mutt/2713: memory allocation bug
>Number: 2713
>Notify-List:
>Category: mutt
>Synopsis: memory allocation bug
>Confidential: no
>Severity: normal
>Priority: medium
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 27 04:27:55 +0100 2007
>Originator: Vincent Lefevre
>Release: 1.5.13 (2007-01-26)
>Organization:
>Environment:
System: Darwin 8.8.0 (Power Macintosh) [using ncurses 5.5] [using libiconv
1.11] [using libidn 0.6.3 (compiled with 0.6.3)]
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL -USE_SETGID -USE_DOTLOCK -DL_STANDALONE
+USE_FCNTL -USE_FLOCK -USE_INODESORT
+USE_POP +USE_IMAP -USE_GSS +USE_SSL_OPENSSL -USE_SSL_GNUTLS -USE_SASL
+HAVE_GETADDRINFO
-HAVE_REGCOMP +USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
+BUFFY_SIZE -EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID -USE_HCACHE
ISPELL="/opt/local/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/Users/vinc17/Mail"
PKGDATADIR="/Users/vinc17/share/mutt"
SYSCONFDIR="/Users/vinc17/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
>Description:
Will malloc checking, Mutt aborts on my mail archives. More precisely, in gdb:
set env MallocLogFile /tmp/malloc.log
set env MallocGuardEdges 1
set env MallocPreScribble 1
set env MallocScribble 1
set env MallocCheckHeapStart 1060820
set env MallocCheckHeapEach 1
set env MallocCheckHeapAbort 1
set env MallocBadFreeAbort 1
run -F /dev/null -f ~/Mail/oldarc
Then I get:
Reading /Users/vinc17/Mail/oldarc... 20370
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x900029c8 in strlen ()
(gdb) bt
#0 0x900029c8 in strlen ()
#1 0x90130748 in _simple_vdprintf ()
#2 0x9012bc44 in malloc_printf ()
#3 0x90116bcc in szone_check ()
#4 0x90002c1c in malloc ()
#5 0x0006b538 in safe_malloc (siz=1) at lib.c:149
#6 0x0006b744 in safe_strdup (s=0x995f4 "plain") at lib.c:220
#7 0x0004c154 in mutt_read_rfc822_header (f=0xa000db34, hdr=0x15dc280,
user_hdrs=0, weed=0) at parse.c:1319
#8 0x0003d9b4 in maildir_parse_message (magic=4, fname=0xbfffd218
"/Users/vinc17/Mail/oldarc/cur/1076519289.5337_386.ay:2,S", is_old=1,
_h=0x15dc280) at mh.c:603
#9 0x0003ddf0 in maildir_delayed_parsing (ctx=0x11062e0, md=0x0,
progress=0xbfffd38c) at mh.c:990
#10 0x0004022c in mh_read_dir (ctx=0x11062e0, subdir=0xa1a70 "cur") at mh.c:1047
#11 0x000402a0 in maildir_read_dir (ctx=0x11062e0) at mh.c:1059
#12 0x000411cc in mx_open_mailbox (path=0xb0cb4 "", flags=0, pctx=0x20) at
mx.c:691
#13 0x00037730 in main (argc=5, argv=0xbfffe104) at main.c:960
/tmp/malloc.log contains:
[...]
mutt(28682) malloc: MallocCheckHeap: PASSED check at 1060835th operation
mutt(28682) malloc: MallocCheckHeap: PASSED check at 1060836th operation
mutt(28682) malloc: *** invariant broken for 0x1861400 (2 free in a row)
mutt(28682) malloc: *** small region 2 incorrect szo
Then I don't know how to debug this. The bug is always reproducible, but on a
smaller mailbox containing hundreds of messages around the one that appears in
the backtrace, it no longer occurs.
>How-To-Repeat:
>Fix:
Unknown
>Add-To-Audit-Trail:
>Unformatted: