#3971: mutt intermittently segfaults in macOS 10.12.6 during IMAP message
deletion
---------------------+----------------------
Reporter: chdiza | Owner: mutt-dev
Type: defect | Status: closed
Priority: major | Milestone:
Component: mutt | Version: 1.9.0
Resolution: fixed | Keywords:
---------------------+----------------------
Changes (by Kevin McCarthy <kevin@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"7155392ed28b7c88f3398e57058434da2484ed6b"
7159:7155392ed28b]:
{{{
#!CommitTicketReference repository=""
revision="7155392ed28b7c88f3398e57058434da2484ed6b"
Fix imap sync segfault due to inactive headers during an expunge. (closes
#3971)
Mutt has several places where it turns off h->active as a hack. For
example to avoid FLAG updates, or to exclude from imap_exec_msgset.
Unfortunately, when a reopen is allowed and the IMAP_EXPUNGE_PENDING
flag becomes set (e.g. a flag update to a modified header),
imap_expunge_mailbox() will be called by imap_cmd_finish().
The mx_update_tables() would free and remove these "inactive" headers,
despite that an EXPUNGE was not received for them. This would result
in memory leaks and segfaults due to dangling pointers in the
msn_index and uid_hash.
There should probably be a more elegant solution, removing the initial
hacks. However, this is causing a segfault, and the best solution
right now is to turn active back on for non-expunged messages in
imap_expunge_mailbox().
Extra thanks to chdiza, who bravely runs tip and found this issue
quickly.
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3971#comment:14>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
