Re: [Mutt] #3410: Mutt crashes when two instances open the same mailbox
#3410: Mutt crashes when two instances open the same mailbox
--------------------+-------------------------------------------------------
Reporter: vext01 | Owner: me
Type: defect | Status: assigned
Priority: major | Milestone:
Component: mutt | Version:
Keywords: |
--------------------+-------------------------------------------------------
Comment(by brendan):
I don't think there's anything wrong in principle with closing Context
here -- mutt_index_menu and mutt_buffy_check are both careful to check
whether Context or Context->path are NULL. The context alias comes from
the call to imap_get_mailbox, called from imap_buffy_check, called from
mutt_buffy_check. It is a bit unfortunate that idata->ctx is an alias for
Context, but mutt's heavy use of globals makes it a bit hard to fix.
The trigger of this bug is actually openbsd's malloc. Mutt is setting
idata->ctx->path to NULL in mx_fastclose_mailbox, then freeing idata->ctx.
openbsd's malloc is presumably overwriting *idata->ctx with its junk value
instead of NULL, which causes the !Context->path test on 417 of
mutt_buffy_check to fail. Now, this is certainly a mutt bug --
dereferencing Context is not kosher here -- but it is normally harmless.
One possible fix would be to have mx_fastclose_mailbox compare Context to
ctx, and null out the global if it points to the same place.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3410#comment:>
Mutt <http://www.mutt.org/>
The Mutt mail user agent