#3041: imap fetch segfault Comment (by chrisl):
OK, I have the full socket data logging so I can actually replay the imap traffic and generate the core dump reliably. I did more The bug is due to the fact that, in ctx->msgcount ++; It does not take into account that it can be bigger than ctx->hdrmax, due to the unexpected * 14124 fetch. So the msgcount go over hdrmax. Later in imap_cmd_step it blow up when it try to read beyond the allocated memory, thanks to the inflated msgcount. So there is two things need to fix. It need to make sure both idx and msgcount stay below hdrmax. Otherwise bad things happens. -- Ticket URL: <http://dev.mutt.org/trac/ticket/3041#comment:3>
