mutt/2172: crashes (double free) when closing externally modified mailbox

[dato@xxxxxxxxxxxxxx]

>Number:         2172
>Notify-List:    346073@xxxxxxxxxxxxxxx
>Category:       mutt
>Synopsis:       crashes (double free) when closing externally modified mailbox
>Confidential:   no
>Severity:       normal
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 30 01:18:01 +0100 2006
>Originator:     Adeodato Simó
>Release:        CVS 2006-01-30
>Organization:
>Environment:
Debian, libc6 2.3.5-12
>Description:
(This comes from Debian Bug#346073.)

When quitting after a mailbox has been emptied by an external program, Mutt 
seems to issue a double free, and newer libc6 versions crash on this.
>How-To-Repeat:
Open a mailbox with one unread message, eg. [1], on terminal 1, like:

t1% mutt -nF /dev/null -f sample-mailbox

Press intro; the message gets displayed.

On terminal 2, empty the mailbox with:

t2% echo -n >sample-mailbox

On terminal 1 again, press 'q'; Mutt says "Mailbox was externally modified.  
Flags may be wrong." Now press 'q' again:

Writing messages... 0 (0%)
*** glibc detected *** double free or corruption (!prev): 0x08153140 ***
zsh: abort (core dumped)

[1] http://people.debian.org/~adeodato/tmp/2006-01-30/sample-mailbox
>Fix:
>Add-To-Audit-Trail:

>Unformatted: