#3288: seg fault in mx_update_context
----------------------+-----------------------------------------------------
Reporter: prlw1 | Owner: brendan
Type: defect | Status: accepted
Priority: critical | Milestone: 1.6
Component: IMAP | Version: 1.5.20
Keywords: patch |
----------------------+-----------------------------------------------------
Comment(by hhorak):
The problem is that message headers are stored in ctx->hdrs array under
index which follows their order. If we delete one message with ID 1000
from 2000 messages, there will be NULL on ctx->hdrs[999]. This NULL in
this array is not handled in code, so mutt crashes with segmentation
fault.
Note: Maybe there can be another race conditions, that leads to the same
result.
I've prepared a patch (mutt-1.5.21-hdrcnt.patch), that doesn't use
massage's id to retrieve position in the array (they are sorted anyway)
and decreases msgend (messages count) when empty header is received.
I see no more segmentation faults and no other issues using this patch.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3288#comment:23>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
