[Users] [Bug 4467] New: Crash when unloading RSSyl plugin

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Tue Apr 6 03:12:35 CEST 2021 

https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4467

            Bug ID: 4467
           Summary: Crash when unloading RSSyl plugin
           Product: Claws Mail
           Version: 3.17.8
          Hardware: PC
                OS: Windows 10
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Plugins/RSSyl
          Assignee: users at lists.claws-mail.org
          Reporter: jonathan at claws-mail.org

Claws crashes with heap corruption or an access violation when unloading the
RSSyl plugin, depending on the configuration.

rssyl_destroy_folder() calls folder_local_destroy_folder() on the Folder*
parameter, which doesn't appear to be a LocalFolder.

With appverifier enabled, the Folder is allocated at the end of a page with an
unmapped page immediately following.  Casting it to a LocalFolder and accessing
rootpath crosses into the unmapped page.

The crash happens in folder_local_folder_destroy() either when trying to access
the rootpath member, or shortly afterwards when freeing it.  

Backtrace:
 # Call Site
00 claws_mail!folder_local_folder_destroy+0x45
[..\..\claws-mail-3.17.8\src\localfolder.c @ 38] 
01 rssyl!rssyl_destroy_folder+0x15
[..\..\..\..\claws-mail-3.17.8\src\plugins\rssyl\rssyl.c @ 263] 
02 claws_mail!folder_destroy+0xa2 [..\..\claws-mail-3.17.8\src\folder.c @ 279] 
03 claws_mail!folder_unregister_class+0xc7
[..\..\claws-mail-3.17.8\src\folder.c @ 165] 
04 rssyl!rssyl_done+0x4d
[..\..\..\..\claws-mail-3.17.8\src\plugins\rssyl\rssyl.c @ 177] 
05 rssyl!plugin_done+0xd
[..\..\..\..\claws-mail-3.17.8\src\plugins\rssyl\plugin.c @ 55] 
06 claws_mail!plugin_unload+0x74
[..\..\..\claws-mail-3.17.8\src\common\plugin.c @ 547] 
07 claws_mail!unload_cb+0x68 [..\..\..\claws-mail-3.17.8\src\gtk\pluginwindow.c
@ 190] 
08 libgobject_2_0_0!g_closure_invoke+0x183
09 libgobject_2_0_0!g_signal_handler_disconnect+0x11d5
0a libgobject_2_0_0!g_signal_emit_valist+0x94d
0b libgobject_2_0_0!g_signal_emit+0x18
0c libgtk_win32_2_0_0!gtk_button_clicked+0x205
0d libgobject_2_0_0!g_closure_invoke+0x183
0e libgobject_2_0_0!g_signal_handler_disconnect+0x1333
0f libgobject_2_0_0!g_signal_emit_valist+0x94d
10 libgobject_2_0_0!g_signal_emit+0x18
11 libgtk_win32_2_0_0!gtk_button_released+0x89
12 libgtk_win32_2_0_0!gtk_marshal_VOID__UINT_STRING+0x117
13 libgobject_2_0_0!g_closure_invoke+0x183
14 libgobject_2_0_0!g_signal_handler_disconnect+0x93c
15 libgobject_2_0_0!g_signal_emit_valist+0x65f
16 libgobject_2_0_0!g_signal_emit+0x18
17 libgtk_win32_2_0_0!gtk_widget_translate_coordinates+0x4ed
18 libgtk_win32_2_0_0!gtk_propagate_event+0xa1
19 libgtk_win32_2_0_0!gtk_main_do_event+0x2ab
1a libgdk_win32_2_0_0!gdk_win32_drawable_get_handle+0xcda
1b libglib_2_0_0!g_main_context_dispatch+0x253
1c libglib_2_0_0!g_main_context_dispatch+0x458
1d libglib_2_0_0!g_main_loop_run+0x74
1e libgtk_win32_2_0_0!gtk_main+0xa0
1f claws_mail!main+0x151e [..\..\claws-mail-3.17.8\src\main.c @ 1666] 
20 claws_mail!__tmainCRTStartup+0x247 [.\mingw-w64-crt\crt\crtexe.c @ 341] 
21 claws_mail!WinMainCRTStartup+0x1b [.\mingw-w64-crt\crt\crtexe.c @ 197] 
22 KERNEL32!BaseThreadInitThunk+0x14
23 ntdll!RtlUserThreadStart+0x21

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list