03-16 11:54:10 UTC
Thanks for reporting this.

Can you give some more information about what you were trying to print when this
happened?  What calendar view were you printing (day, week, month, etc)?  Does
printing in other calendar views cause the same crash?  Were you using any
special page settings?

Such details will help me narrow down the search.

Comment 5 Matthew Barnes 2007-03-16 12:01:45 UTC
Actually, I can reproduce this too and it seems to be ALL calendar views that
are crashing.  This was working fine a few weeks ago and there have been no
changes to the printing code since then.  The backtraces all show the crash
originating from Cairo.  Could this possibly be a recently-introduced Cairo bug?

Comment 6 sangu 2007-03-16 12:19:38 UTC
in attachment 50199
#11 0x00af00ac in cairo_truetype_font_write_post_table (font=0x9fef5c0, 
    tag=1886352244) at cairo-truetype-subset.c:698
Please See :
cairo-truetype-subset.c:698: warning: call to __builtin___snprintf_chk will
always overflow destination buffer

cairo bug?

Comment 7 Matthew Barnes 2007-03-16 12:45:51 UTC
Indeed, this seems to be a Cairo bug.

In cairo_truetype_font_write_post_table() we have:

    char buf[10];


    for (i = 1; i < font->base.num_glyphs; i++) {
        n = snprintf(buf + 1, 10, "g%d", i - 1);

The length being passed to snprintf() is 10, even though we're only pointing at
the last 9 characters of the 'buf'.  Changing the length to 9 fixed the print
preview crash in Evolution.

Reassigning to cairo.

Comment 8 Matthew Barnes 2007-03-16 12:47:23 UTC
Created attachment 150219 [details]

This patch seems to fix the Evolution crash.

Comment 9 Behdad Esfahbod 2007-03-16 19:09:57 UTC
Will be fixed in cairo-1.4.2 due to be out today...

Note You need to log in before you can comment on or make changes to this bug.