<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2184: SEGV in mutt_match_rx_list()

#2184: SEGV in mutt_match_rx_list()

Old description:

> {{{
> Since I rebuilt mutt from a recent CVS checkout, I observe sporadic
> crashes. Today I managed to create a core:
>
> <gdb output>
> Core was generated by `mutt'.
> Program terminated with signal 11, Segmentation fault.
>
> warning: current_sos: Can't read pathname for load map:
> Eingabe-/Ausgabefehler
>
> Reading symbols from /usr/lib/libncursesw.so.5...done.
> Loaded symbols for /usr/lib/libncursesw.so.5
> Reading symbols from /usr/lib/libssl.so.0.9.7...done.
> Loaded symbols for /usr/lib/libssl.so.0.9.7
> Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
> Loaded symbols for /usr/lib/libcrypto.so.0.9.7
> Reading symbols from /usr/lib/libidn.so.11...done.
> Loaded symbols for /usr/lib/libidn.so.11
> Reading symbols from /usr/lib/tls/libdb-4.3.so...done.
> Loaded symbols for /usr/lib/tls/libdb-4.3.so
> Reading symbols from /lib/tls/libc.so.6...done.
> Loaded symbols for /lib/tls/libc.so.6
> Reading symbols from /lib/libdl.so.2...done.
> Loaded symbols for /lib/libdl.so.2
> Reading symbols from /lib/tls/libpthread.so.0...done.
> Loaded symbols for /lib/tls/libpthread.so.0
> Reading symbols from /lib/ld-linux.so.2...done.
> Loaded symbols for /lib/ld-linux.so.2
> Reading symbols from /lib/libnss_files.so.2...done.
> Loaded symbols for /lib/libnss_files.so.2
> Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
> Loaded symbols for /usr/lib/gconv/ISO8859-1.so
> #0  0x4035ffcb in re_search_internal () from /lib/tls/libc.so.6
> (gdb) bt
> #0  0x4035ffcb in re_search_internal () from /lib/tls/libc.so.6
> #1  0x403613e9 in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
> #2  0x080aa9b8 in mutt_match_rx_list (s=0x8670108 "TEXTGRID-
> INTERN@xxxxxxxxx", l=0x403d8ff4) at muttlib.c:1577
> #3  0x08074734 in mutt_is_mail_list (addr=0x8671320) at hdrline.c:38
> #4  0x0808e91f in mutt_is_list_cc (alladdr=0, a1=0x8671320, a2=0x0) at
> pattern.c:1004
> #5  0x0809c026 in mutt_set_followup_to (e=0x8670490) at send.c:853
> #6  0x080a0ea1 in mutt_prepare_envelope (env=0x8670490, final=1) at
> sendlib.c:2100
> #7  0x0809c7b9 in ci_send_message (flags=<value optimized out>,
> msg=0x843c860, tempfile=0x0, ctx=0x8414ed0, cur=0x0)
>     at send.c:1598
> #8  0x080623bb in mutt_index_menu () at curs_main.c:1964
> #9  0x0807a583 in main (argc=1, argv=0xbfb0d444) at main.c:960
> (gdb) up 2
> #2  0x080aa9b8 in mutt_match_rx_list (s=0x8670108 "TEXTGRID-
> INTERN@xxxxxxxxx", l=0x403d8ff4) at muttlib.c:1577
> 1577        if (regexec (l->rx->rx, s, (size_t) 0, (regmatch_t *) 0,
> (int) 0) == 0)
> (gdb) print *l->rx
> Cannot access memory at address 0x11ad3c
> (gdb) print *l
> $1 = {
>   rx = 0x11ad3c,
>   next = 0x40030d18
> }
> </gdb output>
>
> FWIW, the segfault occured when I called send-message for a mailing list
> posting.
> >How-To-Repeat:
> Unfortunately, I don't know yet how to reproduce the crash.
> >Fix:
> Unknown
> }}}

New description:

 Since I rebuilt mutt from a recent CVS checkout, I observe sporadic
 crashes. Today I managed to create a core:

 <gdb output>
 {{{
 Core was generated by `mutt'.
 Program terminated with signal 11, Segmentation fault.

 warning: current_sos: Can't read pathname for load map:
 Eingabe-/Ausgabefehler

 Reading symbols from /usr/lib/libncursesw.so.5...done.
 Loaded symbols for /usr/lib/libncursesw.so.5
 Reading symbols from /usr/lib/libssl.so.0.9.7...done.
 Loaded symbols for /usr/lib/libssl.so.0.9.7
 Reading symbols from /usr/lib/libcrypto.so.0.9.7...done.
 Loaded symbols for /usr/lib/libcrypto.so.0.9.7
 Reading symbols from /usr/lib/libidn.so.11...done.
 Loaded symbols for /usr/lib/libidn.so.11
 Reading symbols from /usr/lib/tls/libdb-4.3.so...done.
 Loaded symbols for /usr/lib/tls/libdb-4.3.so
 Reading symbols from /lib/tls/libc.so.6...done.
 Loaded symbols for /lib/tls/libc.so.6
 Reading symbols from /lib/libdl.so.2...done.
 Loaded symbols for /lib/libdl.so.2
 Reading symbols from /lib/tls/libpthread.so.0...done.
 Loaded symbols for /lib/tls/libpthread.so.0
 Reading symbols from /lib/ld-linux.so.2...done.
 Loaded symbols for /lib/ld-linux.so.2
 Reading symbols from /lib/libnss_files.so.2...done.
 Loaded symbols for /lib/libnss_files.so.2
 Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
 Loaded symbols for /usr/lib/gconv/ISO8859-1.so
 #0  0x4035ffcb in re_search_internal () from /lib/tls/libc.so.6
 (gdb) bt
 #0  0x4035ffcb in re_search_internal () from /lib/tls/libc.so.6
 #1  0x403613e9 in regexec@@GLIBC_2.3.4 () from /lib/tls/libc.so.6
 #2  0x080aa9b8 in mutt_match_rx_list (s=0x8670108 "TEXTGRID-
 INTERN@xxxxxxxxx", l=0x403d8ff4) at muttlib.c:1577
 #3  0x08074734 in mutt_is_mail_list (addr=0x8671320) at hdrline.c:38
 #4  0x0808e91f in mutt_is_list_cc (alladdr=0, a1=0x8671320, a2=0x0) at
 pattern.c:1004
 #5  0x0809c026 in mutt_set_followup_to (e=0x8670490) at send.c:853
 #6  0x080a0ea1 in mutt_prepare_envelope (env=0x8670490, final=1) at
 sendlib.c:2100
 #7  0x0809c7b9 in ci_send_message (flags=<value optimized out>,
 msg=0x843c860, tempfile=0x0, ctx=0x8414ed0, cur=0x0)
     at send.c:1598
 #8  0x080623bb in mutt_index_menu () at curs_main.c:1964
 #9  0x0807a583 in main (argc=1, argv=0xbfb0d444) at main.c:960
 (gdb) up 2
 #2  0x080aa9b8 in mutt_match_rx_list (s=0x8670108 "TEXTGRID-
 INTERN@xxxxxxxxx", l=0x403d8ff4) at muttlib.c:1577
 1577        if (regexec (l->rx->rx, s, (size_t) 0, (regmatch_t *) 0, (int)
 0) == 0)
 (gdb) print *l->rx
 Cannot access memory at address 0x11ad3c
 (gdb) print *l
 $1 = {
   rx = 0x11ad3c,
   next = 0x40030d18
 }
 }}}
 </gdb output>

 FWIW, the segfault occured when I called send-message for a mailing list
 posting.
 >How-To-Repeat:
 Unfortunately, I don't know yet how to reproduce the crash.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2184#comment:1>