<<< Date Index >>>     <<< Thread Index >>>

mutt/2713: memory allocation bug



>Number:         2713
>Notify-List:    
>Category:       mutt
>Synopsis:       memory allocation bug
>Confidential:   no
>Severity:       normal
>Priority:       medium
>Responsible:    mutt-dev
>State:          open
>Keywords:       
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 27 04:27:55 +0100 2007
>Originator:     Vincent Lefevre
>Release:        1.5.13 (2007-01-26)
>Organization:
>Environment:
System: Darwin 8.8.0 (Power Macintosh) [using ncurses 5.5] [using libiconv 
1.11] [using libidn 0.6.3 (compiled with 0.6.3)]
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  -USE_SETGID  -USE_DOTLOCK  -DL_STANDALONE  
+USE_FCNTL  -USE_FLOCK   -USE_INODESORT   
+USE_POP  +USE_IMAP  -USE_GSS  +USE_SSL_OPENSSL  -USE_SSL_GNUTLS  -USE_SASL  
+HAVE_GETADDRINFO  
-HAVE_REGCOMP  +USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME  
+BUFFY_SIZE -EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  
+HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  -USE_HCACHE  
ISPELL="/opt/local/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/Users/vinc17/Mail"
PKGDATADIR="/Users/vinc17/share/mutt"
SYSCONFDIR="/Users/vinc17/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
>Description:
Will malloc checking, Mutt aborts on my mail archives. More precisely, in gdb:

set env MallocLogFile /tmp/malloc.log
set env MallocGuardEdges 1
set env MallocPreScribble 1
set env MallocScribble 1
set env MallocCheckHeapStart 1060820
set env MallocCheckHeapEach 1
set env MallocCheckHeapAbort 1
set env MallocBadFreeAbort 1
run -F /dev/null -f ~/Mail/oldarc

Then I get:

Reading /Users/vinc17/Mail/oldarc... 20370
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000000
0x900029c8 in strlen ()
(gdb) bt
#0  0x900029c8 in strlen ()
#1  0x90130748 in _simple_vdprintf ()
#2  0x9012bc44 in malloc_printf ()
#3  0x90116bcc in szone_check ()
#4  0x90002c1c in malloc ()
#5  0x0006b538 in safe_malloc (siz=1) at lib.c:149
#6  0x0006b744 in safe_strdup (s=0x995f4 "plain") at lib.c:220
#7  0x0004c154 in mutt_read_rfc822_header (f=0xa000db34, hdr=0x15dc280, 
user_hdrs=0, weed=0) at parse.c:1319
#8  0x0003d9b4 in maildir_parse_message (magic=4, fname=0xbfffd218 
"/Users/vinc17/Mail/oldarc/cur/1076519289.5337_386.ay:2,S", is_old=1, 
_h=0x15dc280) at mh.c:603
#9  0x0003ddf0 in maildir_delayed_parsing (ctx=0x11062e0, md=0x0, 
progress=0xbfffd38c) at mh.c:990
#10 0x0004022c in mh_read_dir (ctx=0x11062e0, subdir=0xa1a70 "cur") at mh.c:1047
#11 0x000402a0 in maildir_read_dir (ctx=0x11062e0) at mh.c:1059
#12 0x000411cc in mx_open_mailbox (path=0xb0cb4 "", flags=0, pctx=0x20) at 
mx.c:691
#13 0x00037730 in main (argc=5, argv=0xbfffe104) at main.c:960

/tmp/malloc.log contains:
[...]
mutt(28682) malloc: MallocCheckHeap: PASSED check at 1060835th operation
mutt(28682) malloc: MallocCheckHeap: PASSED check at 1060836th operation
mutt(28682) malloc: *** invariant broken for 0x1861400 (2 free in a row)
mutt(28682) malloc: *** small region 2 incorrect szo

Then I don't know how to debug this. The bug is always reproducible, but on a 
smaller mailbox containing hundreds of messages around the one that appears in 
the backtrace, it no longer occurs.
>How-To-Repeat:
>Fix:
Unknown
>Add-To-Audit-Trail:

>Unformatted: