Re: mutt/2146: tab-completing Fcc field in IMAP segfaults when disconnected
The following reply was made to PR mutt/2146; it has been noted by GNATS.
From: Phil Pennock <muttbug@xxxxxxxxxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx
Cc:
Subject: Re: mutt/2146: tab-completing Fcc field in IMAP segfaults when
disconnected
Date: Wed, 14 Dec 2005 15:22:53 +0100
On 2005-12-13 at 19:15 +0100, Brendan Cully wrote:
> > With mutt configured for an IMAP account, use "mutt email@xxxxxxxxxxx" to
> send email whilst disconnected. In the menu after editing the content, set
> the Fcc field; attempt tab-completion. Experience segfault.
> >
> > (gdb) bt
> > #0 0x080c12ee in imap_complete_hosts ()
> > #1 0x080c14c1 in imap_complete ()
> > #2 0x080596d0 in mutt_complete ()
> > #3 0x080672cf in _mutt_enter_string ()
> > #4 0x0805e2ee in _mutt_get_field ()
> > #5 0x0805af54 in mutt_compose_menu ()
> > #6 0x08097e71 in ci_send_message ()
> > #7 0x08076c70 in main ()
> >
> > Built without debugging information, sorry.
>
> I can't reproduce this (only tried CVS mutt so far though). Can you
> build with debugging information and get the actual line of the
> segfault?
Sure, np.
mutt-1.5.11, no patches
$ ./configure --enable-imap --with-ssl --with-sasl
$ make
$ ldd mutt
linux-gate.so.1 => (0xffffe000)
libncursesw.so.5 => /lib/libncursesw.so.5 (0xb7f8c000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7f5d000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7e69000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7e55000)
libidn.so.11 => /usr/lib/libidn.so.11 (0xb7e25000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7d13000)
libgpm.so.1 => /lib/libgpm.so.1 (0xb7d0c000)
libdl.so.2 => /lib/libdl.so.2 (0xb7d08000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7cf5000)
/lib/ld-linux.so.2 (0xb7feb000)
$ ./mutt muttbug@xxxxxxxxxxxxxxxxx
[as per bug report]
$ gdb ./mutt core.mutt.32667
[...]
Core was generated by `./mutt muttbug@xxxxxxxxxxxxxxxxx'.
Program terminated with signal 11, Segmentation fault.
warning: current_sos: Can't read pathname for load map: Input/output error
Reading symbols from /lib/libncursesw.so.5...done.
Loaded symbols for /lib/libncursesw.so.5
Reading symbols from /usr/lib/libssl.so.0.9.7...done.
Loaded symbols for /usr/lib/libssl.so.0.9.7
Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.7
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /usr/lib/libidn.so.11...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/libgpm.so.1...done.
Loaded symbols for /lib/libgpm.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
#0 0x080c154c in imap_complete_hosts (dest=0xbfffdb60
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
1616 for (conn = mutt_socket_head (); conn->next; conn = conn->next)
(gdb) bt
#0 0x080c154c in imap_complete_hosts (dest=0xbfffdb60
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
#1 0x080c173e in imap_complete (dest=0xbfffdb60
"imap://this.hostname.censored/INBOX.", dlen=1024, path=0xbfffd0a0
"imap://this.hostname.censored/INBOX.") at imap.c:1662
#2 0x08059f3e in mutt_complete (s=0xbfffdb60
"imap://this.hostname.censored/INBOX.", slen=1024) at complete.c:68
#3 0x08069789 in _mutt_enter_string (buf=0xbfffdb60
"imap://this.hostname.censored/INBOX.", buflen=1024, y=71, x=5, flags=34,
multiple=0, files=0x0, numfiles=0x0, state=0x82c16f8)
at enter.c:561
#4 0x0805efb1 in _mutt_get_field (field=0x80c71d0 "Fcc: ", buf=0xbfffdb60
"imap://this.hostname.censored/INBOX.", buflen=1024, complete=34, multiple=0,
files=0x0, numfiles=0x0)
at curs_lib.c:132
#5 0x0805b999 in mutt_compose_menu (msg=0x81dcba0, fcc=0xbfffe0d0
"=INBOX.sent", fcclen=256, cur=0x0) at compose.c:569
#6 0x0809d64b in ci_send_message (flags=0, msg=0x81dcba0, tempfile=0x0,
ctx=0x0, cur=0x0) at send.c:1440
#7 0x0807a40f in main (argc=2, argv=0xbfffee54) at main.c:893
(gdb) frame 0
#0 0x080c154c in imap_complete_hosts (dest=0xbfffdb60
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
1616 for (conn = mutt_socket_head (); conn->next; conn = conn->next)
(gdb) list
1611 else
1612 longest_common_prefix (dest, mailbox->path, matchlen, len);
1613 }
1614 }
1615
1616 for (conn = mutt_socket_head (); conn->next; conn = conn->next)
1617 {
1618 ciss_url_t url;
1619 char urlstr[LONG_STRING];
1620
Without knowing the source, I'll guess that mutt_socket_head() returns
NULL if there are no open connections and the conn->next dereference is
the source of the problems.
-Phil