<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2966: Crash when opening encrypted message



#2966: Crash when opening encrypted message

Changes (by brendan):

  * version:  => 1.5.16
  * milestone:  => 1.6

Old description:

> Mutt crashed today when I tried to open an encrypted message.  Malloc()
> complained of head corruption.  Here's the backtrace:
>
> *** glibc detected *** malloc(): memory corruption: 0x081250e8 ***
>
> Program received signal SIGABRT, Aborted.
> 0x0055c7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> (gdb) bt
> #0  0x0055c7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
> #1  0x001287a5 in raise () from /lib/tls/libc.so.6
> #2  0x0012a209 in abort () from /lib/tls/libc.so.6
> #3  0x0015ca1a in __libc_message () from /lib/tls/libc.so.6
> #4  0x00163cd2 in _int_malloc () from /lib/tls/libc.so.6
> #5  0x001656e1 in malloc () from /lib/tls/libc.so.6
> #6  0x006e048e in CRYPTO_get_new_dynlockid () from /lib/libcrypto.so.4
> #7  0x006e0a3f in CRYPTO_malloc () from /lib/libcrypto.so.4
> #8  0x0072c068 in EVP_DigestInit_ex () from /lib/libcrypto.so.4
> #9  0x006e9817 in HMAC_Init_ex () from /lib/libcrypto.so.4
> #10 0x00ae1838 in tls1_mac () from /lib/libssl.so.4
> #11 0x00adc65b in ssl3_dispatch_alert () from /lib/libssl.so.4
> #12 0x00adc598 in ssl3_dispatch_alert () from /lib/libssl.so.4
> #13 0x00adc710 in ssl3_write_bytes () from /lib/libssl.so.4
> #14 0x00adab04 in ssl3_write () from /lib/libssl.so.4
> #15 0x00ae2883 in SSL_write () from /lib/libssl.so.4
> #16 0x080dc97c in ssl_socket_write (conn=0x81a1f50,
>     buf=0x81eba98 "a1957 UID FETCH 38904 BODY.PEEK[]\r\n", len=35)
>     at mutt_ssl.c:258
> #17 0x080db532 in mutt_socket_write_d (conn=0x81a1f50,
>     buf=0x81eba98 "a1957 UID FETCH 38904 BODY.PEEK[]\r\n", len=35, dbg=2)
>     at mutt_socket.c:126
> #18 0x080e2913 in imap_cmd_start (idata=0x81aa080,
>     cmdstr=0xbfffc074 "UID FETCH 38904 BODY.PEEK[]") at command.c:107
> #19 0x080e74b7 in imap_fetch_message (msg=0x84dead8, ctx=0x817d3a0,
> msgno=0)
>     at message.c:426
> #20 0x08093181 in mx_open_message (ctx=0x817d3a0, msgno=0) at mx.c:1407
> #21 0x0809d136 in mutt_parse_mime_message (ctx=0x817d3a0, cur=0x84dec08)
>     at parse.c:956
> #22 0x08059d96 in mutt_display_message (cur=0x84dec08) at commands.c:71
> #23 0x080681d3 in mutt_index_menu () at curs_main.c:1179
> #24 0x08085fe6 in main (argc=1, argv=0xbfffe064) at main.c:989
> (gdb)
>
> This is with mutt 1.5.16.  From mutt -v:
>
> Mutt 1.5.16 (2007-06-09)
> Copyright (C) 1996-2007 Michael R. Elkins and others.
> Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
> Mutt is free software, and you are welcome to redistribute it
> under certain conditions; type `mutt -vv' for details.
>
> System: Linux 2.6.9-55.3.EL (i686)
> slang: 10409
> libidn: 0.5.6 (compiled with 0.5.6)
> Compile options:
> -DOMAIN
> -DEBUG
> -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE
> +USE_FCNTL  +USE_FLOCK   -USE_INODESORT
> +USE_POP  +USE_IMAP  +USE_SMTP  -USE_GSS  +USE_SSL_OPENSSL
> -USE_SSL_GNUTLS  -USE_SASL  +HAVE_GETADDRINFO
> +HAVE_REGCOMP  -USE_GNU_REGEX
> +HAVE_COLOR  -HAVE_START_COLOR  -HAVE_TYPEAHEAD  -HAVE_BKGDSET
> -HAVE_CURS_SET  -HAVE_META  -HAVE_RESIZETERM
> +CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME
> -CRYPT_BACKEND_GPGME
> -EXACT_ADDRESS  -SUN_ATTACHMENT
> +ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET
> +HAVE_LANGINFO_YESEXPR
> +HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE
> ISPELL="/usr/bin/ispell"
> SENDMAIL="/usr/sbin/sendmail"
> MAILPATH="/var/mail"
> PKGDATADIR="/db/c6xi/linux/share/mutt"
> SYSCONFDIR="/db/c6xi/linux/etc"
> EXECSHELL="/bin/sh"
> -MIXMASTER
> To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
> To report a bug, please visit http://bugs.mutt.org/.

New description:

 Mutt crashed today when I tried to open an encrypted message.  Malloc()
 complained of head corruption.  Here's the backtrace:
 {{{
 *** glibc detected *** malloc(): memory corruption: 0x081250e8 ***

 Program received signal SIGABRT, Aborted.
 0x0055c7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
 (gdb) bt
 #0  0x0055c7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
 #1  0x001287a5 in raise () from /lib/tls/libc.so.6
 #2  0x0012a209 in abort () from /lib/tls/libc.so.6
 #3  0x0015ca1a in __libc_message () from /lib/tls/libc.so.6
 #4  0x00163cd2 in _int_malloc () from /lib/tls/libc.so.6
 #5  0x001656e1 in malloc () from /lib/tls/libc.so.6
 #6  0x006e048e in CRYPTO_get_new_dynlockid () from /lib/libcrypto.so.4
 #7  0x006e0a3f in CRYPTO_malloc () from /lib/libcrypto.so.4
 #8  0x0072c068 in EVP_DigestInit_ex () from /lib/libcrypto.so.4
 #9  0x006e9817 in HMAC_Init_ex () from /lib/libcrypto.so.4
 #10 0x00ae1838 in tls1_mac () from /lib/libssl.so.4
 #11 0x00adc65b in ssl3_dispatch_alert () from /lib/libssl.so.4
 #12 0x00adc598 in ssl3_dispatch_alert () from /lib/libssl.so.4
 #13 0x00adc710 in ssl3_write_bytes () from /lib/libssl.so.4
 #14 0x00adab04 in ssl3_write () from /lib/libssl.so.4
 #15 0x00ae2883 in SSL_write () from /lib/libssl.so.4
 #16 0x080dc97c in ssl_socket_write (conn=0x81a1f50,
     buf=0x81eba98 "a1957 UID FETCH 38904 BODY.PEEK[]\r\n", len=35)
     at mutt_ssl.c:258
 #17 0x080db532 in mutt_socket_write_d (conn=0x81a1f50,
     buf=0x81eba98 "a1957 UID FETCH 38904 BODY.PEEK[]\r\n", len=35, dbg=2)
     at mutt_socket.c:126
 #18 0x080e2913 in imap_cmd_start (idata=0x81aa080,
     cmdstr=0xbfffc074 "UID FETCH 38904 BODY.PEEK[]") at command.c:107
 #19 0x080e74b7 in imap_fetch_message (msg=0x84dead8, ctx=0x817d3a0,
 msgno=0)
     at message.c:426
 #20 0x08093181 in mx_open_message (ctx=0x817d3a0, msgno=0) at mx.c:1407
 #21 0x0809d136 in mutt_parse_mime_message (ctx=0x817d3a0, cur=0x84dec08)
     at parse.c:956
 #22 0x08059d96 in mutt_display_message (cur=0x84dec08) at commands.c:71
 #23 0x080681d3 in mutt_index_menu () at curs_main.c:1179
 #24 0x08085fe6 in main (argc=1, argv=0xbfffe064) at main.c:989
 (gdb)

 This is with mutt 1.5.16.  From mutt -v:

 Mutt 1.5.16 (2007-06-09)
 Copyright (C) 1996-2007 Michael R. Elkins and others.
 Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
 Mutt is free software, and you are welcome to redistribute it
 under certain conditions; type `mutt -vv' for details.

 System: Linux 2.6.9-55.3.EL (i686)
 slang: 10409
 libidn: 0.5.6 (compiled with 0.5.6)
 Compile options:
 -DOMAIN
 -DEBUG
 -HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE
 +USE_FCNTL  +USE_FLOCK   -USE_INODESORT
 +USE_POP  +USE_IMAP  +USE_SMTP  -USE_GSS  +USE_SSL_OPENSSL
 -USE_SSL_GNUTLS  -USE_SASL  +HAVE_GETADDRINFO
 +HAVE_REGCOMP  -USE_GNU_REGEX
 +HAVE_COLOR  -HAVE_START_COLOR  -HAVE_TYPEAHEAD  -HAVE_BKGDSET
 -HAVE_CURS_SET  -HAVE_META  -HAVE_RESIZETERM
 +CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME
 -CRYPT_BACKEND_GPGME
 -EXACT_ADDRESS  -SUN_ATTACHMENT
 +ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET
 +HAVE_LANGINFO_YESEXPR
 +HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE
 ISPELL="/usr/bin/ispell"
 SENDMAIL="/usr/sbin/sendmail"
 MAILPATH="/var/mail"
 PKGDATADIR="/db/c6xi/linux/share/mutt"
 SYSCONFDIR="/db/c6xi/linux/etc"
 EXECSHELL="/bin/sh"
 -MIXMASTER
 To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
 To report a bug, please visit http://bugs.mutt.org/.
 }}}

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2966#comment:2>