Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

neomutt core dump in mx_mbox_find #3116

Closed
0-wiz-0 opened this issue Oct 31, 2021 · 3 comments
Closed

neomutt core dump in mx_mbox_find #3116

0-wiz-0 opened this issue Oct 31, 2021 · 3 comments
Labels

Comments

@0-wiz-0
Copy link
Contributor

0-wiz-0 commented Oct 31, 2021

Using neomutt-20211029, I saw a core dump when I replied to a mail (outside of INBOX).

The backtrace looks like this:

#0  0x000077de6059b951 in strlen () from /usr/lib/libc.so.12
(gdb) bt
#0  0x000077de6059b951 in strlen () from /usr/lib/libc.so.12
#1  0x000077de6045ac0e in mmatcher (eflags=0, pmatch=0x77de639dc640, nmatch=19, string=0x5 <error: Cannot access memory at address 0x5>,
    g=0x77de63c53c80) at /disk/6/archive/foreign/src/lib/libc/regex/engine.c:237
#2  _regexec (preg=<optimized out>, string=string@entry=0x5 <error: Cannot access memory at address 0x5>, nmatch=<optimized out>,
    pmatch=0x77de639dc640, eflags=eflags@entry=0) at /disk/6/archive/foreign/src/lib/libc/regex/regexec.c:249
#3  0x000000009f732fcc in mutt_prex_capture (which=which@entry=PREX_URL, str=str@entry=0x5 <error: Cannot access memory at address 0x5>)
    at mutt/prex.c:330
#4  0x000000009f723582 in url_parse (src=0x5 <error: Cannot access memory at address 0x5>) at email/url.c:236
#5  0x000000009f654961 in mx_mbox_find (a=a@entry=0x77de63c55a90, path=path@entry=0x7f7fffdbeae0 "imaps://user@host.com/INBOX") at mx.c:1610
#6  0x000000009f654ad9 in mx_mbox_find2 (path=<optimized out>) at mx.c:1658
#7  0x000000009f6647b3 in op_main_change_folder (shared=0x77de635d4640, priv=0x77de63494330, op=<optimized out>) at index/functions.c:821
#8  0x000000009f660371 in mutt_index_menu (dlg=<optimized out>, m_init=<optimized out>) at index/dlg_index.c:1341
#9  0x000000009f73999f in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at main.c:1377

The mail was sent, a copy was saved to the same mailbox, but the mail I had replied to was not marked as "r"eplied.
This is the first time I have seen this particular core dump, so I'm not sure what in particular caused it.

The immediate issue is that an invalid pointer is passed to strlen() but I'm not sure why this happens.

NeoMutt Version

NeoMutt 20211029
Copyright (C) 1996-2020 Michael R. Elkins and others.
NeoMutt comes with ABSOLUTELY NO WARRANTY; for details type 'neomutt -vv'.
NeoMutt is free software, and you are welcome to redistribute it
under certain conditions; type 'neomutt -vv' for details.

System: NetBSD 9.99.92 (amd64)
ncurses: ncurses 6.2.20200212 (compiled with 6.2.20200212)
libidn: 1.38 (compiled with 1.38)
GPGME: 1.15.1
OpenSSL: OpenSSL 1.1.1k  25 Mar 2021
libnotmuch: 5.4.0
storage: tokyocabinet

Configure options: --prefix=/usr/pkg --mandir=/usr/pkg/man --with-gss=/usr --with-sasl=/usr/pkg --with-ssl=/usr --smime --tokyocabinet --disable-gdbm --disable-bdb --with-idn=/usr/pkg --gpgme --with-gpgme=/usr/pkg --notmuch --disable-lua

Compilation CFLAGS: -O2 -g -fPIC -D_FORTIFY_SOURCE=2 -fstack-check -I/usr/include/krb5 -I/usr/include -I/usr/pkg/include -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/pkg/include/ncurses -I/usr/pkg/include/glib-2.0 -I/usr/pkg/include/gio-unix-2.0 -I/usr/pkg/lib/glib-2.0/include -std=c99 -fno-delete-null-pointer-checks -D_ALL_SOURCE=1 -D_GNU_SOURCE=1 -D__EXTENSIONS__ -DNCURSES_WIDECHAR

Default options:
  +attach_headers_color +compose_to_sender +compress +cond_date +debug 
  +encrypt_to_self +forgotten_attachments +forwref +ifdef +imap +index_color 
  +initials +limit_current_thread +multiple_fcc +nested_if +new_mail +nntp +pop 
  +progress +quasi_delete +regcomp +reply_with_xorig +sensible_browser +sidebar 
  +skip_quoted +smtp +status_color +timeout +tls_sni +trash 

Compile options:
  -autocrypt +fcntl -flock -fmemopen +futimens +getaddrinfo -gnutls +gpgme +gss 
  +hcache -homespool +idn -inotify -locales_hack -lua -mixmaster +nls +notmuch 
  +openssl +pgp +regex +sasl +smime -sqlite +sun_attachment 

MAILPATH="/var/mail"
PKGDATADIR="/usr/pkg/share/neomutt"
SENDMAIL="/usr/sbin/sendmail"
SYSCONFDIR="/usr/pkg/etc"

To learn more about NeoMutt, visit: https://neomutt.org
If you find a bug in NeoMutt, please raise an issue at:
    https://github.com/neomutt/neomutt/issues
or send an email to: <neomutt-devel@neomutt.org>

Extra Info

  • NetBSD 9.99.92
  • Only one instance of neomutt running
  • It was inside a tmux
  • I'm using IMAP
@0-wiz-0 0-wiz-0 added the type:bug Bug label Oct 31, 2021
@0-wiz-0
Copy link
Contributor Author

0-wiz-0 commented Nov 2, 2021

My best guess for a reproducer:

  • change to a non-INBOX folder
  • reply to a mail
  • set the Fcc to the same folder
  • send it

@0-wiz-0
Copy link
Contributor Author

0-wiz-0 commented Nov 22, 2021

Replying is not necessary, it also happens when I just write a new mail for which a copy should be saved to the mail folder I'm currently using. This is basically #3129 but in a different folder.

@0-wiz-0
Copy link
Contributor Author

0-wiz-0 commented Jan 13, 2022

Close this, same as #3129.

@0-wiz-0 0-wiz-0 closed this as completed Jan 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant