I was having a coring problem with mutt 1.4.1 when displaying messages
that used non-ascii chars.
I put the code in the debugger, and got the following stacktrace:
(gdb) backtrace
#0 0xffff8bb8 in __memcpy ()
#1 0x0002018c in convert_to_state (cd=0x516720, bufi=0xbfffe180 "?bastien
Kirche <sebastien.kirche@xxxxxxxx> writes:\n\n> i have have a file that i am
currently editing under osx (actually my \n> .emacs) where i use the euro
sign.\n> So i save it with iso-latin-9-mac ("..., l=0xbfffe384, s=0xbfffe750)
at handler.c:114
#2 0x000205d8 in mutt_decode_quoted (s=0x7d0, len=-1073752000,
istext=1768828256, cd=0xbfffe750) at handler.c:272
#3 0x00023048 in mutt_decode_attachment (b=0xbfffd840, s=0x516720) at
handler.c:1725
#4 0x000234ec in mutt_body_handler (b=0x52e180, s=0xbfffe750) at handler.c:1897
#5 0x0000ff5c in _mutt_copy_message (fpout=0xa0009818, fpin=0xa0009870,
hdr=0x52e0e0, body=0x52e180, flags=76, chflags=150) at copy.c:535
#6 0x00010144 in mutt_copy_message (fpout=0x96, src=0x296e0ef9, hdr=0x0,
flags=-1610573800, chflags=76) at copy.c:603
#7 0x0000a2a0 in mutt_display_message (cur=0x52e0e0) at commands.c:142
#8 0x000143a0 in mutt_index_menu () at curs_main.c:1070
#9 0x00029aec in main (argc=55, argv=0x0) at main.c:841
Looking around, I determined that convert_to_state() did not reset the
length, *l, to 0 often enough. (I never determined why this would
be). This caused the text in mutt_decode_quoted()'s 'decline'
variable to overflow onto other local variables. This left that same
length variable, l, corrupted and looking VERY large. Instant crash.
This was not an intermittent bug, but happened every time I opened
certain mails. The only thing I can see about the problem mails is
that they have encoded chars in them.
I didn't look hard enough to know what a real fix would be, as I'm not
familiar with the mutt code at all. But I took the fact that 2*STRING
== 512 to make the change listed at the bottom of this mail. It
eliminates the overflow problem by calling state_prefix_put()
unconditionally whenever *l has crossed 400 chars long.
My crashes have stopped, so I thought I'd share this with the list,
even though I know a better fix needs to be made.
Also, attached is an example mail that caused mutt to core previous to
my bandaid 'fix'. I'm running on Mac OS X 10.3.
diff -ruN mutt-1.4.1/handler.c mutt-changed/handler.c
--- mutt-1.4.1/handler.c 2002-03-26 03:49:51.000000000 -0600
+++ mutt-changed/handler.c 2004-01-06 22:21:44.000000000 -0600
@@ -95,7 +95,8 @@
return;
}
- if (cd == (iconv_t)(-1))
+ if ( (cd == (iconv_t)(-1)) ||
+ (*l > 400))
{
state_prefix_put (bufi, *l, s);
*l = 0;
Return-Path: <emacs-devel-bounces+richardt=vzavenue.net@xxxxxxx>
Received: from mail.vzavenue.net [66.171.40.86]
by localhost with POP3 (fetchmail-6.2.5)
for richard@localhost (single-drop); Tue, 06 Jan 2004 21:01:36 -0600
(CST)
Received: from smtp2.vzavenue.net (smtp2.vzavenue.net [66.171.59.141] (may be
forged))
by mail.vzavenue.net (Mirapoint Messaging Server MOS 3.2.4-GA)
with SMTP id AWB71228;
Tue, 6 Jan 2004 20:51:29 -0500 (EST)
Received: from monty-python.gnu.org (monty-python.gnu.org [199.232.76.173])
by smtp2.vzavenue.net (Mirapoint Messaging Server MOS 3.2.4-GA)
with ESMTP id ARF44990;
Tue, 6 Jan 2004 20:51:18 -0500 (EST)
Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
by monty-python.gnu.org with esmtp (Exim 4.24)
id 1Ae3mO-0004zu-SW
for richardt@xxxxxxxxxxxx; Tue, 06 Jan 2004 21:50:44 -0500
Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24)
id 1Ae3mA-0004vw-HZ
for emacs-devel@xxxxxxx; Tue, 06 Jan 2004 21:50:30 -0500
Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24)
id 1Ae3lZ-0004oM-98
for emacs-devel@xxxxxxx; Tue, 06 Jan 2004 21:50:24 -0500
Received: from [192.47.44.130] (helo=tsukuba.m17n.org)
by monty-python.gnu.org with esmtp (Exim 4.24) id 1Ae3lY-0004le-EX
for emacs-devel@xxxxxxx; Tue, 06 Jan 2004 21:49:52 -0500
Received: from fs.m17n.org (fs.m17n.org [192.47.44.2])
by tsukuba.m17n.org (8.11.6p2/3.7W-20010518204228) with ESMTP id
i071mHh12415; Wed, 7 Jan 2004 10:48:17 +0900 (JST)
(envelope-from handa@xxxxxxxx)
Received: from etlken.m17n.org (etlken.m17n.org [192.47.44.125])
by fs.m17n.org (8.11.6/3.7W-20010823150639) with ESMTP id i071mGs28032;
Wed, 7 Jan 2004 10:48:17 +0900 (JST)
Received: (from handa@localhost)
by etlken.m17n.org (8.8.8+Sun/3.7W-2001040620) id KAA03549;
Wed, 7 Jan 2004 10:48:16 +0900 (JST)
Date: Wed, 7 Jan 2004 10:48:16 +0900 (JST)
Message-Id: <200401070148.KAA03549@xxxxxxxxxxxxxxx>
From: Kenichi Handa <handa@xxxxxxxx>
To: sebastien.kirche@xxxxxxxx
In-reply-to: <C88E4100-405E-11D8-9520-000393861220@xxxxxxxx> (message from
=?ISO-8859-1?Q?S=E9bastien?= Kirche on Tue, 6 Jan 2004 16:41:24 +0100)
References: <C88E4100-405E-11D8-9520-000393861220@xxxxxxxx>
User-Agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.2
Emacs/21.3 (sparc-sun-solaris2.6) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: emacs-devel@xxxxxxx
Subject: Re: "coding" in file variable list not effective
X-BeenThere: emacs-devel@xxxxxxx
X-Mailman-Version: 2.1.2
Precedence: list
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
<mailto:emacs-devel-request@xxxxxxx?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@xxxxxxx>
List-Help: <mailto:emacs-devel-request@xxxxxxx?subject=help>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
<mailto:emacs-devel-request@xxxxxxx?subject=subscribe>
Sender: emacs-devel-bounces+richardt=vzavenue.net@xxxxxxx
Errors-To: emacs-devel-bounces+richardt=vzavenue.net@xxxxxxx
In article <C88E4100-405E-11D8-9520-000393861220@xxxxxxxx>, S=E9bastien Kir=
che <sebastien.kirche@xxxxxxxx> writes:
> i have have a file that i am currently editing under osx (actually my=20
> .emacs) where i use the euro sign.
> So i save it with iso-latin-9-mac (iso-8859-15) encoding.
> To avoid typing the whole "C-x ret c iso-latin-9-mac C-x C-f filename"=20
> for further editing, i placed the setting "coding: iso-latin-9-mac" in=20
> my variable list at the end of file.
> I found that it has no effect : M-x describe-current-coding-system=20
> shows that i am still in iso-latin-1 which is my default file coding=20
> system.
> But if I place the setting in the first line between the -*- marks, the=20
> coding is used accordingly.
Thank you for the report. I've just installed the attached
fix.
---
Ken'ichi HANDA
handa@xxxxxxxx
* international/mule.el (set-auto-coding): Fix for the case that
end-of-line is only CR.
*** mule.el.~1.196.~ Wed Dec 3 16:34:51 2003
--- mule.el Wed Jan 7 10:41:30 2004
***************
*** 1662,1692 ****
(setq coding-system nil)))))
=20
;; If no coding: tag in the head, check the tail.
(when (and tail-found (not coding-system))
(goto-char tail-start)
! (search-forward "\n\^L" nil t)
(if (re-search-forward
! "^\\(.*\\)[ \t]*Local Variables:[ \t]*\\(.*\\)$" tail-end t)
! ;; The prefix is what comes before "local variables:" in its
! ;; line. The suffix is what comes after "local variables:"
;; in its line.
(let* ((prefix (regexp-quote (match-string 1)))
(suffix (regexp-quote (match-string 2)))
(re-coding
(concat
! "^" prefix
;; N.B. without the \n below, the regexp can
;; eat newlines.
! "[ \t]*coding[ \t]*:[ \t]*\\([^ \t\n]+\\)[ \t]*"
! suffix "$"))
(re-unibyte
(concat
! "^" prefix
! "[ \t]*unibyte[ \t]*:[ \t]*\\([^ \t\n]+\\)[ \t]*"
! suffix "$"))
(re-end
! (concat "^" prefix "[ \t]*End *:[ \t]*" suffix "$"))
! (pos (point)))
(re-search-forward re-end tail-end 'move)
(setq tail-end (point))
(goto-char pos)
--- 1662,1697 ----
(setq coding-system nil)))))
=20
;; If no coding: tag in the head, check the tail.
+ ;; Here we must pay attention to the case that the end-of-line
+ ;; is just "\r" and we can't use "^" nor "$" in regexp.
(when (and tail-found (not coding-system))
(goto-char tail-start)
! (re-search-forward "[\r\n]\^L" nil t)
(if (re-search-forward
! "[\r\n]\\([^[\r\n]*\\)[ \t]*Local Variables:[
\t]*\\([^\r\n]*\\)[=
\r\n]"=20
! tail-end t)
! ;; The prefix is what comes before "local variables:" in its
! ;; line. The suffix is what comes after "local variables:"
;; in its line.
(let* ((prefix (regexp-quote (match-string 1)))
(suffix (regexp-quote (match-string 2)))
(re-coding
(concat
! "[\r\n]" prefix
;; N.B. without the \n below, the regexp can
;; eat newlines.
! "[ \t]*coding[ \t]*:[ \t]*\\([^ \t\r\n]+\\)[ \t]*"
! suffix "[\r\n]"))
(re-unibyte
(concat
! "[\r\n]" prefix
! "[ \t]*unibyte[ \t]*:[ \t]*\\([^ \t\r\n]+\\)[ \t]*"
! suffix "[\r\n]"))
(re-end
! (concat "[\r\n]" prefix "[ \t]*End *:[ \t]*" suffix=20
! "[\r\n]?"))
! (pos (1- (point))))
! (forward-char -1) ; skip back \r or \n.
(re-search-forward re-end tail-end 'move)
(setq tail-end (point))
(goto-char pos)
_______________________________________________
Emacs-devel mailing list
Emacs-devel@xxxxxxx
http://mail.gnu.org/mailman/listinfo/emacs-devel
Attachment:
pgp9CxP9aSOPD.pgp
Description: PGP signature