Re: [Mutt] #3288: seg fault in mx_update_context
#3288: seg fault in mx_update_context
--------------------+-------------------------------------------------------
Reporter: prlw1 | Owner: brendan
Type: defect | Status: accepted
Priority: major | Milestone:
Component: IMAP | Version: 1.5.20
Keywords: patch |
--------------------+-------------------------------------------------------
Comment(by prlw1):
I have just had exactly this same core dump with today's mutt head.
{{{
% hg parent
changeset: 6035:31881f38ca1e
branch: HEAD
tag: tip
user: Brendan Cully <brendan@xxxxxxxxxx>
date: Tue Dec 29 00:33:20 2009 -0500
summary: Hack mutt_wstr_trunc to treat M_TREE characters as 1 cell.
}}}
{{{
Program terminated with signal 11, Segmentation fault.
#0 0x08081f4f in mx_update_context (ctx=0xbb719680, new_messages=235037)
at mx.c:1544
1544 h->virtual = ctx->vcount++;
(gdb) bt
#0 0x08081f4f in mx_update_context (ctx=0xbb719680, new_messages=235037)
at mx.c:1544
#1 0x080bdcd6 in imap_read_headers (idata=0xbb7670c0, msgbegin=0,
msgend=235037) at message.c:379
#2 0x080bb23f in imap_open_mailbox (ctx=0xbb719680) at imap.c:756
#3 0x0808380b in mx_open_mailbox (path=0xbfbfe434 "imap://localhost/",
flags=<value optimized out>, pctx=0x0) at mx.c:661
#4 0x08079075 in main (argc=Cannot access memory at address 0x395ba
) at main.c:1017
}}}
{{{
(gdb) print msgno
$10 = 234938
(gdb) print ctx->hdrs[234938]
$11 = (HEADER *) 0x0
(gdb) print ctx->hdrs[234937]
$12 = (HEADER *) 0xade80380
(gdb) print ctx->hdrs[234939]
$14 = (HEADER *) 0xade80440
}}}
I haven't tried the above attached patch, as I really don't see why it
should work. Any clues?
Essentially, continue loop on message count if ctx->hdrs[idx] is NULL, yet
AFAICT the assignment of ctx->hdrs[idx]=calloc(1,sizeof(HEADER)) happens
afterwards...
At least this seems to be reproducible once more...
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3288#comment:8>
Mutt <http://www.mutt.org/>
The Mutt mail user agent