<<< Date Index >>>     <<< Thread Index >>>

mutt/2519: segfault on any write operation



>Number:         2519
>Notify-List:    
>Category:       mutt
>Synopsis:       segfault on any write operation
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 10 07:44:44 +0200 2006
>Originator:     Johannes Rohr
>Release:        1.5.13
>Organization:
>Environment:
[Re-submitting this bug, because the previous submission was not posted to the 
mailing list]

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages mutt depends on:
ii  exim4                   4.63-4           metapackage to ease exim MTA (v4)
ii  exim4-daemon-light [mai 4.63-4           lightweight exim MTA (v4) daemon
ii  libc6                   2.3.6.ds1-6      GNU C Library: Shared libraries
ii  libdb4.4                4.4.20-8         Berkeley v4.4 Database Libraries [
ii  libgnutls13             1.4.4-1          the GNU TLS library - runtime libr
ii  libidn11                0.6.5-1          GNU libidn library, implementation
ii  libncursesw5            5.5-4            Shared libraries for terminal hand
ii  libsasl2                2.1.19.dfsg1-0.5 Authentication abstraction library

Versions of packages mutt recommends:
ii  locales                      2.3.6.ds1-6 GNU C Library: National Language (
ii  mime-support                 3.37-1      MIME files 'mime.types' & 'mailcap
>Description:
mutt segfaults over every single write operation on an mbox file, i.e. 
expunging, syncing a mailbox. It started appr. half a year ago and remains 
unchanged. See also Debian BTS entry at 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364730

I just run it through gdb, here is the output:
-*-Mutt: /var/mail/jr [Msgs:3 Old:3 Del:1 Post:10 
21K]---(threads/date)-------------------------------------------------(all)---Sortiere
 Mailbox...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1213794624 (LWP 16691)]
0xb7c741c7 in puts () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0  0xb7c741c7 in puts () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7c72f16 in ftell () from /lib/tls/i686/cmov/libc.so.6
#2  0x08081ca2 in mbox_sync_mailbox (ctx=0x81cc0f0, index_hint=0xbfcb5a40) at 
../mbox.c:796
#3  0x08088f62 in sync_mailbox (ctx=0x81cc0f0, index_hint=0xbfcb5a40) at 
../mx.c:809
#4  0x0808944c in mx_sync_mailbox (ctx=0x81cc0f0, index_hint=0xbfcb5a40) at 
../mx.c:1213
#5  0x080648e5 in mutt_index_menu () at ../curs_main.c:1043
#6  0x0807f6d1 in main (argc=Cannot access memory at address 0x0
) at ../main.c:969
) (gdb)
)

I'd be extremely grateful if someone would have a look at this. Without mutt I 
feel seriously disabled
>How-To-Repeat:
I have no idea what rare condition (existing on both of my Debian machines) has 
led to this total DoS. All my attempts to isolate the cause have failed, so 
far. It is /not/ caused by any local config file (tested with "mutt -n"), 
neither is it caused by corrupted mbox files (tested with those files on an 
Ubuntu box) It occurs under any user account, including root and on both Debian 
Unstable boxes I have.
>Fix:
Unknown
>Add-To-Audit-Trail:

>Unformatted: