Re: Fwd: Re: Segmentation fault
Hello Alex,
==23030== Invalid write of size 4
==23030== at 0x808EA84: mx_update_context (mx.c:1581)
==23030== by 0x80D677C: imap_read_headers (message.c:317)
==23030== by 0x80D27F0: imap_cmd_finish (command.c:266)
==23030== by 0x80D53D7: imap_check_mailbox (imap.c:1181)
==23030== by 0x808E53F: mx_check_mailbox (mx.c:1365)
==23030== by 0x806467E: mutt_index_menu (curs_main.c:479)
==23030== by 0x8082154: main (main.c:934)
==23030== Address 0x1BE58E40 is 0 bytes after a block of size 1480 alloc'd
==23030== at 0x1B902A2F: realloc (vg_replace_malloc.c:197)
==23030== by 0x80B9467: safe_realloc (lib.c:109)
==23030== by 0x808E95A: mx_alloc_memory (mx.c:1547)
==23030== by 0x80D61D3: imap_read_headers (message.c:118)
==23030== by 0x80D27F0: imap_cmd_finish (command.c:266)
==23030== by 0x80D53D7: imap_check_mailbox (imap.c:1181)
==23030== by 0x808E53F: mx_check_mailbox (mx.c:1365)
==23030== by 0x806467E: mutt_index_menu (curs_main.c:479)
==23030== by 0x8082154: main (main.c:934)
==23030== Warning: invalid file descriptor -1 in syscall close()
==3476==
Brendan, can you say something to this one? It seems that there isn't enough
space allocated to handle all the headers. I included a maybe work
around in my patch.
==4365== Invalid read of size 1
==4365== at 0x1B901A60: strcmp (mac_replace_strmem.c:249)
==4365== by 0x80BA2AC: mutt_strcmp (lib.c:637)
==4365== by 0x807A4F2: hash_delete_hash (hash.c:127)
==4365== Invalid read of size 1
==4365== at 0x1B901A63: strcmp (mac_replace_strmem.c:250)
==4365== by 0x80BA2AC: mutt_strcmp (lib.c:637)
==4365== by 0x807A474: hash_find_hash (hash.c:108)
these two come from my faulty patch, I guess. So here is another patch which
hopefully doesn't break anything. I tried a much simpler approch. However I
still don't see how the old one was broke. Apply diff against CVS HEAD;
or delta against your current tree.
Sorting mailbox...
Program received signal SIGSEGV, Segmentation fault.
0x080b738f in mutt_sort_threads (ctx=0x8103d90, init=0) at thread.c:859
859 tmp = new->next;
(gdb) p new
$1 = (THREAD *) 0x162
(gdb) i s
#0 0x080b738f in mutt_sort_threads (ctx=0x8103d90, init=0) at thread.c:859
#1 0x080b4561 in mutt_sort_headers (ctx=0x8103d90, init=0) at sort.c:291
#2 0x080640b7 in update_index (menu=0x8172740, ctx=0x8103d90, check=1,
oldcount=343, index_hint=330) at curs_main.c:317
#3 0x08064712 in mutt_index_menu () at curs_main.c:492
#4 0x08082155 in main (argc=1, argv=0xbfffe404) at main.c:934
#5 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) p thread
$2 = (THREAD *) 0x8126e70
(gdb) p *thread
$3 = {fake_thread = 0, duplicate_thread = 0, sort_children = 0,
check_subject = 0, visible = 0, deep = 1, subtree_visible = 1,
next_subtree_visible = 1, parent = 0xbfffd420, child = 0x162,
next = 0x8126e90, prev = 0x8129b50, message = 0x81688a0,
sort_key = 0x81688a0}
(gdb) p tmp
$4 = (THREAD *) 0x0
no idea where this comes from.
Thomas
diff --git a/hash.c b/hash.c
--- a/hash.c
+++ b/hash.c
@@ -114,8 +114,12 @@ void *hash_find_hash (const HASH * table
void hash_delete_hash (HASH * table, int hash, const char *key, const void
*data,
void (*destroy) (void *))
{
- struct hash_elem *ptr = table->table[hash];
- struct hash_elem **last = &table->table[hash];
+ struct hash_elem *ptr;
+ struct hash_elem **last;
+
+again:
+ ptr = table->table[hash];
+ last = &table->table[hash];
for (; ptr; last = &ptr->next, ptr = ptr->next)
{
@@ -128,7 +132,7 @@ void hash_delete_hash (HASH * table, int
*last = ptr->next;
if (destroy) destroy (ptr->data);
FREE (&ptr);
- return;
+ goto again;
}
}
}
diff --git a/imap/message.c b/imap/message.c
--- a/imap/message.c
+++ b/imap/message.c
@@ -314,7 +314,10 @@ int imap_read_headers (IMAP_DATA* idata,
fclose(fp);
if (ctx->msgcount > oldmsgcount)
+ {
+ mx_alloc_memory(ctx);
mx_update_context (ctx, ctx->msgcount - oldmsgcount);
+ }
return msgend;
}
@@ -469,6 +472,8 @@ int imap_fetch_message (MESSAGE *msg, CO
hash_delete (ctx->id_hash, h->env->message_id, h, NULL);
if (ctx->subj_hash && h->env->real_subj)
hash_delete (ctx->subj_hash, h->env->real_subj, h, NULL);
+ if (ctx->thread_hash && h->env->message_id)
+ hash_delete (ctx->thread_hash, h->env->message_id, NULL, NULL);
mutt_free_envelope (&h->env);
h->env = mutt_read_rfc822_header (msg->fp, h, 0, 0);
if (ctx->id_hash && h->env->message_id)
diff --git a/imap/util.c b/imap/util.c
--- a/imap/util.c
+++ b/imap/util.c
@@ -138,11 +138,11 @@ int imap_parse_path (const char* path, I
{
*c = '\0';
strfcpy (mx->account.user, tmp, sizeof (mx->account.user));
- strfcpy (tmp, c+1, sizeof (tmp));
+ c++;
mx->account.flags |= M_ACCT_USER;
}
- if ((n = sscanf (tmp, "%127[^:/]%127s", mx->account.host, tmp)) < 1)
+ if ((n = sscanf (c, "%127[^:/]%127s", mx->account.host, c)) < 1)
{
dprint (1, (debugfile, "imap_parse_path: NULL host in %s\n", path));
FREE (&mx->mbox);
@@ -150,11 +150,11 @@ int imap_parse_path (const char* path, I
}
if (n > 1) {
- if (sscanf (tmp, ":%hu%127s", &(mx->account.port), tmp) >= 1)
+ if (sscanf (c, ":%hu%127s", &(mx->account.port), c) >= 1)
mx->account.flags |= M_ACCT_PORT;
- if (sscanf (tmp, "/%s", tmp) == 1)
+ if (sscanf (c, "/%s", c) == 1)
{
- if (!ascii_strncmp (tmp, "ssl", 3))
+ if (!ascii_strncmp (c, "ssl", 3))
mx->account.flags |= M_ACCT_SSL;
else
{
diff --git a/hash.c b/hash.c
--- a/hash.c
+++ b/hash.c
@@ -114,8 +114,12 @@ void *hash_find_hash (const HASH * table
void hash_delete_hash (HASH * table, int hash, const char *key, const void
*data,
void (*destroy) (void *))
{
- struct hash_elem *ptr = table->table[hash];
- struct hash_elem **last = &table->table[hash];
+ struct hash_elem *ptr;
+ struct hash_elem **last;
+
+again:
+ ptr = table->table[hash];
+ last = &table->table[hash];
for (; ptr; last = &ptr->next, ptr = ptr->next)
{
@@ -123,15 +127,11 @@ void hash_delete_hash (HASH * table, int
* required for the case where we have multiple entries with the same
* key
*/
-again:
if ((data == ptr->data) || (!data && mutt_strcmp (ptr->key, key) == 0))
{
*last = ptr->next;
if (destroy) destroy (ptr->data);
FREE (&ptr);
- ptr = *last;
- if (! ptr)
- return;
goto again;
}
}
diff --git a/imap/message.c b/imap/message.c
--- a/imap/message.c
+++ b/imap/message.c
@@ -314,7 +314,10 @@ int imap_read_headers (IMAP_DATA* idata,
fclose(fp);
if (ctx->msgcount > oldmsgcount)
+ {
+ mx_alloc_memory(ctx);
mx_update_context (ctx, ctx->msgcount - oldmsgcount);
+ }
return msgend;
}