#3530: Crash on search in IMAP(S) mailbox
----------------------+-----------------------------------------------------
Reporter: barsnick | Owner: brendan
Type: defect | Status: new
Priority: major | Milestone:
Component: IMAP | Version: 1.5.21
Keywords: |
----------------------+-----------------------------------------------------
mutt crashes on searching within an IMAP(S) mailbox. I connect and log in
to a mailbox using an imaps:// type folder. I search (using '/') for this:
{{{
~h "freshm|bugz"
}}}
Resulting in this:
{{{
Fetching message... 0K/1.0K (0%)*** glibc detected ***
/usr/local/new/tools/networking/mail/mutt/mutt-hg/mutt-build/mutt: free():
invalid next size (fast): 0x081db720 ***
[... glibc crash info ...]
Program received signal SIGABRT, Aborted.
0x00bb7416 in __kernel_vsyscall ()
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-
lib-2.1.22-19.fc10.i386 cyrus-sasl-md5-2.1.22-19.fc10.i386 cyrus-sasl-
ntlm-2.1.22-19.fc10.i386 cyrus-sasl-plain-2.1.22-19.fc10.i386
db4-4.7.25-7.fc10.i386 glibc-2.9-3.i686 gnutls-2.4.2-5.fc10.i386
libgcc-4.3.2-7.i386 libgcrypt-1.4.4-1.fc10.i386 libgpg-error-1.6-2.i386
libidn-0.6.14-8.i386 libtasn1-1.5-1.fc10.i386 ncurses-
libs-5.6-20.20080927.fc10.i386 openssl-0.9.8g-14.fc10.i686
zlib-1.2.3-22.fc10.1sunshine.pentium4
(gdb) bt
#0 0x00bb7416 in __kernel_vsyscall ()
#1 0x006d0460 in raise () from /lib/libc.so.6
#2 0x006d1e28 in abort () from /lib/libc.so.6
#3 0x0070dfed in __libc_message () from /lib/libc.so.6
#4 0x007143a4 in malloc_printerr () from /lib/libc.so.6
#5 0x00716356 in free () from /lib/libc.so.6
#6 0x080b6238 in safe_free (ptr=0xbfffcdb8) at lib.c:198
#7 0x080ab670 in write_one_header (fp=0x81da5d8, pfxw=0, max=<value
optimized out>, wraplen=78, pfx=0x0,
start=0x81db1b1 "Received: from AFAXSMK (unknown [68.178.18.24]) by
xxx-xxx.xxx (Postfix) with ESMTP id 65C759B481C for <[email protected]>; Wed,
29 Jun 2011 06:07:39 +0200 (CEST)\nReceived: from 68.178.18.24"...,
end=0x81db25e "Received: from 68.178.18.24 by mail.lanuk.com; Tue, 28
Jun 2011 20:07:13 -0800\nMessage-ID:
<000d01cc3612$069cc3b0$6400a8c0@huggingyw5>\nFrom: ?????? ???
<[email protected]>\nTo: [email protected]\nS"..., flags=20) at
sendlib.c:1825
#8 0x080ab9b4 in mutt_write_one_header (fp=0x81da5d8, tag=0x0,
value=0x81d95f8 "Return-Path: <[email protected]>\nX-Original-To:
[email protected]\nDelivered-To: [email protected]\nReceived: from AFAXSMK
(unknown [68.178.18.24])\n\tby xxx-xxx.xxx (Postfix) with "..., pfx=0x0,
wraplen=78, flags=20)
at sendlib.c:1894
#9 0x0805ef4c in mutt_copy_hdr (in=0x81da100, out=0x81da5d8, off_start=0,
off_end=898, flags=20, prefix=0x0) at copy.c:289
#10 0x0805f5bc in mutt_copy_header (in=0x81da100, h=0x81b8c58,
out=0x81da5d8, flags=20, prefix=0x0) at copy.c:350
#11 0x08096376 in msg_search (ctx=0x815f310, pat=0x8194280, msgno=<value
optimized out>) at pattern.c:174
#12 0x08096e54 in mutt_pattern_exec (pat=0x8194280,
flags=M_MATCH_FULL_ADDRESS, ctx=0x815f310, h=0x81b8c58) at pattern.c:1144
#13 0x08098840 in mutt_search_command (cur=0, op=154) at pattern.c:1512
#14 0x0806474c in mutt_index_menu () at curs_main.c:901
#15 0x08080430 in main (argc=Cannot access memory at address 0x5dda
) at main.c:1020
}}}
If I use this search:
{{{
~h "freshm"
}}}
I get a slightly different crash:
{{{
Fetching message... 0K/1.0K (0%)*** glibc detected ***
/usr/local/new/tools/networking/mail/mutt/mutt-hg/mutt-build/mutt: free():
invalid next size (normal): 0x081da318 ***
[... glibc crash info ...]
Program received signal SIGABRT, Aborted.
0x003cc416 in __kernel_vsyscall ()
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-
lib-2.1.22-19.fc10.i386 cyrus-sasl-md5-2.1.22-19.fc10.i386 cyrus-sasl-
ntlm-2.1.22-19.fc10.i386 cyrus-sasl-plain-2.1.22-19.fc10.i386
db4-4.7.25-7.fc10.i386 glibc-2.9-3.i686 gnutls-2.4.2-5.fc10.i386
libgcc-4.3.2-7.i386 libgcrypt-1.4.4-1.fc10.i386 libgpg-error-1.6-2.i386
libidn-0.6.14-8.i386 libtasn1-1.5-1.fc10.i386 ncurses-
libs-5.6-20.20080927.fc10.i386 openssl-0.9.8g-14.fc10.i686
zlib-1.2.3-22.fc10.1sunshine.pentium4
(gdb) bt all
No symbol "all" in current context.
(gdb) bt
#0 0x003cc416 in __kernel_vsyscall ()
#1 0x006d0460 in raise () from /lib/libc.so.6
#2 0x006d1e28 in abort () from /lib/libc.so.6
#3 0x0070dfed in __libc_message () from /lib/libc.so.6
#4 0x007143a4 in malloc_printerr () from /lib/libc.so.6
#5 0x00717e46 in _int_realloc () from /lib/libc.so.6
#6 0x00718c86 in realloc () from /lib/libc.so.6
#7 0x080b62a2 in safe_realloc (ptr=0x81d9150, siz=0) at lib.c:176
#8 0x0805f07b in mutt_copy_hdr (in=0x81dade0, out=0x81db048, off_start=0,
off_end=898, flags=<value optimized out>, prefix=0x0)
at copy.c:169
#9 0x0805f5bc in mutt_copy_header (in=0x81dade0, h=0x81b8c80,
out=0x81db048, flags=20, prefix=0x0) at copy.c:350
#10 0x08096376 in msg_search (ctx=0x815f310, pat=0x81d7b58, msgno=<value
optimized out>) at pattern.c:174
#11 0x08096e54 in mutt_pattern_exec (pat=0x81d7b58,
flags=M_MATCH_FULL_ADDRESS, ctx=0x815f310, h=0x81b8c80) at pattern.c:1144
#12 0x08098840 in mutt_search_command (cur=0, op=154) at pattern.c:1512
#13 0x0806474c in mutt_index_menu () at curs_main.c:901
#14 0x08080430 in main (argc=Cannot access memory at address 0x5e54
) at main.c:1020
}}}
mutt is latest (as of today) from hg (6187:b477d7c5733e on HEAD/tip).
It is built as such:
{{{
./configure --enable-imap --with-sasl --with-gnutls
}}}
resulting in:
{{{
barsnick@sunshine:/usr/new/tools/networking/mail/mutt/mutt-hg/mutt-build >
./mutt -v
Mutt + (b477d7c5733e) (2010-12-30)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 2.6.27.41-170.2.117.fc10.i686 (i686)
ncurses: ncurses 5.6.20080927 (compiled with 5.6)
libidn: 0.6.14 (compiled with 0.6.14)
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL
-USE_FLOCK
-USE_POP +USE_IMAP -USE_SMTP
-USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL -USE_GSS +HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME
-CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID -USE_HCACHE
ISPELL="/usr/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
}}}
and executed as such:
{{{
gdb --args ./mutt -F /dev/null -f /dev/null
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3530>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
