mutt IMAP seg-fault in imap/browse.c
Hi,
I have a tendency to suspend a mutt process and come back to it some
time later, fg'ing it, which might not go so well if the connection has
idled out in the mean-time.
A mutt built on 2005-12-24 with then-current CVS just segfaulted on me.
I don't remember the exact keystrokes and haven't yet figured out how to
reproduce it, but am posting the details in case someone more clued goes
aha! "cvs annotate" shows that the relevant code was changed Dec 19th.
Program version and a bunch of obvious things to look at with gdb below.
I'm not figuring out where this "path" stack var corruption is coming
from, since LastDir at the above frame is fine.
System: Linux 2.6.14-gentoo-r2 (i686) [using slang 10409] [using libidn 0.5.15
(compiled with 0.5.15)]
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE
+USE_FCNTL -USE_FLOCK -USE_INODESORT
-USE_POP +USE_IMAP +USE_GSS +USE_SSL -USE_GNUTLS +USE_SASL
+HAVE_GETADDRINFO
-HAVE_REGCOMP +USE_GNU_REGEX
+HAVE_COLOR -HAVE_START_COLOR -HAVE_TYPEAHEAD -HAVE_BKGDSET
-HAVE_CURS_SET -HAVE_META -HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
-BUFFY_SIZE -EXACT_ADDRESS -SUN_ATTACHMENT
-ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
Core was generated by `mutt'.
Program terminated with signal 11, Segmentation fault.
warning: Can't read pathname for load map: Input/output error.
Reading symbols from [....]
[....]
#0 0x080c7aa1 in imap_browse (path=0x15 <Address 0x15 out of bounds>,
state=0xbfc044d0) at browse.c:121
121 if (!list.noinferiors && list.name[0] &&
(gdb) bt
#0 0x080c7aa1 in imap_browse (path=0x15 <Address 0x15 out of bounds>,
state=0xbfc044d0) at browse.c:121
#1 0x08051e1c in _mutt_select_file (f=0xbfc04bb0 "", flen=1024, flags=1,
files=0x0, numfiles=0x0) at browser.c:615
#2 0x08069849 in _mutt_enter_string (buf=0xbfc04bb0 "", buflen=1024, y=71,
x=14, flags=4, multiple=0, files=0x0, numfiles=0x0, state=0x81633a8) at
enter.c:543
#3 0x0805f40e in _mutt_get_field (field=0x8163348 "Open mailbox: ",
buf=0xbfc04bb0 "", buflen=1024, complete=36, multiple=0, files=0x0,
numfiles=0x0) at curs_lib.c:132
#4 0x0805feb8 in _mutt_enter_fname (prompt=0x80d6193 "Open mailbox",
buf=0xbfc04bb0 "", blen=1024, redraw=0x814efdc, buffy=1, multiple=0, files=0x0,
numfiles=0x0) at curs_lib.c:486
#5 0x08061bb6 in mutt_index_menu () at curs_main.c:1076
#6 0x0807acdd in main (argc=256, argv=0xbfc059e4) at main.c:960
(gdb) list
116 do
117 {
118 rc = imap_cmd_step (idata);
119 if (rc == IMAP_CMD_CONTINUE && list.name)
120 {
121 if (!list.noinferiors && list.name[0] &&
122 (n = strlen (mbox)) < LONG_STRING-1)
123 {
124 mbox[n++] = list.delim;
125 mbox[n] = '\0';
(gdb) print list
$1 = {
name = 0x30640000 <Address 0x30640000 out of bounds>,
delim = 0 '\0',
noselect = 0 '\0',
noinferiors = 0 '\0'
}
(gdb) frame 1
#1 0x08051e1c in _mutt_select_file (f=0xbfc04bb0 "", flen=1024, flags=1,
files=0x0, numfiles=0x0) at browser.c:615
615 imap_browse (LastDir, &state);
(gdb) print LastDir
$2 = "imap://localhost/Shared Folders/shared", '\0' <repeats 217 times>
(gdb) print state
$3 = {
entry = 0x813c460,
entrylen = 0,
entrymax = 256,
imap_browse = 1,
folder = 0x0,
noselect = 0,
marked = 0,
unmarked = 0
}
(gdb) print state->entry
$4 = (struct folder_file *) 0x813c460
(gdb) print *state->entry
$5 = {
mode = 0,
size = 0,
mtime = 0,
st = 0x0,
name = 0x0,
desc = 0x0,
new = 0,
delim = 0 '\0',
imap = 0,
selectable = 0,
inferiors = 0,
tagged = 0
}
(gdb) print *idata
$9 = {
conn = 0x812f1c8,
state = 3 '\003',
status = 0 '\0',
capstr = 0x0,
capabilities = ";\f",
seqno = 32,
lastread = 1136299830,
buf = 0x811ff28 "a0030 OK Completed",
blen = 512,
cmddata = 0xbfc02388,
cmds = {{
seq = "a0030",
state = 0
}, {
seq = "a0031",
state = 3
}, {
seq = "a0017",
state = 0
}, {
seq = "a0018",
state = 0
}, {
seq = "a0019",
state = 0
}, {
seq = "a0020",
state = 0
}, {
seq = "a0021",
state = 0
}, {
seq = "a0022",
state = 0
}, {
seq = "a0023",
state = 0
}, {
seq = "a0024",
state = 0
}, {
seq = "a0025",
state = 0
}, {
seq = "a0026",
state = 0
}, {
seq = "a0027",
state = -2
}, {
seq = "a0028",
state = 0
}, {
seq = "a0029",
state = 0
}},
nextcmd = 2,
lastcmd = 1,
cmdbuf = 0x812f018,
mboxcache = 0x813c450,
delim = 47 '/',
ctx = 0x8123160,
mailbox = 0x8163828 "Shared Folders/shared/this-bit-censored",
check_status = 0,
reopen = 0 '\0',
rights = "�",
newMailCount = 0,
cache = {{
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 3,
path = 0x0
}, {
uid = 4,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}, {
uid = 0,
path = 0x0
}},
uid_validity = 1136205893,
uidnext = 5,
flags = 0x81037c8
}
(gdb) print idata->rights[0]
$11 = 191 '�'
(gdb) print idata->rights[1]
$12 = 0 '\0'
(gdb) print *idata->cmdbuf
$17 = {
data = 0x814fd28 "DONE\r\na0031 LIST \"\" \"Shared Folders/shared\"\r\n",
dptr = 0x814fd28 "DONE\r\na0031 LIST \"\" \"Shared Folders/shared\"\r\n",
dsize = 256,
destroy = 0
}
(gdb) print *idata->conn
$20 = {
account = { /* censored */ },
ssf = 256,
data = 0x811f958,
inbuf = "a0030 OK Completed\r\n* LIST (\\HasChildren) \"/\" \"Shared
Folders/shared\"\r\na0031 OK Completed (0.000 secs 54 calls)\r\nContent-Type:
text/plain; charset=\"us-ascii\" ; format=\"flowed\"\r\nLines: 27\r\n\r\nAt
4:10 AM"...,
bufpos = 20,
fd = 5,
available = 113,
next = 0x0,
sockdata = 0x8148410,
conn_read = 0x80be7c0 <mutt_sasl_conn_read>,
conn_write = 0x80be920 <mutt_sasl_conn_write>,
conn_open = 0x80be710 <mutt_sasl_conn_open>,
conn_close = 0x80be750 <mutt_sasl_conn_close>,
conn_poll = 0x80bbcc0 <raw_socket_poll>
}
--
I am keeping international relations on a peaceable footing.
You are biding your time before acting.
He is coddling tyrants.
-- Roger BW on topic of verb conjugation