Re: [Mutt] #3041: imap fetch segfault
#3041: imap fetch segfault
Comment (by chrisl):
OK, I have the full socket data logging so I can actually replay the imap
traffic
and generate the core dump reliably.
I did more The bug is due to the fact that, in
ctx->msgcount ++;
It does not take into account that it can be bigger than ctx->hdrmax,
due to the unexpected * 14124 fetch. So the msgcount go over hdrmax.
Later in imap_cmd_step it blow up when it try to read beyond the
allocated memory, thanks to the inflated msgcount.
So there is two things need to fix. It need to make sure both idx and
msgcount stay below hdrmax. Otherwise bad things happens.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3041#comment:3>