D28876: Fix KMail crash when adding too many recipients
Jonathan Marten
noreply at phabricator.kde.org
Thu Apr 16 12:01:35 BST 2020
marten created this revision.
marten added a reviewer: KDE PIM.
Herald added a project: KDE PIM.
Herald added a subscriber: kde-pim.
marten requested review of this revision.
REVISION SUMMARY
There is a maximum number of recipients set in Configure KMail - Composer - General - Maximum number of recipient entries. If this limit is exceeded then a message "We can not add more recipients. We have reached maximum recipients" is shown and no more are accepted. The problem is that, when the limit is hit and the message appears, MultiplyingLineView::addLine() returns a null pointer but MultiplyingLineView::slotReturnPressed() uses the pointer without a check, so crashing KMail.
To reproduce: Set the limit to an impracticably small number (e.g. 3).
Start a new KMail composer and enter two recipients.
Start to type a third, the error message is shown but a popup list of completed addresses still appears. This is wrong, because we are entering the third address which is within the limit so far.
Click on one of the addresses, the error message is shown again. This is again wrong, because so far there are still only three addresses.
Press Return, the error message is shown yet again. This is now correct, because there are already 3 addresses and no more can be added.
Dismiss the error box, KMail crashes with a null pointer dereference in MultiplyingLineView::activateLine().
There is obviously a deeper problem here because the error box is shown when it is not appropriate (when the 3rd address is being entered) which needs investigation, but this change at least fixes the crash.
The problem can also be triggered by doing a reply-all to a message with too many recipients. This is more serious because if KMail crashes as a result, on the next startup it will try to reload the autosaved message into the composer which will trigger the same problem. This makes KMail unusable unless that autosave file is removed manually.
TEST PLAN
Built libkdepim with this change, observed that there is no crash when trying to enter too many recipient addresses as above.
REPOSITORY
R89 PIM: Libraries
REVISION DETAIL
https://phabricator.kde.org/D28876
AFFECTED FILES
src/libkdepim/multiplyingline/multiplyinglineview_p.cpp
To: marten, #kde_pim
Cc: kde-pim, fbampaloukas, dcaliste, dvasin, rodsevich, winterz, vkrause, mlaurent, knauss, dvratil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20200416/eb6e43ed/attachment.html>
More information about the kde-pim
mailing list