<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #3410: Mutt crashes when two instances open the same mailbox



#3410: Mutt crashes when two instances open the same mailbox
--------------------+-------------------------------------------------------
 Reporter:  vext01  |       Owner:  me      
     Type:  defect  |      Status:  assigned
 Priority:  major   |   Milestone:          
Component:  mutt    |     Version:          
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by brendan):

 I don't think there's anything wrong in principle with closing Context
 here -- mutt_index_menu and mutt_buffy_check are both careful to check
 whether Context or Context->path are NULL. The context alias comes from
 the call to imap_get_mailbox, called from imap_buffy_check, called from
 mutt_buffy_check. It is a bit unfortunate that idata->ctx is an alias for
 Context, but mutt's heavy use of globals makes it a bit hard to fix.

 The trigger of this bug is actually openbsd's malloc. Mutt is setting
 idata->ctx->path to NULL in mx_fastclose_mailbox, then freeing idata->ctx.
 openbsd's malloc is presumably overwriting *idata->ctx with its junk value
 instead of NULL, which causes the !Context->path test on 417 of
 mutt_buffy_check to fail. Now, this is certainly a mutt bug --
 dereferencing Context is not kosher here -- but it is normally harmless.

 One possible fix would be to have mx_fastclose_mailbox compare Context to
 ctx, and null out the global if it points to the same place.

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/3410#comment:>
Mutt <http://www.mutt.org/>
The Mutt mail user agent