Package: mutt
Version: 1.5.21-5
Followup-For: Bug #626294
I was just looking at the source and the patch that resulted in the
crash. While I do not understand the code completely (it is somewhat
overcomplicated), the `idx` is not reset to the beginning when
starting the 2nd loop.
Basically, the function appears to read headers from local cache. It
increments idx, which is set in the definition area. It probably
should have been set prior to the first for(...) loop for better
clarity.
Then in the next for loop, the function appears to go over the same
messages. But the idx is not reset to beginning. This causes
problems because for any new message, the header will never me
allocated resulting in corrupt stack and crash.
Patch is attached that appears to fix the problem. Please send it
upstream.
Cheers,
Adam
--- a/imap/message.c 2011-06-10 01:45:00.233631968 -0500
+++ b/imap/message.c 2011-06-10 01:43:11.109632044 -0500
@@ -232,6 +232,7 @@
mutt_progress_init (&progress, _("Fetching message headers..."),
M_PROGRESS_MSG, ReadInc, msgend + 1);
+ idx = msgbegin - 1;
for (msgno = msgbegin; msgno <= msgend ; msgno++)
{
mutt_progress_update (&progress, msgno + 1, -1);
