imap/2175: IMAP header cache segfault

To: Mutt Developers <mutt-dev@xxxxxxxx>
Subject: imap/2175: IMAP header cache segfault
From: stefan@xxxxxxxxxxxxx
Date: Wed, 01 Feb 2006 19:55:32 +0100
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: bug-any@xxxxxxxxxxxxx
References: <mutt-pr-2175@xxxxxxxxxxxxx>
Reply-to: bug-any@xxxxxxxxxxxxx
Sender: owner-mutt-dev@xxxxxxxx

>Number:         2175
>Notify-List:    
>Category:       imap
>Synopsis:       IMAP header cache segfault
>Confidential:   no
>Severity:       normal
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 01 19:55:32 +0100 2006
>Originator:     Stefan Farfeleder
>Release:        1.5.11
>Organization:
>Environment:
FreeBSD 7-current/i386
installed from the mail/mutt-devel port with WITH_MUTT_IMAP_HEADER_CACHE=yes
>Description:
I'm using mutt with an IMAP server and have enabled the IMAP header cache.  At 
times mutt segfaults when opening an already cached folder with a few thousand 
mails.  The variable header_cache points to a directory if that matters.

Mutt crashes because the variable 'h' on imap/command.c:485 is NULL which is 
dereference two lines below.
>How-To-Repeat:
>Fix:
An obvious thing to do would be to test if h != NULL before dereferencing it.  
But maybe the bug is elsewhere and idata->ctx->hdrs[i] should never be NULL.
>Add-To-Audit-Trail:

>Unformatted:
 ----gnatsweb-attachment----
 Content-Type: application/octet-stream; name="mutt-gdb-output"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="mutt-gdb-output"
 
 JCBnZGIgLi9tdXR0IG11dHQuY29yZQpHTlUgZ2RiIDYuMS4xIFtGcmVlQlNEXQpDb3B5cmlnaHQg
 MjAwNCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KR0RCIGlzIGZyZWUgc29mdHdhcmUs
 IGNvdmVyZWQgYnkgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlLCBhbmQgeW91IGFyZQp3
 ZWxjb21lIHRvIGNoYW5nZSBpdCBhbmQvb3IgZGlzdHJpYnV0ZSBjb3BpZXMgb2YgaXQgdW5kZXIg
 Y2VydGFpbiBjb25kaXRpb25zLgpUeXBlICJzaG93IGNvcHlpbmciIHRvIHNlZSB0aGUgY29uZGl0
 aW9ucy4KVGhlcmUgaXMgYWJzb2x1dGVseSBubyB3YXJyYW50eSBmb3IgR0RCLiAgVHlwZSAic2hv
 dyB3YXJyYW50eSIgZm9yIGRldGFpbHMuClRoaXMgR0RCIHdhcyBjb25maWd1cmVkIGFzICJpMzg2
 LW1hcmNlbC1mcmVlYnNkIi4uLgpDb3JlIHdhcyBnZW5lcmF0ZWQgYnkgYG11dHQnLgpQcm9ncmFt
 IHRlcm1pbmF0ZWQgd2l0aCBzaWduYWwgMTEsIFNlZ21lbnRhdGlvbiBmYXVsdC4KUmVhZGluZyBz
 eW1ib2xzIGZyb20gL2xpYi9saWJuY3Vyc2VzLnNvLjYuLi5kb25lLgpMb2FkZWQgc3ltYm9scyBm
 b3IgL2xpYi9saWJuY3Vyc2VzLnNvLjYKUmVhZGluZyBzeW1ib2xzIGZyb20gL3Vzci9saWIvbGli
 c3NsLnNvLjQuLi5kb25lLgpMb2FkZWQgc3ltYm9scyBmb3IgL3Vzci9saWIvbGlic3NsLnNvLjQK
 UmVhZGluZyBzeW1ib2xzIGZyb20gL2xpYi9saWJjcnlwdG8uc28uNC4uLmRvbmUuCkxvYWRlZCBz
 eW1ib2xzIGZvciAvbGliL2xpYmNyeXB0by5zby40ClJlYWRpbmcgc3ltYm9scyBmcm9tIC91c3Iv
 bG9jYWwvbGliL2xpYmludGwuc28uNi4uLmRvbmUuCkxvYWRlZCBzeW1ib2xzIGZvciAvdXNyL2xv
 Y2FsL2xpYi9saWJpbnRsLnNvLjYKUmVhZGluZyBzeW1ib2xzIGZyb20gL3Vzci9sb2NhbC9saWIv
 bGliaWNvbnYuc28uMy4uLmRvbmUuCkxvYWRlZCBzeW1ib2xzIGZvciAvdXNyL2xvY2FsL2xpYi9s
 aWJpY29udi5zby4zClJlYWRpbmcgc3ltYm9scyBmcm9tIC91c3IvbG9jYWwvbGliL2xpYmRiLTQu
 Mi5zby4yLi4uZG9uZS4KTG9hZGVkIHN5bWJvbHMgZm9yIC91c3IvbG9jYWwvbGliL2xpYmRiLTQu
 Mi5zby4yClJlYWRpbmcgc3ltYm9scyBmcm9tIC9saWIvbGliYy5zby42Li4uZG9uZS4KTG9hZGVk
 IHN5bWJvbHMgZm9yIC9saWIvbGliYy5zby42ClJlYWRpbmcgc3ltYm9scyBmcm9tIC9saWJleGVj
 L2xkLWVsZi5zby4xLi4uZG9uZS4KTG9hZGVkIHN5bWJvbHMgZm9yIC9saWJleGVjL2xkLWVsZi5z
 by4xCiMwICAweDA4MGRkYjU1IGluIGNtZF9wYXJzZV9mZXRjaCAoaWRhdGE9MHhhMDA0ZmIwLCAK
 ICAgIHM9MHhhZmY3MzQyICI2MTA4IEZFVENIIChVSUQgMzY3MDAgRkxBR1MgKFxcU2VlbikgSU5U
 RVJOQUxEQVRFIFwiMDEtRmViLTIwMDYgMTg6MjU6MTUgKzAxMDBcIiBSRkM4MjIuU0laRSAzNzg5
 IEJPRFlbSEVBREVSLkZJRUxEUyAoREFURSBGUk9NIFNVQkpFQ1QgVE8gQ0MgTUVTU0FHRS1JRCBS
 RUZFUkVOQ0VTIENPTlRFTlQtVFlQRSBDT05URU5ULURFU0NSSVBUSU9OIElOLVJFUCIuLi4pCiAg
 ICBhdCBjb21tYW5kLmM6NDg3CjQ4NyAgICAgICAgICAgaWYgKGgtPmFjdGl2ZSAmJiBoLT5pbmRl
 eCsxID09IG1zZ25vKQooZ2RiKSBwIGgKJDEgPSAoSEVBREVSICopIDB4MAooZ2RiKSBwIGN1cgok
 MiA9IDYxMDcKKGdkYikgcCAqaWRhdGEtPmN0eAokMyA9IHtwYXRoID0gMHhhZmNkNTYwICJpbWFw
 czovL3N0ZWZhbkBvZmNhOjQ1MjE5L2Zic2QtY3ZzIiwgZnAgPSAweDAsIAogIG10aW1lID0gMCwg
 bXRpbWVfY3VyID0gMCwgc2l6ZSA9IDAsIHZzaXplID0gMCwgcGF0dGVybiA9IDB4MCwgCiAgbGlt
 aXRfcGF0dGVybiA9IDB4MCwgaGRycyA9IDB4YTAyN2MzMCwgbGFzdF90YWcgPSAweDAsIHRyZWUg
 PSAweDAsIAogIGlkX2hhc2ggPSAweDAsIHN1YmpfaGFzaCA9IDB4MCwgdGhyZWFkX2hhc2ggPSAw
 eDAsIHYyciA9IDB4YWZiZDE5MCwgCiAgaGRybWF4ID0gNjEyMSwgbXNnY291bnQgPSA2MTE0LCB2
 Y291bnQgPSAwLCB0YWdnZWQgPSAwLCBuZXcgPSAwLCB1bnJlYWQgPSAwLCAKICBkZWxldGVkID0g
 MCwgZmxhZ2dlZCA9IDAsIG1zZ25vdHJlYWR5ZXQgPSAtMSwgZGF0YSA9IDB4YTAwNGZiMCwgbWFn
 aWMgPSA1LCAKICBjb21wcmVzc2luZm8gPSAweDAsIHJlYWxwYXRoID0gMHgwLCBsb2NrZWQgPSAw
 LCBjaGFuZ2VkID0gMCwgcmVhZG9ubHkgPSAwLCAKICBkb250d3JpdGUgPSAwLCBhcHBlbmQgPSAw
 LCBxdWlldCA9IDAsIGNvbGxhcHNlZCA9IDAsIGNsb3NpbmcgPSAwfQooZ2RiKSBwIGlkYXRhLT5j
 dHgtPmhkcnNbNjEwMF1AMjEKJDQgPSB7MHhhYTYyYjEwLCAweGFhNjMzODAsIDB4YWE2M2M2MCwg
 MHhhYTY0NjQwLCAweGFhNjUxMzAsIDB4YWE2NWJiMCwgCiAgMHhhYTY2NTMwLCAweDAsIDB4MCwg
 MHhhYTY3MTMwLCAweGFhNjg0MjAsIDB4YWE2OTRmMCwgMHhhYTZhYWUwLCAweGFhNmJkYjAsIAog
 IDB4YWE2Yzk3MCwgMHhhYTZkOWYwLCAweDAsIDB4MCwgMHgwLCAweDAsIDB4MH0KKGdkYikgYnQK
 IzAgIDB4MDgwZGRiNTUgaW4gY21kX3BhcnNlX2ZldGNoIChpZGF0YT0weGEwMDRmYjAsIAogICAg
 cz0weGFmZjczNDIgIjYxMDggRkVUQ0ggKFVJRCAzNjcwMCBGTEFHUyAoXFxTZWVuKSBJTlRFUk5B
 TERBVEUgXCIwMS1GZWItMjAwNiAxODoyNToxNSArMDEwMFwiIFJGQzgyMi5TSVpFIDM3ODkgQk9E
 WVtIRUFERVIuRklFTERTIChEQVRFIEZST00gU1VCSkVDVCBUTyBDQyBNRVNTQUdFLUlEIFJFRkVS
 RU5DRVMgQ09OVEVOVC1UWVBFIENPTlRFTlQtREVTQ1JJUFRJT04gSU4tUkVQIi4uLikKICAgIGF0
 IGNvbW1hbmQuYzo0ODcKIzEgIDB4MDgwZGQ2ZmUgaW4gY21kX2hhbmRsZV91bnRhZ2dlZCAoaWRh
 dGE9MHhhMDA0ZmIwKSBhdCBjb21tYW5kLmM6MzY2CiMyICAweDA4MGRkMTA3IGluIGltYXBfY21k
 X3N0ZXAgKGlkYXRhPTB4YTAwNGZiMCkgYXQgY29tbWFuZC5jOjE0OQojMyAgMHgwODBlMjMxZiBp
 biBpbWFwX3JlYWRfaGVhZGVycyAoaWRhdGE9MHhhMDA0ZmIwLCBtc2diZWdpbj0wLCBtc2dlbmQ9
 NjEyMCkKICAgIGF0IG1lc3NhZ2UuYzoyMzQKIzQgIDB4MDgwZGY1ODggaW4gaW1hcF9vcGVuX21h
 aWxib3ggKGN0eD0weGEwMDVlZDApIGF0IGltYXAuYzo3NTIKIzUgIDB4MDgwOTBlOTEgaW4gbXhf
 b3Blbl9tYWlsYm94ICgKICAgIHBhdGg9MHhiZmJmZGMzMCAiaW1hcHM6Ly9zdGVmYW5Ab2ZjYTo0
 NTIxOS9mYnNkLWN2cyIsIGZsYWdzPTAsIHBjdHg9MHgwKQogICAgYXQgbXguYzo3MTkKIzYgIDB4
 MDgwNjgxYjYgaW4gbXV0dF9pbmRleF9tZW51ICgpIGF0IGN1cnNfbWFpbi5jOjExMjQKIzcgIDB4
 MDgwODVjYzEgaW4gbWFpbiAoYXJnYz0zLCBhcmd2PTB4YmZiZmU4ODgpIGF0IG1haW4uYzo5NTcK

Prev by Date: Re: mutt/2174: Can't build 1.5.11 under cygwin
Next by Date: Re: mutt/2174: Can't build 1.5.11 under cygwin
Previous by thread: Re: mutt/2174: Can't build 1.5.11 under cygwin
Next by thread: mutt/2176: mutt segfaults when tab-expanding '=' to disconnected IMAPs box
Index(es):
- Date
- Thread