Re: [Mutt] #2676: mutt + imap header results in a NULL pointer
#2676: mutt + imap header results in a NULL pointer dereference crash
Old description:
> {{{
> Whenever I try to check my employer's mail (via IMAP+TLS),
> I use IMAP header-caching. However, mutt crashes on this particular
> mailbox. gdb(1) gives:
>
> Fetching message headers... [402/402]
> Program received signal SIGSEGV, Segmentation fault.
> 0x080927df in mx_update_context (ctx=0x8121900, new_messages=402) at
> mx.c:1618
> 1618 h->security = crypt_query (h->content);
> (gdb) inspect h
> $1 = (HEADER *) 0x0
> (gdb) inspect ctx->hdrs[399]
> $3 = (HEADER *) 0x81c4d80
> (gdb) inspect ctx->hdrs[400]
> $4 = (HEADER *) 0x0
> (gdb) inspect ctx->hdrs[401]
> $5 = (HEADER *) 0x8121980
> (gdb) bt
> #0 0x080927df in mx_update_context (ctx=0x8121900, new_messages=402)
> at mx.c:1618
> #1 0x080e2069 in imap_read_headers (idata=0x8117a00, msgbegin=401,
> msgend=401)
> at message.c:344
> #2 0x080de706 in imap_open_mailbox (ctx=0x8121900) at imap.c:737
> #3 0x080908e2 in mx_open_mailbox (path=0xbfbfdc30
> "imap://imap.qsp.nl/",
> flags=0, pctx=0x0) at mx.c:719
> #4 0x08067827 in mutt_index_menu () at curs_main.c:1129
> #5 0x08085b2a in main (argc=1, argv=0xbfbfe884) at main.c:969
>
> For some reason, message 400's headers point to a NULL pointer. However,
> I can read the message using mutt without headercache (which is enabled
> using --with-hcache in configure) just fine.
>
> I have left the gdb(1) running; let me know if anything else needs to be
> inspected
> >How-To-Repeat:
> Try to open my employer's IMAP mailbox, while IMAP header caching is
> enabled.
> >Fix:
> Disable headercaching (configuring with --with-hcache will do) solves the
> problem.
> }}}
New description:
Whenever I try to check my employer's mail (via IMAP+TLS),
I use IMAP header-caching. However, mutt crashes on this particular
mailbox. gdb(1) gives:
{{{
Fetching message headers... [402/402]
Program received signal SIGSEGV, Segmentation fault.
0x080927df in mx_update_context (ctx=0x8121900, new_messages=402) at
mx.c:1618
1618 h->security = crypt_query (h->content);
(gdb) inspect h
$1 = (HEADER *) 0x0
(gdb) inspect ctx->hdrs[399]
$3 = (HEADER *) 0x81c4d80
(gdb) inspect ctx->hdrs[400]
$4 = (HEADER *) 0x0
(gdb) inspect ctx->hdrs[401]
$5 = (HEADER *) 0x8121980
(gdb) bt
#0 0x080927df in mx_update_context (ctx=0x8121900, new_messages=402)
at mx.c:1618
#1 0x080e2069 in imap_read_headers (idata=0x8117a00, msgbegin=401,
msgend=401)
at message.c:344
#2 0x080de706 in imap_open_mailbox (ctx=0x8121900) at imap.c:737
#3 0x080908e2 in mx_open_mailbox (path=0xbfbfdc30
"imap://imap.qsp.nl/",
flags=0, pctx=0x0) at mx.c:719
#4 0x08067827 in mutt_index_menu () at curs_main.c:1129
#5 0x08085b2a in main (argc=1, argv=0xbfbfe884) at main.c:969
}}}
For some reason, message 400's headers point to a NULL pointer. However,
I can read the message using mutt without headercache (which is enabled
using --with-hcache in configure) just fine.
I have left the gdb(1) running; let me know if anything else needs to be
inspected
>How-To-Repeat:
Try to open my employer's IMAP mailbox, while IMAP header caching is
enabled.
>Fix:
Disable headercaching (configuring with --with-hcache will do) solves the
problem.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/2676#comment:1>