Segfault when resizing screen

[intvnut]

Mutt occasionally crashes when resizing the screen. The crash occurs during the delwin() call.

Captured in GDB:

(gdb) bt
#0  0x00162e12 in _int_free () from /lib/tls/libc.so.6
#1  0x0016363a in free () from /lib/tls/libc.so.6
#2  0x005b13b5 in SLfree (p=0x4000065 <Address 0x4000065 out of bounds>)
    at /usr/src/build/478426-i386/BUILD/slang-1.4.9/src/slmisc.c:87
#3  0x005be5eb in SLcurses_delwin (w=0x810edc0)
    at /usr/src/build/478426-i386/BUILD/slang-1.4.9/src/slcurses.c:434
#4  0x080d5e8a in mutt_resize_screen () at resize.c:77
#5  0x0806652d in mutt_index_menu () at curs_main.c:597
#6  0x08085fe6 in main (argc=1, argv=0xbfffe284) at main.c:989
(gdb) fr 5
#5  0x0806652d in mutt_index_menu () at curs_main.c:597
597             mutt_resize_screen ();
(gdb) fr 4
#4  0x080d5e8a in mutt_resize_screen () at resize.c:77
77        delwin (stdscr);

(I forgot to print out the value of stdscr. I'll try to remember on the next crash and will amend the ticket.)

Mutt version information:

mutt -v
Mutt 1.5.16 (2007-06-09)
Copyright (C) 1996-2007 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 2.6.9-55.3.EL (i686)
slang: 10409
libidn: 0.5.6 (compiled with 0.5.6)
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE
+USE_FCNTL  +USE_FLOCK   -USE_INODESORT
+USE_POP  +USE_IMAP  +USE_SMTP  -USE_GSS  +USE_SSL_OPENSSL  -USE_SSL_GNUTLS  -USE_SASL  +HAVE_GETADDRINFO
+HAVE_REGCOMP  -USE_GNU_REGEX
+HAVE_COLOR  -HAVE_START_COLOR  -HAVE_TYPEAHEAD  -HAVE_BKGDSET
-HAVE_CURS_SET  -HAVE_META  -HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  -CRYPT_BACKEND_GPGME
-EXACT_ADDRESS  -SUN_ATTACHMENT
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  +HAVE_LANGINFO_YESEXPR
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE
ISPELL="/usr/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/db/c6xi/linux/share/mutt"
SYSCONFDIR="/db/c6xi/linux/etc"
EXECSHELL="/bin/sh"
-MIXMASTER

Observed on: Red Hat Enterprise Linux WS release 4 (Nahant Update 4)

Compiler:

$ gcc -v
Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: ../gcc-4.2.0/configure --prefix=/db/c6xi/linux --enable-languages=c,c++
Thread model: posix
gcc version 4.2.0

How to reproduce: Resize the screen repeatedly.

(Note: I've actually tried a range of compilers, back to probably 3.1 or so. I've been experiencing this crash intermittently for a long time in both mutt 1.4 and 1.5. I finally decided to catch it "on camera.")

[intvnut]

I just had another crash on resize, and tried to print stdscr. Here's what I got:

(gdb) bt
#0  0x00162e12 in _int_free () from /lib/tls/libc.so.6
#1  0x0016363a in free () from /lib/tls/libc.so.6
#2  0x005b13b5 in SLfree (p=0x4000020 <Address 0x4000020 out of bounds>)
    at /usr/src/build/478426-i386/BUILD/slang-1.4.9/src/slmisc.c:87
#3  0x005be5eb in SLcurses_delwin (w=0x810aec0)
    at /usr/src/build/478426-i386/BUILD/slang-1.4.9/src/slcurses.c:434
#4  0x080d5e8a in mutt_resize_screen () at resize.c:77
#5  0x0806652d in mutt_index_menu () at curs_main.c:597
#6  0x08085fe6 in main (argc=1, argv=0xbfffe284) at main.c:989
(gdb) fr 4
#4  0x080d5e8a in mutt_resize_screen () at resize.c:77
77        delwin (stdscr);
(gdb) print stdscr
No symbol "stdscr" in current context.
(gdb) list
72            SLtt_Screen_Cols = atoi (cp);
73          else
74            SLtt_Screen_Cols = 80;
75        }
76      #ifdef USE_SLANG_CURSES
77        delwin (stdscr);
78        SLsmg_reset_smg ();
79        SLsmg_init_smg ();
80        stdscr = newwin (0, 0, 0, 0);
81        keypad (stdscr, TRUE);
(gdb)

So, I wasn't able to print stdscr.

[brendan]

you can see the value of stdscr in frame 3: w=0x810aec0. Printing *w from there might be interesting.