Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 479438 - mail-client/mutt-1.5.21-r12: SIGSEGV at mutt_parse_content_type / mutt_free_parameter / safe_free
Summary: mail-client/mutt-1.5.21-r12: SIGSEGV at mutt_parse_content_type / mutt_free_p...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Fabian Groffen
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-01 20:57 UTC by Alexey Dobriyan
Modified: 2014-03-16 10:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
bt full (mutt-bt-full.log,7.65 KB, text/plain)
2013-08-01 20:58 UTC, Alexey Dobriyan 		Details
emerge --info (emerge-info.txt,4.62 KB, text/plain)
2013-08-01 20:59 UTC, Alexey Dobriyan 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Dobriyan 2013-08-01 20:57:40 UTC 
Got a core, do not remember the details.

Program terminated with signal 11, Segmentation fault.
#0  __GI___libc_free (mem=0x70) at malloc.c:2968
2968    malloc.c: No such file or directory.
(gdb) bt
#0  __GI___libc_free (mem=0x70) at malloc.c:2968
#1  0x000000000046bdd1 in safe_free (ptr=0x1312dc0) at lib.c:198
#2  0x000000000046d440 in mutt_free_parameter (p=0x1312d70) at muttlib.c:218
#3  0x000000000044bb27 in mutt_parse_content_type (s=0x1319cde "multipart/alternative; boundary=001a11c3738a61060b04df4c3980", ct=0x1312d60) at parse.c:286
#4  0x000000000044cb06 in mutt_parse_rfc822_line (e=0x12ce9c0, hdr=0x1318920, line=0x1319cd0 "Content-Type", p=0x1319cde "multipart/alternative; boundary=001a11c3738a61060b04df4c3980", user_hdrs=0, weed=0, 
    do_2047=1, lastp=0x7fff272346f0) at parse.c:1012
#5  0x000000000044d2e2 in mutt_read_rfc822_header (f=0x12bc6f0, hdr=0x1318920, user_hdrs=0, weed=0) at parse.c:1461
#6  0x0000000000492b58 in imap_fetch_message (msg=0x12e1620, ctx=0x107fb30, msgno=<optimized out>) at message.c:556
#7  0x0000000000443eb5 in mx_open_message (ctx=0x107fb30, msgno=413) at mx.c:1540
#8  0x000000000041bee7 in mutt_append_message (dest=0x12e1550, src=0x107fb30, hdr=0x1318920, cmflags=0, chflags=1024) at copy.c:740
#9  0x000000000041600e in _mutt_save_message (h=0x1318920, ctx=0x12e1550, delete=1, decode=0, decrypt=<optimized out>) at commands.c:713
#10 0x000000000048f2dd in imap_sync_mailbox (ctx=0x107fb30, expunge=1, index_hint=<optimized out>) at imap.c:1237
#11 0x00000000004438ee in mx_sync_mailbox (ctx=0x107fb30, index_hint=0x7fff27235f3c) at mx.c:1279
#12 0x0000000000420463 in mutt_index_menu () at curs_main.c:1288
#13 0x0000000000408590 in main (argc=1, argv=<optimized out>) at main.c:1083


Reproducible: Sometimes




Parameter list has junk.

(gdb) p *(PARAMETER*)0x1312d70
$1 = {attribute = 0x1312dc0 "p", value = 0x12f1480 "@\001", next = 0x12da9c0}
(gdb) p *(PARAMETER*)0x12da9c0
$2 = {attribute = 0x140 <Address 0x140 out of bounds>, value = 0x0, next = 0x1312d00}
(gdb) p *(PARAMETER*)0x1312d00
$3 = {attribute = 0x70 <Address 0x70 out of bounds>, value = 0x12da9c0 "@\001", next = 0x0}
Comment 1 Alexey Dobriyan 2013-08-01 20:58:37 UTC 
Created attachment 354856 [details]
bt full
Comment 2 Alexey Dobriyan 2013-08-01 20:59:24 UTC 
Created attachment 354858 [details]
emerge --info
Comment 3 Fabian Groffen gentoo-dev 2013-09-09 20:00:58 UTC 
since this code has potentially changed somewhat, I'd be happy if you could test if this still happens with -r13
Comment 4 Anthony de Boer 2014-03-13 11:31:08 UTC 
Tested and can confirm our 21-r12 and 22-r2 both segfault with the test case from Debian #708731 (sample message, with and without config one-liner). Would the fix they issued yesterday perchance help here?
Comment 5 Fabian Groffen gentoo-dev 2014-03-15 14:36:18 UTC 
that fix should be in 1.5.22-r3, so if you could test that one (it's being stabilised as we speak)
Comment 6 Anthony de Boer 2014-03-15 15:01:14 UTC 
Tested and 1.5.22-r3 can open the mutt_killing_message_from_DebianBTS test case without segfaulting.  Thanks!
Comment 7 Fabian Groffen gentoo-dev 2014-03-16 10:11:02 UTC 
cool, thanks for testing