#3800: Segfault after attaching, detaching and reattaching files using Attach:
pseudoheader
-------------------------+----------------------
Reporter: dabsent | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version: 1.5.24
Keywords: attachments |
-------------------------+----------------------
Instructions to reproduce the bug: start a new message (with edit_headers
set). At the top of the headers, add the
following pseudoheaders:
Attach: /tmp/test
Attach: /tmp/test2
where test and test2 are two files (their content seems indifferent, the
bug is
reproducible with identical text files containing the single line "Test
file").
Then save the message and exit the editor. The files test and test2 will
appear
as attachments in the compose view. Now remove the attachments using D
(detach-file), then add them again in the same way (by editing the message
and inserting two
pseudoheaders, as above), and save the message. Mutt will crash.
I reproduced the bug without using my .muttrc file, with a .muttrcdummy
containing only
{{{
set edit_headers
}}}
The debug file at level 2 produces the following outputĀ :
{{{
[2015-12-31 20:17:11] Mutt/1.5.24 (2015-08-30) debugging at level 2
[2015-12-31 20:17:11] Reading configuration file '/usr/local/etc/Muttrc'.
[2015-12-31 20:17:11] Reading configuration file '.muttrcdummy'.
[2015-12-31 20:17:12] Reading /var/mail/david...
[2015-12-31 20:17:12] Reading /var/mail/david... 0
[2015-12-31 20:17:12] Reading /var/mail/david... 10
[...]
[2015-12-31 20:17:12] Reading /var/mail/david... 1250 (99%)
[2015-12-31 20:17:12] Sorting mailbox...
[2015-12-31 20:17:39] mutt_free_body: not unlinking /tmp/test.
[2015-12-31 20:17:39] mutt_free_body: not unlinking /tmp/test2.
}}}
Gdb produces the following backtraceĀ :
{{{
Core was generated by `./mutt -F .muttrcdummy -d2'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f544e73ce28 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) backtrace
#0 0x00007f544e73ce28 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x0000000000453028 in mutt_update_tree (idx=0x1f3d130, idxlen=3) at
recvattach.c:86
#2 0x0000000000453bf3 in mutt_gen_attach_list (m=0x0, parent_type=-1,
idx=0x1f3d130, idxlen=0x7ffebdca514c, idxmax=0x7ffebdca514e, level=0,
compose=1) at recvattach.c:153
#3 0x00000000004155b5 in mutt_compose_menu (msg=0x1f3c7d0,
fcc=0x7ffebdca74f0 "~/sent", fcclen=256, cur=0x0) at compose.c:633
#4 0x000000000045e955 in ci_send_message (flags=0, msg=0x1f3c7d0,
tempfile=0x0, ctx=<optimized out>, cur=0x0) at send.c:1586
#5 0x000000000041eb89 in mutt_index_menu () at curs_main.c:2048
#6 0x0000000000405983 in main (argc=1, argv=<optimized out>) at
main.c:1061
}}}
Mutt -v produces the following output
{{{
Mutt 1.5.24 (2015-08-30)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 3.2.0-91-generic (x86_64)
slang: 20204
libidn: 1.23 (compiled with 1.23)
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro
4.6.3-1ubuntu5' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-
suffix=-4.6 --enable-shared --enable-linker-build-id --with-system-zlib
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.6 --libdir=/usr/lib --enable-nls
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-
libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-
objc-gc --disable-werror --with-arch-32=i686 --with-tune=generic --enable-
checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
Configure options: '--with-slang' '--enable-debug'
Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL
-USE_FLOCK
-USE_POP -USE_IMAP -USE_SMTP
-USE_SSL_OPENSSL -USE_SSL_GNUTLS -USE_SASL -USE_GSS -HAVE_GETADDRINFO
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR -HAVE_START_COLOR -HAVE_TYPEAHEAD -HAVE_BKGDSET
-HAVE_CURS_SET -HAVE_META -HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME
-CRYPT_BACKEND_GPGME
-EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID -USE_HCACHE
ISPELL="/usr/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3800>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
