<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/2146: tab-completing Fcc field in IMAP segfaults when disconnected

The following reply was made to PR mutt/2146; it has been noted by GNATS.

From: Phil Pennock <muttbug@xxxxxxxxxxxxxxxxx>
To: bug-any@xxxxxxxxxxxxx
Cc: 
Subject: Re: mutt/2146: tab-completing Fcc field in IMAP segfaults when 
disconnected
Date: Wed, 14 Dec 2005 15:22:53 +0100

 On 2005-12-13 at 19:15 +0100, Brendan Cully wrote:
 >  > With mutt configured for an IMAP account, use "mutt email@xxxxxxxxxxx" to 
 > send email whilst disconnected.  In the menu after editing the content, set 
 > the Fcc field; attempt tab-completion.  Experience segfault.
 >  > 
 >  > (gdb) bt
 >  > #0  0x080c12ee in imap_complete_hosts ()
 >  > #1  0x080c14c1 in imap_complete ()
 >  > #2  0x080596d0 in mutt_complete ()
 >  > #3  0x080672cf in _mutt_enter_string ()
 >  > #4  0x0805e2ee in _mutt_get_field ()
 >  > #5  0x0805af54 in mutt_compose_menu ()
 >  > #6  0x08097e71 in ci_send_message ()
 >  > #7  0x08076c70 in main ()
 >  > 
 >  > Built without debugging information, sorry.
 >  
 >  I can't reproduce this (only tried CVS mutt so far though). Can you
 >  build with debugging information and get the actual line of the
 >  segfault?
 
 Sure, np.
 
 mutt-1.5.11, no patches
 
 $ ./configure --enable-imap --with-ssl --with-sasl
 $ make
 $ ldd mutt
         linux-gate.so.1 =>  (0xffffe000)
         libncursesw.so.5 => /lib/libncursesw.so.5 (0xb7f8c000)
         libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7f5d000)
         libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7e69000)
         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7e55000)
         libidn.so.11 => /usr/lib/libidn.so.11 (0xb7e25000)
         libc.so.6 => /lib/tls/libc.so.6 (0xb7d13000)
         libgpm.so.1 => /lib/libgpm.so.1 (0xb7d0c000)
         libdl.so.2 => /lib/libdl.so.2 (0xb7d08000)
         libresolv.so.2 => /lib/libresolv.so.2 (0xb7cf5000)
         /lib/ld-linux.so.2 (0xb7feb000)
 $ ./mutt muttbug@xxxxxxxxxxxxxxxxx
 [as per bug report]
 $ gdb ./mutt core.mutt.32667
 [...]
 Core was generated by `./mutt muttbug@xxxxxxxxxxxxxxxxx'.
 Program terminated with signal 11, Segmentation fault.
 
 warning: current_sos: Can't read pathname for load map: Input/output error
 
 Reading symbols from /lib/libncursesw.so.5...done.
 Loaded symbols for /lib/libncursesw.so.5
 Reading symbols from /usr/lib/libssl.so.0.9.7...done.
 Loaded symbols for /usr/lib/libssl.so.0.9.7
 Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
 Loaded symbols for /usr/lib/libcrypto.so.0.9.7
 Reading symbols from /usr/lib/libsasl2.so.2...done.
 Loaded symbols for /usr/lib/libsasl2.so.2
 Reading symbols from /usr/lib/libidn.so.11...done.
 Loaded symbols for /usr/lib/libidn.so.11
 Reading symbols from /lib/tls/libc.so.6...done.
 Loaded symbols for /lib/tls/libc.so.6
 Reading symbols from /lib/libgpm.so.1...done.
 Loaded symbols for /lib/libgpm.so.1
 Reading symbols from /lib/libdl.so.2...done.
 Loaded symbols for /lib/libdl.so.2
 Reading symbols from /lib/libresolv.so.2...done.
 Loaded symbols for /lib/libresolv.so.2
 Reading symbols from /lib/ld-linux.so.2...done.
 Loaded symbols for /lib/ld-linux.so.2
 Reading symbols from /lib/libnss_files.so.2...done.
 Loaded symbols for /lib/libnss_files.so.2
 Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
 Loaded symbols for /usr/lib/gconv/ISO8859-1.so
 #0  0x080c154c in imap_complete_hosts (dest=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
 1616      for (conn = mutt_socket_head (); conn->next; conn = conn->next)
 (gdb) bt
 #0  0x080c154c in imap_complete_hosts (dest=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
 #1  0x080c173e in imap_complete (dest=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", dlen=1024, path=0xbfffd0a0 
"imap://this.hostname.censored/INBOX.") at imap.c:1662
 #2  0x08059f3e in mutt_complete (s=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", slen=1024) at complete.c:68
 #3  0x08069789 in _mutt_enter_string (buf=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", buflen=1024, y=71, x=5, flags=34, 
multiple=0, files=0x0, numfiles=0x0, state=0x82c16f8)
     at enter.c:561
 #4  0x0805efb1 in _mutt_get_field (field=0x80c71d0 "Fcc: ", buf=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", buflen=1024, complete=34, multiple=0, 
files=0x0, numfiles=0x0)
     at curs_lib.c:132
 #5  0x0805b999 in mutt_compose_menu (msg=0x81dcba0, fcc=0xbfffe0d0 
"=INBOX.sent", fcclen=256, cur=0x0) at compose.c:569
 #6  0x0809d64b in ci_send_message (flags=0, msg=0x81dcba0, tempfile=0x0, 
ctx=0x0, cur=0x0) at send.c:1440
 #7  0x0807a40f in main (argc=2, argv=0xbfffee54) at main.c:893
 (gdb) frame 0
 #0  0x080c154c in imap_complete_hosts (dest=0xbfffdb60 
"imap://this.hostname.censored/INBOX.", len=1024) at imap.c:1616
 1616      for (conn = mutt_socket_head (); conn->next; conn = conn->next)
 (gdb) list
 1611          else
 1612            longest_common_prefix (dest, mailbox->path, matchlen, len);
 1613        }
 1614      }
 1615      
 1616      for (conn = mutt_socket_head (); conn->next; conn = conn->next)
 1617      {
 1618        ciss_url_t url;
 1619        char urlstr[LONG_STRING];
 1620
 
 
 Without knowing the source, I'll guess that mutt_socket_head() returns
 NULL if there are no open connections and the conn->next dereference is
 the source of the problems.
 
 -Phil