Crash in menu.c
Hi,
lately I get the following crashes when trying to send a message:
#0 0x0807b3f1 in menu_pad_string (s=0x100 <Address 0x100 out of bounds>,
n=0) at menu.c:163
163 mutt_format_string (s, n, cols, cols, 0, ' ', scratch, mutt_strlen
(scratch), 1);
(gdb) bt
#0 0x0807b3f1 in menu_pad_string (s=0x100 <Address 0x100 out of bounds>,
n=0) at menu.c:163
#1 0x0807b5c0 in menu_redraw_index (menu=0x8a9aa80) at menu.c:219
#2 0x0807c61d in menu_redraw (menu=0x8a9aa80) at menu.c:832
#3 0x0807c69c in mutt_menuLoop (menu=0x8a9aa80) at menu.c:859
#4 0x080bb278 in tls_negotiate (conn=0x8a93000) at mutt_ssl_gnutls.c:781
#5 0x080bb85d in mutt_ssl_starttls (conn=0x8a93000) at mutt_ssl_gnutls.c:153
#6 0x080b84b3 in mutt_smtp_send (from=0x0, to=0x91c7ca0, cc=0x0, bcc=0x0,
msgfile=0xbfbfac80 "/home/pdmef/tmp/mutt/mutt-peter-1001-1588-37", eightbit=1)
at smtp.c:384
#7 0x0809a826 in ci_send_message (flags=5, msg=0x8a7fe80, tempfile=0x0,
ctx=0x80f4800, cur=0x8a5f500) at send.c:1051
#8 0x080875c7 in mutt_pager (banner=0x0, fname=0xbfbfce70 "", flags=66,
extra=0xbfbfce70) at pager.c:2473
#9 0x08057288 in mutt_display_message (cur=0x8a5f500) at commands.c:211
#10 0x08060e8b in mutt_index_menu () at curs_main.c:1173
#11 0x080787c2 in main (argc=1, argv=0xbfbfe6dc) at main.c:980
(gdb) print s
$1 = 0x100 <Address 0x100 out of bounds>
(gdb) print scratch
$2 = 0x0
I replaced the binary with a hotfix one so that the output isn't really
as with the crashing binary. However, in both cases scratch is 0x0 which
seems to make strlen() crash.
My hotfix for now to able to send mail at all is to use mutt_strlen()
instead since mutt_format_strings() seems to aceept 0x0 (and
specifically 0 length input string) safely. Maybe we should also add
strlen() to check_sec.sh?
I can reproduce it 100% with the SMTP patch trying to bring up
the SSL key menu though I don't know yet why some input string is "".
Also, this only affects latest CVS with the multibyte fix that now uses
a scratch buffer as input instead of the given input itself, i.e.
safe_strdup("")==NULL.
Any thoughts?
bye, Rocco
--
:wq!