[Mutt] #3474: mutt-1.5.21: SIGSEGV in write_one_header()
#3474: mutt-1.5.21: SIGSEGV in write_one_header()
-----------------------------+----------------------------------------------
Reporter: vvv@â | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version:
Keywords: |
-----------------------------+----------------------------------------------
{{{
Package: mutt
Version: 1.5.21
Severity: important
-- Please type your report below this line
mutt crashes with SIGSEGV in write_one_header() if there is no ':'
in the first line of message/rfc822 attachment.
To reproduce the bug:
1. Create file with the following contents:
------------------------------------------------------------------------
123
------------------------------------------------------------------------
2. Create new message.
3. Attach created file in compose menu.
4. Change type of the attachment from text/plain to message/rfc822.
5. Trying to view the attachment in compose menu causes crash:
#0 0x080ad7dc in write_one_header ()
#1 0x080ada72 in mutt_write_one_header ()
#2 0x0806126b in mutt_copy_hdr ()
#3 0x0807a159 in message_handler ()
#4 0x08079983 in mutt_body_handler ()
#5 0x0804edc5 in mutt_decode_save_attachment ()
#6 0x0804fd4c in mutt_view_attachment ()
#7 0x0809fa61 in mutt_attach_display_loop ()
#8 0x0805f85d in mutt_compose_menu ()
#9 0x080a9eb3 in ci_send_message ()
#10 0x08068067 in mutt_index_menu ()
#11 0x0808279a in main ()
Fix:
------------------------------------------------------------------------
--- sendlib.c.orig 2010-10-28 15:27:23.000000000 +0300
+++ sendlib.c 2010-10-28 19:05:11.000000000 +0300
@@ -1819,7 +1819,7 @@
"'key: value' format!\n"));
return 0;
}
- if (is_from)
+ if (is_from || !t)
{
tagbuf = NULL;
valbuf = mutt_substrdup (start, end);
------------------------------------------------------------------------
-- System Information
System Version: FreeBSD zeus.colocall.net 8.1-RELEASE FreeBSD 8.1-RELEASE
#4: Mon Aug 2 15:12:12 EEST 2010
root@xxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/zeus_PAE i386
-- Build environment information
(Note: This is the build environment installed on the system
muttbug is run on. Information may or may not match the environment
used to build mutt.)
- gcc version information
cc -I/usr/local/include
Using built-in specs.
Target: i386-undermydesk-freebsd
Configured with: FreeBSD/i386 system compiler
Thread model: posix
gcc version 4.2.1 20070719 [FreeBSD]
- CFLAGS
-O2 -pipe -fno-strict-aliasing
-- Mutt Version Information
Mutt 1.5.21 (2010-09-15)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: FreeBSD 8.1-RELEASE (i386)
slang: 20202
libiconv: 1.13
hcache backend: Sleepycat Software: Berkeley DB 4.2.52: (December 3,
2003)
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE -USE_FCNTL
+USE_FLOCK
+USE_POP +USE_NNTP +USE_IMAP +USE_SMTP
+USE_SSL_OPENSSL -USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX +COMPRESSED
+HAVE_COLOR -HAVE_START_COLOR -HAVE_TYPEAHEAD -HAVE_BKGDSET
-HAVE_CURS_SET -HAVE_META -HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME
-CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE
ISPELL="/usr/local/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
To report a bug, please visit http://bugs.mutt.org/.
vvv.quote
patch-1.5.0.ats.date_conditional.1
dgc.deepif.1
vvv.initials
vvv.nntp
rr.compressed
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3474>
Mutt <http://www.mutt.org/>
The Mutt mail user agent