#3945: mx_open_mailbox can call realpath(NULL,NULL) and abort
-------------------------+----------------------
Reporter: tamo | Owner: mutt-dev
Type: enhancement | Status: new
Priority: trivial | Milestone:
Component: mutt | Version:
Keywords: |
-------------------------+----------------------
In mx_open_mailbox (https://dev.mutt.org/trac/browser/mx.c#L570 ),
mutt calls realpath with a safe_strdup'ed path:
{{{
570 ctx->path = safe_strdup (path);
571 if (! (ctx->realpath = realpath (ctx->path, NULL)) )
572 ctx->realpath = safe_strdup (ctx->path);
}}}
But safe_strdup can return 0:
https://dev.mutt.org/trac/browser/lib.c#L237
{{{
237 if (!s || !*s)
238 return 0;
}}}
And most (if not all) of realpath implementations don't make sure the
first arg is non-NULL.
So maybe we should either wrap the ctx->path with NONNULL or check it
before calling realpath.
{{{
ctx->path = safe_strdup (path);
if (!ctx->path)
{
mutt_error (_("Tried to open an unnamed mailbox. Maybe your muttrc is
wrong or incomplete."));
if (!pctx)
FREE (&ctx);
return NULL;
}
if (! (ctx->realpath = realpath (ctx->path, NULL)) )
ctx->realpath = safe_strdup (ctx->path);
}}}
I found this issue when I was reading http://openbsd-
archive.7691.n7.nabble.com/mail-mutt-dumps-core-on-every-other-snapshot-
td310535.html but I'm not sure if it is related.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3945>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
