imap/2676: mutt + imap header results in a NULL pointer dereference crash

To: Mutt Developers <mutt-dev@xxxxxxxx>, mail@xxxxxxx
Subject: imap/2676: mutt + imap header results in a NULL pointer dereference crash
From: mail@xxxxxxx
Date: Wed, 10 Jan 2007 06:47:49 +0100
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: bug-any@xxxxxxxxxxxxx
References: <mutt-pr-2676@xxxxxxxxxxxxx>
Reply-to: bug-any@xxxxxxxxxxxxx
Sender: owner-mutt-dev@xxxxxxxx

>Number:         2676
>Notify-List:    mail@xxxxxxx
>Category:       imap
>Synopsis:       mutt + imap header results in a NULL pointer dereference crash
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 10 06:47:49 +0100 2007
>Originator:     Rink Springer
>Release:        1.5.13
>Organization:
>Environment:
FreeBSD thunderstone.rink.nu 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #1: Sat Dec  
9 16:40:05 CET 2006     
root@xxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/THUNDERSTONE  i386
>Description:
Whenever I try to check my employer's mail (via IMAP+TLS),
I use IMAP header-caching. However, mutt crashes on this particular mailbox. 
gdb(1) gives:

Fetching message headers... [402/402]
Program received signal SIGSEGV, Segmentation fault.
0x080927df in mx_update_context (ctx=0x8121900, new_messages=402) at
mx.c:1618
1618          h->security = crypt_query (h->content);
(gdb) inspect h
$1 = (HEADER *) 0x0
(gdb) inspect ctx->hdrs[399]
$3 = (HEADER *) 0x81c4d80
(gdb) inspect ctx->hdrs[400]
$4 = (HEADER *) 0x0
(gdb) inspect ctx->hdrs[401]
$5 = (HEADER *) 0x8121980
(gdb) bt
#0  0x080927df in mx_update_context (ctx=0x8121900, new_messages=402)
    at mx.c:1618
#1  0x080e2069 in imap_read_headers (idata=0x8117a00, msgbegin=401,
msgend=401)
    at message.c:344
#2  0x080de706 in imap_open_mailbox (ctx=0x8121900) at imap.c:737
#3  0x080908e2 in mx_open_mailbox (path=0xbfbfdc30
"imap://imap.qsp.nl/",
    flags=0, pctx=0x0) at mx.c:719
#4  0x08067827 in mutt_index_menu () at curs_main.c:1129
#5  0x08085b2a in main (argc=1, argv=0xbfbfe884) at main.c:969

For some reason, message 400's headers point to a NULL pointer. However,
I can read the message using mutt without headercache (which is enabled
using --with-hcache in configure) just fine.

I have left the gdb(1) running; let me know if anything else needs to be 
inspected
>How-To-Repeat:
Try to open my employer's IMAP mailbox, while IMAP header caching is enabled.
>Fix:
Disable headercaching (configuring with --with-hcache will do) solves the 
problem.
>Add-To-Audit-Trail:

>Unformatted:

Prev by Date: [2007-01-10] CVS repository changes
Next by Date: Re: mutt/2673: search is case-sensitive when the pattern contains
Previous by thread: [2007-01-10] CVS repository changes
Next by thread: mutt/2682: mutt should let me specify the Sender: header
Index(es):
- Date
- Thread