mutt/2172: crashes (double free) when closing externally modified mailbox
>Number: 2172
>Notify-List: 346073@xxxxxxxxxxxxxxx
>Category: mutt
>Synopsis: crashes (double free) when closing externally modified mailbox
>Confidential: no
>Severity: normal
>Priority: medium
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 30 01:18:01 +0100 2006
>Originator: Adeodato Simó
>Release: CVS 2006-01-30
>Organization:
>Environment:
Debian, libc6 2.3.5-12
>Description:
(This comes from Debian Bug#346073.)
When quitting after a mailbox has been emptied by an external program, Mutt
seems to issue a double free, and newer libc6 versions crash on this.
>How-To-Repeat:
Open a mailbox with one unread message, eg. [1], on terminal 1, like:
t1% mutt -nF /dev/null -f sample-mailbox
Press intro; the message gets displayed.
On terminal 2, empty the mailbox with:
t2% echo -n >sample-mailbox
On terminal 1 again, press 'q'; Mutt says "Mailbox was externally modified.
Flags may be wrong." Now press 'q' again:
Writing messages... 0 (0%)
*** glibc detected *** double free or corruption (!prev): 0x08153140 ***
zsh: abort (core dumped)
[1] http://people.debian.org/~adeodato/tmp/2006-01-30/sample-mailbox
>Fix:
>Add-To-Audit-Trail:
>Unformatted: