Re: [Mutt] #3288: seg fault in mx_update_context
#3288: seg fault in mx_update_context
---------------------+------------------------------------------------------
Reporter: prlw1 | Owner: brendan
Type: defect | Status: new
Priority: major | Milestone:
Component: IMAP | Version: 1.5.20
Resolution: | Keywords:
---------------------+------------------------------------------------------
Changes (by pdmef):
* owner: mutt-dev => brendan
* component: mutt => IMAP
Old description:
> {{{
> #0 0x08081c1f in mx_update_context (ctx=0xbb719680, new_messages=2)
> at mx.c:1550
> 1550 h->virtual = ctx->vcount++;
> (gdb) bt
> #0 0x08081c1f in mx_update_context (ctx=0xbb719680, new_messages=2)
> at mx.c:1550
> #1 0x080bc636 in imap_read_headers (idata=0xbb7790c0, msgbegin=223296,
> msgend=223298) at message.c:379
> #2 0x080b503d in imap_cmd_finish (idata=0xbb7790c0) at command.c:291
> #3 0x080b55a7 in imap_cmd_step (idata=0xbb7790c0) at command.c:180
> #4 0x080b6629 in imap_exec (idata=0xbb7790c0, cmdstr=0x80d0e44 "NOOP",
> flags=0) at command.c:245
> #5 0x080b7100 in imap_check_mailbox (ctx=0xbb719680,
> index_hint=0xbfbfd8cc,
> force=0) at imap.c:1419
> #6 0x0805f556 in mutt_index_menu () at curs_main.c:482
> #7 0x08078d76 in main (argc=Cannot access memory at address 0x36841
> ) at main.c:1020
> (gdb) print *h
> Cannot access memory at address 0x0
> (gdb) print *ctx
> $1 = {path = 0xbb7a8a80 "imap://localhost/INBOX", fp = 0x0, mtime = 0,
> size = 2639737827, vsize = 2751036268, pattern = 0x0, limit_pattern =
> 0x0,
> hdrs = 0xbb501000, last_tag = 0x0, tree = 0xae5e2580, id_hash = 0x0,
> subj_hash = 0xadd83670, thread_hash = 0xaeab91b0, v2r = 0xbb401000,
> hdrmax = 223346, msgcount = 223298, vcount = 223297, tagged = 0, new =
> 1,
> unread = 1106, deleted = 0, flagged = 0, msgnotreadyet = -1, magic = 5,
> rights = "�\a", locked = 0, changed = 0, readonly = 0, dontwrite = 0,
> append = 0, quiet = 0, collapsed = 0, closing = 0, data = 0xbb7790c0,
> mx_close = 0x80b7280 <imap_close_mailbox>}
> (gdb) print msgno
> $2 = 223297
> (gdb) print ctx->hdrs[223297]
> $3 = (HEADER *) 0x0
> (gdb) print ctx->hdrs[223296]
> $4 = (HEADER *) 0xad60e280
> (gdb)
> }}}
>
> when running this morning's mercurial head. So the question is
>
> {{{
> 2647: for (msgno = ctx->msgcount - new_messages; msgno < ctx->msgcount;
> msgno++)
> 2647: {
> 2647: h = ctx->hdrs[msgno];
>
> }}}
>
> are the limits right? (msgcount=223298, new_messages=2, msgno=223297)
New description:
{{{
#0 0x08081c1f in mx_update_context (ctx=0xbb719680, new_messages=2)
at mx.c:1550
1550 h->virtual = ctx->vcount++;
(gdb) bt
#0 0x08081c1f in mx_update_context (ctx=0xbb719680, new_messages=2)
at mx.c:1550
#1 0x080bc636 in imap_read_headers (idata=0xbb7790c0, msgbegin=223296,
msgend=223298) at message.c:379
#2 0x080b503d in imap_cmd_finish (idata=0xbb7790c0) at command.c:291
#3 0x080b55a7 in imap_cmd_step (idata=0xbb7790c0) at command.c:180
#4 0x080b6629 in imap_exec (idata=0xbb7790c0, cmdstr=0x80d0e44 "NOOP",
flags=0) at command.c:245
#5 0x080b7100 in imap_check_mailbox (ctx=0xbb719680,
index_hint=0xbfbfd8cc,
force=0) at imap.c:1419
#6 0x0805f556 in mutt_index_menu () at curs_main.c:482
#7 0x08078d76 in main (argc=Cannot access memory at address 0x36841
) at main.c:1020
(gdb) print *h
Cannot access memory at address 0x0
(gdb) print *ctx
$1 = {path = 0xbb7a8a80 "imap://localhost/INBOX", fp = 0x0, mtime = 0,
size = 2639737827, vsize = 2751036268, pattern = 0x0, limit_pattern =
0x0,
hdrs = 0xbb501000, last_tag = 0x0, tree = 0xae5e2580, id_hash = 0x0,
subj_hash = 0xadd83670, thread_hash = 0xaeab91b0, v2r = 0xbb401000,
hdrmax = 223346, msgcount = 223298, vcount = 223297, tagged = 0, new =
1,
unread = 1106, deleted = 0, flagged = 0, msgnotreadyet = -1, magic = 5,
rights = "�\a", locked = 0, changed = 0, readonly = 0, dontwrite = 0,
append = 0, quiet = 0, collapsed = 0, closing = 0, data = 0xbb7790c0,
mx_close = 0x80b7280 <imap_close_mailbox>}
(gdb) print msgno
$2 = 223297
(gdb) print ctx->hdrs[223297]
$3 = (HEADER *) 0x0
(gdb) print ctx->hdrs[223296]
$4 = (HEADER *) 0xad60e280
(gdb)
}}}
when running this morning's mercurial head. So the question is
{{{
2647: for (msgno = ctx->msgcount - new_messages; msgno < ctx->msgcount;
msgno++)
2647: {
2647: h = ctx->hdrs[msgno];
}}}
are the limits right? (msgcount=223298, new_messages=2, msgno=223297)
--
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3288#comment:2>
Mutt <http://www.mutt.org/>
The Mutt mail user agent