[Mutt] #3410: Mutt crashes when two instances open the same mailbox
#3410: Mutt crashes when two instances open the same mailbox
--------------------+-------------------------------------------------------
Reporter: vext01 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version:
Keywords: |
--------------------+-------------------------------------------------------
My university mail is stored on an IMAP server (UoW). If I run two copies
of mutt on the same mailbox on my OpenBSD workstation (running hg head
mutt), the older of the two will seg fault.
I am using a strict malloc.conf on OpenBSD. In the attached backtrace,
notice the following:
{{{
#1 0x1c082ca6 in mutt_strcmp (
a=0x8133c000 "imaps://url.censored.sorry:993/Sent Items",
b=0xdfdfdfdf <Address 0xdfdfdfdf out of bounds>) at lib.c:870
}}}
The 0xdfdfdfdf indicates a use after free and is provided by the J flag
for malloc.conf:
{{{
J ``Junk''. Fill some junk into the area allocated. Currently
junk is bytes of 0xd0 when allocating; this is pronounced
``Duh''. :-) Freed chunks are filled with 0xdf.
}}}
For more information see the malloc.conf manual page:
http://www.openbsd.org/cgi-
bin/man.cgi?query=malloc.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3410>
Mutt <http://www.mutt.org/>
The Mutt mail user agent