#3410: Mutt crashes when two instances open the same mailbox --------------------+------------------------------------------------------- Reporter: vext01 | Owner: me Type: defect | Status: assigned Priority: major | Milestone: Component: mutt | Version: Keywords: | --------------------+-------------------------------------------------------
Comment(by vext01): OK, so I went and found myself a Linux box and ran it on mutt HEAD. I used the free filling option to fill freed memory with 0xdf, so as to emulate OpenBSD malloc.conf. Sure enough it crashed. Valgrind reports an alarming number of bad memory accesses, including many use after frees (if i read the output correctly); such as: ==6567== Invalid read of size 4 ==6567== at 0x8068C6F: mutt_index_menu (curs_main.c:480) ==6567== by 0x808C138: main (main.c:1019) ==6567== Address 0x43be270 is 72 bytes inside a block of size 116 free'd ==6567== at 0x4024B3A: free (vg_replace_malloc.c:366) ==6567== by 0x80CE072: safe_free (lib.c:198) ==6567== by 0x80FE4F8: imap_keepalive (util.c:766) ==6567== by 0x8089095: km_dokey (keymap.c:407) ==6567== by 0x806925F: mutt_index_menu (curs_main.c:603) ==6567== by 0x808C138: main (main.c:1019) Attached is a gzipped log. -- Ticket URL: <http://dev.mutt.org/trac/ticket/3410#comment:19> Mutt <http://www.mutt.org/> The Mutt mail user agent