Got a core, do not remember the details. Program terminated with signal 11, Segmentation fault. #0 __GI___libc_free (mem=0x70) at malloc.c:2968 2968 malloc.c: No such file or directory. (gdb) bt #0 __GI___libc_free (mem=0x70) at malloc.c:2968 #1 0x000000000046bdd1 in safe_free (ptr=0x1312dc0) at lib.c:198 #2 0x000000000046d440 in mutt_free_parameter (p=0x1312d70) at muttlib.c:218 #3 0x000000000044bb27 in mutt_parse_content_type (s=0x1319cde "multipart/alternative; boundary=001a11c3738a61060b04df4c3980", ct=0x1312d60) at parse.c:286 #4 0x000000000044cb06 in mutt_parse_rfc822_line (e=0x12ce9c0, hdr=0x1318920, line=0x1319cd0 "Content-Type", p=0x1319cde "multipart/alternative; boundary=001a11c3738a61060b04df4c3980", user_hdrs=0, weed=0, do_2047=1, lastp=0x7fff272346f0) at parse.c:1012 #5 0x000000000044d2e2 in mutt_read_rfc822_header (f=0x12bc6f0, hdr=0x1318920, user_hdrs=0, weed=0) at parse.c:1461 #6 0x0000000000492b58 in imap_fetch_message (msg=0x12e1620, ctx=0x107fb30, msgno=<optimized out>) at message.c:556 #7 0x0000000000443eb5 in mx_open_message (ctx=0x107fb30, msgno=413) at mx.c:1540 #8 0x000000000041bee7 in mutt_append_message (dest=0x12e1550, src=0x107fb30, hdr=0x1318920, cmflags=0, chflags=1024) at copy.c:740 #9 0x000000000041600e in _mutt_save_message (h=0x1318920, ctx=0x12e1550, delete=1, decode=0, decrypt=<optimized out>) at commands.c:713 #10 0x000000000048f2dd in imap_sync_mailbox (ctx=0x107fb30, expunge=1, index_hint=<optimized out>) at imap.c:1237 #11 0x00000000004438ee in mx_sync_mailbox (ctx=0x107fb30, index_hint=0x7fff27235f3c) at mx.c:1279 #12 0x0000000000420463 in mutt_index_menu () at curs_main.c:1288 #13 0x0000000000408590 in main (argc=1, argv=<optimized out>) at main.c:1083 Reproducible: Sometimes Parameter list has junk. (gdb) p *(PARAMETER*)0x1312d70 $1 = {attribute = 0x1312dc0 "p", value = 0x12f1480 "@\001", next = 0x12da9c0} (gdb) p *(PARAMETER*)0x12da9c0 $2 = {attribute = 0x140 <Address 0x140 out of bounds>, value = 0x0, next = 0x1312d00} (gdb) p *(PARAMETER*)0x1312d00 $3 = {attribute = 0x70 <Address 0x70 out of bounds>, value = 0x12da9c0 "@\001", next = 0x0}
Created attachment 354856 [details] bt full
Created attachment 354858 [details] emerge --info
since this code has potentially changed somewhat, I'd be happy if you could test if this still happens with -r13
Tested and can confirm our 21-r12 and 22-r2 both segfault with the test case from Debian #708731 (sample message, with and without config one-liner). Would the fix they issued yesterday perchance help here?
that fix should be in 1.5.22-r3, so if you could test that one (it's being stabilised as we speak)
Tested and 1.5.22-r3 can open the mutt_killing_message_from_DebianBTS test case without segfaulting. Thanks!
cool, thanks for testing