Bug#838720: mutt: pager segfaults when window is resized
On Tue, Oct 18, 2016 at 06:54:39AM +, Antonio Radici wrote:
> I'm sorry that we are going back and forward with the "please retry the next
> version" statement but I wasn't able to reproduce it. Now that I have your
> muttrc hopefully I'll be able to do it.
I have to apologize myself for not providing a reproducible test case.
The good (or bad) thing is that the pager has segfaulted three times this
morning alone, and this time even before sending the message. Hopefully I
will get to actually reading the code to make sense of the backtraces.
> Also, let us know which terminal you are using as well, as that might
> contribute
> to the issue.
I use urxvt (rxvt-unicode) with the following .Xresources entries:
URxvt*foreground: white
URxvt*background: gray3
URxvt*font: xft:DejaVu Sans Mono:size=10,xft:WenQuanYi Zen Hei Mono
URxvt*letterSpace: -1
URxvt*iso14755: false
URxvt*saveLines: 2048
URxvt*scrollBar: false
URxvt*secondaryScreen: false
URxvt*cutchars: !""#$%&''()*+,-./:;<=>?@[\\]^`{|}~
URxvt*perl-ext:
URxvt*perl-ext-common:
Peter
Bug#838720: mutt: pager segfaults when window is resized
On Mon, Oct 17, 2016 at 09:56:23PM -0400, Peter Colberg wrote: > On Mon, Oct 17, 2016 at 09:31:40PM -0400, Peter Colberg wrote: > > Hopefully I will send you a minimal muttrc at some point; it is not > > trivial since I cannot reproduce the segfault so far and have to wait > > for the next one. > > I had another segfault just now and have a slightly better idea. > > I was viewing the very message I had sent you roughly a minute ago. > After a few seconds I pressed a key to scroll the message, after which > mutt segfaulted with the same message “Sorting mailbox...”. > > What had presumably happened between opening the message in the pager, > and trying to scroll a few seconds later, is mbsync synchronizing the > mailbox to the IMAP server every two minutes. When mbsync copies a new > sent message to the server, it also updates the local mail folder, which > appears to have triggered the segfault in this instance. > Thanks Peter, I'm sorry that we are going back and forward with the "please retry the next version" statement but I wasn't able to reproduce it. Now that I have your muttrc hopefully I'll be able to do it. Also, let us know which terminal you are using as well, as that might contribute to the issue.
Bug#838720: mutt: pager segfaults when window is resized
On Mon, Oct 17, 2016 at 09:31:40PM -0400, Peter Colberg wrote: > Hopefully I will send you a minimal muttrc at some point; it is not > trivial since I cannot reproduce the segfault so far and have to wait > for the next one. I had another segfault just now and have a slightly better idea. I was viewing the very message I had sent you roughly a minute ago. After a few seconds I pressed a key to scroll the message, after which mutt segfaulted with the same message “Sorting mailbox...”. What had presumably happened between opening the message in the pager, and trying to scroll a few seconds later, is mbsync synchronizing the mailbox to the IMAP server every two minutes. When mbsync copies a new sent message to the server, it also updates the local mail folder, which appears to have triggered the segfault in this instance. My muttrc begins with set folder=~/Mail set spoolfile=~/Mail/INBOX set mbox_type=Maildir set header_cache=~/.cache/mutt/headers My mbsyncrc contains MaildirStore local Path ~/Mail/ Inbox ~/Mail/INBOX Flatten . IMAPStore remote Host imap.example.org User * Pass * UseIMAPS yes Channel remote Master :remote: Slave :local: Patterns % !Spam !Trash Create Slave Expunge Both Peter
Bug#838720: mutt: pager segfaults when window is resized
Control: found -1 1.7.1-2
Hi Antonio,
On Fri, Sep 30, 2016 at 07:43:08AM +, Antonio Radici wrote:
> unfortunately I'm still unable to reproduce it, I believe it's due to the
> configuration. The problem itself might be due to the header cache or some
> other
> reason, do you mind sending me the output of bt full on the corefile?
Please see the attached full stacktrace for the latest segfault with
the above version, which occurred right after sending a mail and mutt
outputting “Sorting mailbox...”, the same as with earlier segfaults.
> Additionally, if you could devise a minimum set of ocnfiguration (i.e.: a
> minimal .muttrc) that I can use to reproduce this bug, it will be great and it
> will ensure that I will be able to fix it quicker :)
Hopefully I will send you a minimal muttrc at some point; it is not
trivial since I cannot reproduce the segfault so far and have to wait
for the next one. Since you mentioned the header cache, I deleted the
cache file to make sure there was no accidental corruption, but then
the attached segfault occurred regardless.
Peter
#0 mutt_pager (banner=banner@entry=0x7ffe4882c6c0 "---Attachment:
/tmp/mutt-alcyone-1000-3900-12427186522611139815: text/plain",
fname=fname@entry=0x7ffe4882c4c0
"/tmp/mutt-alcyone-1000-3900-17151246448925655235", flags=,
flags@entry=256, extra=extra@entry=0x7ffe4882c390) at ../../pager.c:2034
searchbuf = '\000'
buffer = "?:Help", '\000' , "\350\003", '\000'
...
helpstr = "i:Exit -:PrevPg :NextPg ?:Help", '\000'
tmphelp = "i:Exit -:PrevPg :NextPg", '\000'
maxLine = 70
lastLine = 24
lineInfo = 0x55a6f6a63460
QuoteList = 0x0
i =
j =
ch = 150
rc = -1
hideQuoted =
q_level = 0
force_redraw = 0
lines =
curline =
topline = 0
oldtopline =
err =
first =
r =
wrapped =
searchctx =
redraw = 0
fp = 0x55a6f6a63230
last_pos = 917
last_offset =
old_smart_wrap =
old_markers =
sb = {st_dev = 36, st_ino = 116705, st_nlink = 1, st_mode = 33152,
st_uid = 1000, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 917,
st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1476752587, tv_nsec =
907517935},
st_mtim = {tv_sec = 1476752587, tv_nsec = 931517950}, st_ctim =
{tv_sec = 1476752587, tv_nsec = 931517950}, __glibc_reserved = {0, 0, 0}}
SearchRE = {buffer = 0x736972702f736461 , allocated = 8241996531388803444, used =
7364851246852158218, syntax = 3832899941293176676,
fastmap = 0x3238666430656530 , translate = 0x6165346535326335 , re_nsub = 3760850262121526374,
can_be_null = 1, regs_allocated = 1, fastmap_accurate = 0, no_sub =
1, not_bol = 1, not_eol = 0, newline_anchor = 0}
SearchCompiled = 0
SearchFlag =
SearchBack =
has_types =
index_status_window = 0x55a6f69eabb0
index_window = 0x55a6f66e46c0
pager_status_window = 0x55a6f66f56f0
pager_window = 0x55a6f69c1090
index = 0x0
indexlen =
indicator =
old_PagerIndexLines =
index_hint = 0
oldcount =
check = 3
followup_to =
#1 0x55a6f574e889 in mutt_do_pager (banner=0x7ffe4882c6c0 "---Attachment:
/tmp/mutt-alcyone-1000-3900-12427186522611139815: text/plain",
tempfile=tempfile@entry=0x7ffe4882c4c0
"/tmp/mutt-alcyone-1000-3900-17151246448925655235",
do_color=do_color@entry=256, info=info@entry=0x7ffe4882c390) at
../../curs_lib.c:784
rc =
#2 0x55a6f573911b in mutt_view_attachment (fp=fp@entry=0x0,
a=0x55a6f7dd2a40, flag=, flag@entry=1, hdr=hdr@entry=0x0,
idx=idx@entry=0x55a6f66da5e0, idxlen=) at ../../attach.c:579
info = {ctx = 0x55a6f64f40b0, hdr = 0x0, bdy = 0x55a6f7dd2a40, fp =
0x0, idx = 0x55a6f66da5e0, idxlen = 1}
tempfile = '\000'
pagerfile = "/tmp/mutt-alcyone-1000-3900-17151246448925655235", '\000'
is_message = 0
use_mailcap =
use_pipe =
use_pager =
type =
"text/plain\000\366\246U\000\000\000\062\246\366\246U\000\000X\300\064\226\023\177\000\000#\000\000\000\000\000\000\000\276$3\226\023\177\000\000\020\000\000\000\000\000\000\000(ǂH\376\177\000\000\000\000\000\000\000\000\000\000g",
'\000' ,
"P0\246\366\246U\000\000\000\033Ue\267;\b\303\020\062\246\366\246U\000\000X\300\064\226\023\177\000\000w\000\000\000\000\000\000\000\016'3\226\023\177\000\000\316\024\022\226\023\177\000\000g",
'\000' , " ", '\000' ...
command = "0ȂH\376\177\000\000\377\037\000\000g", '\000' ,
"\033Ue\267;\b\303`\366\246U\000\000p)\335\367\246U\000\000\060ȂH\376\177\000\000\001\000\000\000\000\000\000\000(ȂH\376\177\000\000\260\357\202H\376\177\000\000\001\000\000\000\000\000\000\000\223\204t\365\246U",
'\000' , "\070\064\061\060\063\0...@bugs.debian.org", '\000'
...
Bug#838720: mutt: pager segfaults when window is resized
On Fri, Sep 30, 2016 at 12:01:51AM -0400, Peter Colberg wrote: > Control: found -1 1.7.0-6 > > Hi Antonio, > > On Mon, Sep 26, 2016 at 04:38:00AM +, Antonio Radici wrote: > > when I informally talked to Richard, the NeoMutt maintainer, he told me that > > this might be fixed starting from 20160916, which means that we expect this > > to > > be fixed starting from 1.7.0-6 in Debian, do you mind letting us know > > whether > > this is still reproducible? > > Unfortunately the bug is still present: > > (gdb) bt > #0 mutt_user_is_recipient (h=h@entry=0x55c6cb9c0ce0) at ../../hdrline.c:216 > #1 0x55c6c9ad2667 in hdr_format_str (dest=dest@entry=0x7ffe38b82980 "", > destlen=destlen@entry=1024, col=1, cols=cols@entry=119, op=, > src=0x55c6cb932993 "- %C/%m: %-20.20n %s%* -- (%P)", prefix=0x7ffe38b82880 > "", > ifstring=0x7ffe38b82900 "%4c", elsestring=0x7ffe38b82d80 > "@/\270\070\001", data=140729850016496, flags=MUTT_FORMAT_MAKEPRINT) at > ../../hdrline.c:902 > #2 0x55c6c9b18e76 in mutt_FormatString (dest=dest@entry=0x7ffe38b835f0 > "-*-NeoMutt: ~/.cache/devscripts/bts/760277.mbox [Msgs:4 > 18K]---(threads/last-date-received)", '-' , "(all)---", > destlen=1023, col=col@entry=0, > cols=119, src=, callback=callback@entry=0x55c6c9ad22f0 > , data=140729850016496, flags=MUTT_FORMAT_MAKEPRINT) at > ../../muttlib.c:1571 > #3 0x55c6c9ad454b in mutt_make_string_info (dst=dst@entry=0x7ffe38b835f0 > "-*-NeoMutt: ~/.cache/devscripts/bts/760277.mbox [Msgs:4 > 18K]---(threads/last-date-received)", '-' , "(all)---", > dstlen=, > cols=, s=, hfi=hfi@entry=0x7ffe38b832f0, > flags=flags@entry=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:1049 > #4 0x55c6c9ae9821 in mutt_pager (banner=banner@entry=0x0, > fname=fname@entry=0x7ffe38b83e90 > "/tmp/mutt-alcyone-1000-12431-10957457911605671007", flags=, > flags@entry=66, extra=extra@entry=0x7ffe38b83e60) > at ../../pager.c:1951 > #5 0x55c6c9aab165 in mutt_display_message (cur=0x55c6cb9c0ce0) at > ../../commands.c:225 > #6 0x55c6c9abb79b in mutt_index_menu () at ../../curs_main.c:1908 > #7 0x55c6c9a9b7fa in main (argc=1, argv=) at > ../../main.c:876 > > > This time I had opened two separate windows, each running mutt with > the same mailbox open. I was viewing a message in the first mutt, > and composing a reply to another message in the second mutt. > > After sending the reply and closing the second mutt (which marked > the message as replied), the first mutt crashed with this notice: > > Sorting mailbox...Segmentation fault (core dumped) Hi Peter, unfortunately I'm still unable to reproduce it, I believe it's due to the configuration. The problem itself might be due to the header cache or some other reason, do you mind sending me the output of bt full on the corefile? Feel free to send it privately if you want. Additionally, if you could devise a minimum set of ocnfiguration (i.e.: a minimal .muttrc) that I can use to reproduce this bug, it will be great and it will ensure that I will be able to fix it quicker :)
Bug#838720: mutt: pager segfaults when window is resized
Control: found -1 1.7.0-6 Hi Antonio, On Mon, Sep 26, 2016 at 04:38:00AM +, Antonio Radici wrote: > when I informally talked to Richard, the NeoMutt maintainer, he told me that > this might be fixed starting from 20160916, which means that we expect this to > be fixed starting from 1.7.0-6 in Debian, do you mind letting us know whether > this is still reproducible? Unfortunately the bug is still present: (gdb) bt #0 mutt_user_is_recipient (h=h@entry=0x55c6cb9c0ce0) at ../../hdrline.c:216 #1 0x55c6c9ad2667 in hdr_format_str (dest=dest@entry=0x7ffe38b82980 "", destlen=destlen@entry=1024, col=1, cols=cols@entry=119, op=, src=0x55c6cb932993 "- %C/%m: %-20.20n %s%* -- (%P)", prefix=0x7ffe38b82880 "", ifstring=0x7ffe38b82900 "%4c", elsestring=0x7ffe38b82d80 "@/\270\070\001", data=140729850016496, flags=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:902 #2 0x55c6c9b18e76 in mutt_FormatString (dest=dest@entry=0x7ffe38b835f0 "-*-NeoMutt: ~/.cache/devscripts/bts/760277.mbox [Msgs:4 18K]---(threads/last-date-received)", '-' , "(all)---", destlen=1023, col=col@entry=0, cols=119, src=, callback=callback@entry=0x55c6c9ad22f0 , data=140729850016496, flags=MUTT_FORMAT_MAKEPRINT) at ../../muttlib.c:1571 #3 0x55c6c9ad454b in mutt_make_string_info (dst=dst@entry=0x7ffe38b835f0 "-*-NeoMutt: ~/.cache/devscripts/bts/760277.mbox [Msgs:4 18K]---(threads/last-date-received)", '-' , "(all)---", dstlen=, cols=, s=, hfi=hfi@entry=0x7ffe38b832f0, flags=flags@entry=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:1049 #4 0x55c6c9ae9821 in mutt_pager (banner=banner@entry=0x0, fname=fname@entry=0x7ffe38b83e90 "/tmp/mutt-alcyone-1000-12431-10957457911605671007", flags=, flags@entry=66, extra=extra@entry=0x7ffe38b83e60) at ../../pager.c:1951 #5 0x55c6c9aab165 in mutt_display_message (cur=0x55c6cb9c0ce0) at ../../commands.c:225 #6 0x55c6c9abb79b in mutt_index_menu () at ../../curs_main.c:1908 #7 0x55c6c9a9b7fa in main (argc=1, argv=) at ../../main.c:876 This time I had opened two separate windows, each running mutt with the same mailbox open. I was viewing a message in the first mutt, and composing a reply to another message in the second mutt. After sending the reply and closing the second mutt (which marked the message as replied), the first mutt crashed with this notice: Sorting mailbox...Segmentation fault (core dumped) Peter
Bug#838720: mutt: pager segfaults when window is resized
Control: tag -1 +moreinfo
On Fri, Sep 23, 2016 at 05:45:47PM -0400, Peter Colberg wrote:
> Package: mutt
> Version: 1.7.0-5
> Severity: important
>
> Dear Maintainer,
>
> Since the inclusion of the neomutt patches, I experience occasional
> segmentation faults when viewing a message in the pager. So far I
> cannot specify an exact sequence of steps to reproduce the issue.
>
> I reckon the issue occurs after having sent a new message, viewing
> that message in the pager, and then adding a new window to my awesome
> tiling window manager, which triggers a refresh of the pager.
>
> This is the backtrace of a crash using the symbols from mutt-dbgsym:
>
> (gdb) bt
> #0 0x55eebe3e8bca in hdr_format_str (dest=dest@entry=0x7ffeef83d900 "",
> destlen=destlen@entry=1024, col=25, cols=cols@entry=119, op=110 'n',
> src=0x55eebff7e9a4 " %s%* -- (%P)", prefix=0x7ffeef83d800 "-20.20",
> ifstring=0x7ffeef83d880 "%4c", elsestring=0x7ffeef83dd00 "",
> data=140732916818544, flags=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:692
> #1 0x55eebe42ec96 in mutt_FormatString (dest=dest@entry=0x7ffeef83e570
> "- d*- -1050820271/10662: 0662 397M]---(threads/last-date-received)", '-'
> , "(end)---", destlen=1023, col=col@entry=0, cols=119,
> src=, callback=callback@entry=0x55eebe3e81f0
> , data=140732916818544, flags=MUTT_FORMAT_MAKEPRINT) at
> ../../muttlib.c:1551
> #2 0x55eebe3ea3ab in mutt_make_string_info (dst=dst@entry=0x7ffeef83e570
> "- d*- -1050820271/10662: 0662 397M]---(threads/last-date-received)", '-'
> , "(end)---", dstlen=, cols=,
> s=, hfi=hfi@entry=0x7ffeef83e270,
> flags=flags@entry=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:1051
> #3 0x55eebe3ff683 in mutt_pager (banner=banner@entry=0x0,
> fname=fname@entry=0x7ffeef83ee10
> "/tmp/mutt-alcyone-1000-29714-8251779491620025653", flags=,
> flags@entry=66, extra=extra@entry=0x7ffeef83ede0)
> at ../../pager.c:1951
> #4 0x55eebe3c1055 in mutt_display_message (cur=0x55eec03db890) at
> ../../commands.c:225
> #5 0x55eebe3d168b in mutt_index_menu () at ../../curs_main.c:1905
> #6 0x55eebe3b17aa in main (argc=1, argv=) at
> ../../main.c:877
>
> My muttrc contains these pager-related settings:
>
> set index_format="%4C %Z %{%b %d} %-15.15F (%?l?%4l&%4c?) %s"
> set pager_index_lines=10
Hi Peter,
when I informally talked to Richard, the NeoMutt maintainer, he told me that
this might be fixed starting from 20160916, which means that we expect this to
be fixed starting from 1.7.0-6 in Debian, do you mind letting us know whether
this is still reproducible?
Thanks!
Bug#838720: mutt: pager segfaults when window is resized
Package: mutt
Version: 1.7.0-5
Severity: important
Dear Maintainer,
Since the inclusion of the neomutt patches, I experience occasional
segmentation faults when viewing a message in the pager. So far I
cannot specify an exact sequence of steps to reproduce the issue.
I reckon the issue occurs after having sent a new message, viewing
that message in the pager, and then adding a new window to my awesome
tiling window manager, which triggers a refresh of the pager.
This is the backtrace of a crash using the symbols from mutt-dbgsym:
(gdb) bt
#0 0x55eebe3e8bca in hdr_format_str (dest=dest@entry=0x7ffeef83d900 "",
destlen=destlen@entry=1024, col=25, cols=cols@entry=119, op=110 'n',
src=0x55eebff7e9a4 " %s%* -- (%P)", prefix=0x7ffeef83d800 "-20.20",
ifstring=0x7ffeef83d880 "%4c", elsestring=0x7ffeef83dd00 "",
data=140732916818544, flags=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:692
#1 0x55eebe42ec96 in mutt_FormatString (dest=dest@entry=0x7ffeef83e570 "-
d*- -1050820271/10662: 0662 397M]---(threads/last-date-received)", '-' , "(end)---", destlen=1023, col=col@entry=0, cols=119,
src=, callback=callback@entry=0x55eebe3e81f0
, data=140732916818544, flags=MUTT_FORMAT_MAKEPRINT) at
../../muttlib.c:1551
#2 0x55eebe3ea3ab in mutt_make_string_info (dst=dst@entry=0x7ffeef83e570
"- d*- -1050820271/10662: 0662 397M]---(threads/last-date-received)", '-'
, "(end)---", dstlen=, cols=,
s=, hfi=hfi@entry=0x7ffeef83e270,
flags=flags@entry=MUTT_FORMAT_MAKEPRINT) at ../../hdrline.c:1051
#3 0x55eebe3ff683 in mutt_pager (banner=banner@entry=0x0,
fname=fname@entry=0x7ffeef83ee10
"/tmp/mutt-alcyone-1000-29714-8251779491620025653", flags=,
flags@entry=66, extra=extra@entry=0x7ffeef83ede0)
at ../../pager.c:1951
#4 0x55eebe3c1055 in mutt_display_message (cur=0x55eec03db890) at
../../commands.c:225
#5 0x55eebe3d168b in mutt_index_menu () at ../../curs_main.c:1905
#6 0x55eebe3b17aa in main (argc=1, argv=) at
../../main.c:877
My muttrc contains these pager-related settings:
set index_format="%4C %Z %{%b %d} %-15.15F (%?l?%4l&%4c?) %s"
set pager_index_lines=10
Regards,
Peter
