Re: mutt_free_header -> free -> mutt_sort_headers -> segfault
Hi!
On Fri, Oct 31, 2003 at 12:00:20AM -0000, q4xk3j002@xxxxxxxxxxxxxx wrote:
> current[*] mutt 1.5.4 cvs is using already freed memory
>
> NOTE: Cc possible replies/extra questions to me.
[snip]
> Program received signal SIGSEGV, Segmentation fault.
> 0x4027c5da in strcmp () from /lib/libc.so.6
> (gdb) bt
> #0 0x4027c5da in strcmp () from /lib/libc.so.6
> #1 0x080b6d3a in mutt_strcmp (a=0x4f24cff8 "\002", b=0x0) at lib.c:574
> #2 0x08078765 in hash_find_hash (table=0x4f24cff8, hash=0,
> key=0x4f5a1fc0
> "<37jpyiljbviy4e46gtffe4kabrmk4dhq@xxxxxxxxxxxxxxxxxxxxxxxxxx>")
> at hash.c:104
> #3 0x080b3e7b in mutt_sort_threads (ctx=0x4e07bf9c, init=0) at thread.c:778
> #4 0x080b12b2 in mutt_sort_headers (ctx=0x4e07bf9c, init=0) at sort.c:234
> #5 0x080631a8 in update_index (menu=0x4e0c9fa8, ctx=0x4e07bf9c, check=1,
> oldcount=0,
> index_hint=0) at curs_main.c:313
> #6 0x08063803 in mutt_index_menu () at curs_main.c:488
> #7 0x08080291 in main (argc=1, argv=0xbfffea64) at main.c:907
> #8 0x40217907 in __libc_start_main () from /lib/libc.so.6
Does this fix? This at least fixed the case when you tag-copy several
messages into a maildir just after removing previously contained messages
(I've tested this on one of my FreeBSD box with MALLOC_OPTIONS set to AJ).
I think this is because stale entries in the thread_hash confuse some of
the functions when mutt merges external changes to the mailbox.
Index: sort.c
===================================================================
RCS file: /home/roessler/cvs/mutt/sort.c,v
retrieving revision 3.4
diff -u -r3.4 sort.c
--- sort.c 5 Mar 2003 21:18:24 -0000 3.4
+++ sort.c 11 Nov 2003 18:21:27 -0000
@@ -195,6 +195,8 @@
*/
ctx->vcount = 0;
ctx->tree = 0;
+ if (ctx->thread_hash)
+ hash_destroy(&ctx->thread_hash, *free);
return; /* nothing to do! */
}