<<< Date Index >>>     <<< Thread Index >>>

crash in update_index()



Hi.
I've been experiencing mutt segfaults when I open a Maildir folder
and leave it a while.  I'm using some simple limit pattern, and
the sorting is set to other than "threads".  New messages are
delivered to this folder through procmail.  Older messages in that
folder are periodically removed using cron job:
  0 0 * * *     find ~/foo/??? -type f -mtime +60 -delete

and when mutt tries to check the folder for new messages and update
the index after the cron job removed some messages, mutt crashes.
I believe that the following instruction can reproduce this problem,
but you may have to tweak the message count(9999).
  $ mkdir -p foo/{cur,new,tmp}
  $ for i in `seq 9999 0`; do echo "yes $i" > foo/new/$i; done
  $ ~/mutt.hg/mutt -F /dev/null -e 'unset mark_old move;set read_inc=1000 
sort=mailbox-order folder=foo spoolfile=+;push "<limit>~b yes<enter>"'
  (suspend mutt here)
  $ rm foo/new/0
  $ fg
  (and mutt segfaults here)

After playing with gdb, it turned out that update_index() tries to add
messages satisfying the limit criteria to the end of v2r[], beyond
Context->hdrmax.  The fix is as simple as this:

%%%%
diff -r b0172175cc89 curs_main.c
--- a/curs_main.c       Tue Mar 20 13:39:29 2007 -0700
+++ b/curs_main.c       Wed Mar 21 19:40:47 2007 +0900
@@ -288,6 +288,7 @@ static void update_index (MUTTMENU *menu
   if (Context->pattern)
   {
 #define THIS_BODY Context->hdrs[j]->content
+    Context->vcount = 0;
     for (j = (check == M_REOPENED) ? 0 : oldcount; j < Context->msgcount; j++)
     {
       if (mutt_pattern_exec (Context->limit_pattern,
%%%%

I also noticed that although update_index() has CONTEXT *ctx in its
argument, it's not used and the global Context is used instead.
Is this intended?

Cheers.