[Evolution] Bug#495530: [evolution] Evolution craches on startup

Sun Aug 24 23:00:16 UTC 2008

On Sat, 2008-08-23 at 10:24 +0200, H.A.J. Koster wrote:
> I did an strace, but my output looks different from that of the OP. I
> don't want to hijack his bug report, so just ignore this message if you
> think it doesn't relate.
Same here. Looks like a quite similar problem with the same effect:
Evolution crashes on startup due to SIGABRT. BTW offline-mode (via
evolution --offline) doesn't help here, but bypassing mail component
(e.g. via evoltuion -c calendar) does. Valgrind tells me:

==11366== Invalid write of size 8
==11366==    at 0xC7E20D4: xmlParseEntityDecl (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E27E5: xmlParseMarkupDecl (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E287D: (within /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E3625: xmlParseChunk (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0x1D3E0CCF: (within /usr/lib/librsvg-2.so.2.22.2)
==11366==    by 0x1D1B9D7B: (within /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so)
==11366==    by 0xCFB6269: (within /usr/lib/libgdk_pixbuf-2.0.so.0.1200.11)
==11366==    by 0xCFB6EA3: gdk_pixbuf_new_from_file (in /usr/lib/libgdk_pixbuf-2.0.so.0.1200.11)
==11366==    by 0x6ACDCF3: (within /usr/lib/evolution/2.22/libeutil.so.0.0.0)
==11366==    by 0x6ACE332: e_icon_factory_get_icon (in /usr/lib/evolution/2.22/libeutil.so.0.0.0)
==11366==    by 0x187A12E6: (within /usr/lib/evolution/2.22/components/libevolution-mail.so)
==11366==    by 0xF9F829C: g_type_class_ref (in /usr/lib/libgobject-2.0.so.0.1600.4)
==11366==  Address 0x163fa9d8 is 0 bytes after a block of size 136 alloc'd
==11366==    at 0x4C20FEB: malloc (vg_replace_malloc.c:207)
==11366==    by 0x1D3E29C1: (within /usr/lib/librsvg-2.so.2.22.2)
==11366==    by 0xC7E2572: xmlParseEntityDecl (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E27E5: xmlParseMarkupDecl (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E287D: (within /usr/lib/libxml2.so.2.6.32)
==11366==    by 0xC7E3625: xmlParseChunk (in /usr/lib/libxml2.so.2.6.32)
==11366==    by 0x1D3E0CCF: (within /usr/lib/librsvg-2.so.2.22.2)
==11366==    by 0x1D1B9D7B: (within /usr/lib/gtk-2.0/2.10.0/loaders/svg_loader.so)
==11366==    by 0xCFB6269: (within /usr/lib/libgdk_pixbuf-2.0.so.0.1200.11)
==11366==    by 0xCFB6EA3: gdk_pixbuf_new_from_file (in /usr/lib/libgdk_pixbuf-2.0.so.0.1200.11)
==11366==    by 0x6ACDCF3: (within /usr/lib/evolution/2.22/libeutil.so.0.0.0)
==11366==    by 0x6ACE332: e_icon_factory_get_icon (in /usr/lib/evolution/2.22/libeutil.so.0.0.0)

The error occurs since CVE-2008-3281 has been fixed in libxml2.
Downgrading from 2.6.32.dfsg-2+lenny1 to 2.6.32.dfsg-2 solves the
problem. Can anyone confirm?