segfault in mx_update_context

[jukka]

Mutt 1.5.17 (this version is not available from the bugreport form's "Version" pulldown menu, that's why I selected `1.5.16' instead) just crashed on a NetBSD/i386 4.99.34 system:

$ gdb mutt mutt.core 
GNU gdb 6.5
[...]
Core was generated by `mutt'.
Program terminated with signal 11, Segmentation fault.
#0  0x0807fdef in mx_update_context (ctx=0xbb629380, new_messages=5) at mx.c:1561
1561	      h->security = crypt_query (h->content);
(gdb) bt
#0  0x0807fdef in mx_update_context (ctx=0xbb629380, new_messages=5) at mx.c:1561
#1  0x080c6963 in imap_read_headers (idata=0xbb62c0f0, msgbegin=17, msgend=17) at message.c:346
#2  0x080bf937 in imap_cmd_finish (idata=0xbb62c0f0) at command.c:308
#3  0x080c175d in imap_check_mailbox (ctx=0xbb629380, index_hint=0xbfbfdd40, force=0) at imap.c:1393
#4  0x0805f499 in mutt_index_menu () at curs_main.c:485
#5  0x08077dbf in main (argc=2, argv=0xbfbfea8c) at main.c:997
(gdb) 

This Mutt was built from latest HEAD sources after being configured as follows:

LDFLAGS='-Wl,-rpath,/usr/pkg/lib' ./prepare \
	--prefix=/usr/local \
	--enable-debug \
	--enable-pop \
	--enable-imap \
	--enable-smtp \
	--with-ssl=/usr \
	--with-sasl=/usr/pkg \
	--with-curses=/usr/pkg \
	--enable-hcache \
	--with-bdb=/usr/pkg \
	--without-qdbm \
	--without-gdbm

I'll keep the core dump available for some time.

[cmsj]

I am able to reproduce a very very similar backtrace to this using mutt 1.5.17+20080114-1ubuntu1 from Ubuntu 8.04 (hardy). In my situation, I have mutt showing my INBOX which is on imaps:// I also have thunderbird running on the same account, applying filters to the INBOX to move mail to other folders and in my case it's this which seems to be the problem:

the call to crypt_query() in mx_update_content() segfaults because h->content is invalid because h is NULL. I suspect this is because thunderbird has moved the mail out of the way before (or while) mutt inspects it.

[pdmef]

Oh, another one. It happened when attempting to open a certain folder during "Evaluating headers".

In my case it was definitely hcache-related as with hcache enabled it crashed reproduceably but worked with hcache disabled. After wiping hcache for just this folder it works without crashing.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x01518350

Thread 0 Crashed:
0   mutt        0x0000c1e8 crypt_query + 19 (crypt.c:450)
1   mutt        0x0000c26f crypt_query + 154 (crypt.c:489)
2   mutt        0x00044dcb mx_update_context + 158 (mx.c:1561)
3   mutt        0x00098809 imap_read_headers + 1929 (message.c:347)
4   mutt        0x00095e80 imap_open_mailbox + 2397 (imap.c:747)
5   mutt        0x00043086 mx_open_mailbox + 1052 (mx.c:692)
6   mutt        0x0001c96a mutt_index_menu + 15171 (curs_main.c:1139)
7   mutt        0x00038212 main + 5281 (main.c:1023)
8   mutt        0x00001c66 _start + 216
9   mutt        0x00001b8d start + 41

I'll keep the debug log around, but it's just too long to paste, I don't know what to look for.