Bug 833044

Summary:

[abrt] mutt-1.5.21-11.fc17: write_one_header: Process /usr/bin/mutt was killed by signal 11 (SIGSEGV)

Product:

[Fedora] Fedora

Reporter:

Dave Allan <dallan>

Component:

mutt

Assignee:

Honza Horak <hhorak>

Status:

CLOSED ERRATA

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

CC:

hhorak, mlichvar, pertusus

Target Milestone:

---

Target Release:

---

Hardware:

x86_64

OS:

Unspecified

Whiteboard:

abrt_hash:0e5808c5e467fd838772dc7c00fea5f85b5b8a93

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2012-07-10 16:29:03 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
File: backtrace	none
File: maps	none
proposed patch - handle NULL return value of strchr	none
mailbox with the corrupt message	none

Description Dave Allan 2012-06-18 13:22:45 UTC

libreport version: 2.0.10
abrt_version:   2.0.10
backtrace_rating: 4
cmdline:        mutt
comment:        I tried to open a message that looked corrupt--Date of Jan 01, no subject, no body.  I also tried to view headers, but I think I had gotten back to the index before mutt segfaulted.  When I went back into mutt and tried to view headers again, mutt segfaulted immediately, so maybe my recollection of what happened the first time isn't 100% accurate.
crash_function: write_one_header
executable:     /usr/bin/mutt
kernel:         3.4.0-1.fc17.x86_64
pid:            1924
pwd:            /home/dallan
time:           Mon 18 Jun 2012 09:17:08 AM EDT
uid:            1000
username:       dallan

backtrace:      Text file, 19067 bytes
maps:           Text file, 14501 bytes

build_ids:
:b6d75088f555d197be1476cb1c580640826ae029
:dec0de92024bee74c75c04bde4c54c097fe68ae8
:7a2d1bbcea83acd10fab3375dd50d35bd33ec5d0
:66ff6e23f48b16dd1cd292e31a109a8c98ff70f2
:27b3fcec6b172b710e05eac89090e26760effab4
:a2d5b50b07df0fb9c52fcc682c6121d3e7276249
:5b3b844c8bf4cfac9e024beabd790a24d516db08
:f4f9ce91c43285df84177f9684a3e7f190a0aae1
:4504beabd434c4e335d484b890a6adf1f8d995f6
:591c7ebbd3f4b573e01caf6e462b01a226faa9cf
:cbb8a8e0998ebc35f3394e942b5bf90d19d90fc5
:a4ec59d7fc9c453fb4287d7ebc5fcf6579792e65
:51df4cbbc11bdab5dfc33ed3fd5782b8a5c7602d
:f64b7319b84d426ed547084bdb2577f4f596c18f
:5f038f3fb1b1571769e7c9b79e025fe328052950
:67792c148d2b8f13f6732c9367e926c26d7376c5
:24a03d7c61290865d3a6d6bccbd9c077491bba27
:3d60535f052babb998bae4807bc992c5d15df5c4
:1130dae5bac891d67ed5e24d38278a18ee64b987
:73777e822e00ca152ffca281ab0ace0cb498ec48
:8f1c8e7a9290087a1de608de917e41455f885af0
:5be9c729cee3f221a7e409b4b4e89c9ceb37395f
:46bb3fa8cc22f53c1cb0461de27b3ab21912205e
:c2f5ae8bd64df0fc996cf96b95525a8f8fb28fd2
:4d09d82785dab5f95c01b69bc0785145a5954d30
:db1b4087b2d3bbced5355c6a9eaf69e2f9ee0341
:d32cbeacfd9f41e3cd29b697dd111f44a2d9c127
:b8fbfcf46c40bfab17852624ec3212cf28e9f8bd
:e3f83e6ed76d65ff9d0d4aa5fcc7bf0c6bfaaadd
:5dd234206476b0387cd251598aa72a2c95c763c5
:822e9b3523e8312240f41a25722d539bc77ed436
:2583bf68f2f1c27bb1d9964faa91971bd35e14d8
:1b7abd5c8129b91c0ca4f0f0812e61660236fd38
:2d920fc18d5d62c399484534249b104e12049777

cgroup:
:9:perf_event:/
:8:blkio:/
:7:net_cls:/
:6:freezer:/
:5:devices:/
:4:memory:/
:3:cpuacct,cpu:/
:2:cpuset:/
:1:name=systemd:/user/dallan/2

core_backtrace:
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x62b2a - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x65f1c - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1b1d4 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1b641 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1bc42 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1c0a1 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x15026 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x21bd0 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x88db - [exe] -

dso_list:
:/usr/lib64/libgpg-error.so.0.8.0 libgpg-error-1.10-2.fc17.x86_64 (Fedora Project) 1338400543
:/usr/lib64/libtasn1.so.3.1.15 libtasn1-2.12-1.fc17.x86_64 (Fedora Project) 1338400568
:/usr/lib64/libsasl2.so.2.0.23 cyrus-sasl-lib-2.1.23-29.fc17.x86_64 (Fedora Project) 1338400553
:/usr/lib64/gconv/ISO8859-1.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libcrypt-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libassuan.so.0.1.0 libassuan-2.0.1-2.fc17.x86_64 (Fedora Project) 1338400591
:/usr/lib64/libkrb5.so.3.3 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libp11-kit.so.0.0.0 p11-kit-0.12-1.fc17.x86_64 (Fedora Project) 1338400559
:/usr/lib64/libz.so.1.2.5 zlib-1.2.5-6.fc17.x86_64 (Fedora Project) 1338400539
:/usr/lib64/libm-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/gconv/gconv-modules.cache glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libtokyocabinet.so.9.10.0 tokyocabinet-1.4.47-2.fc17.x86_64 (Fedora Project) 1338400619
:/usr/lib64/libbz2.so.1.0.6 bzip2-libs-1.0.6-4.fc17.x86_64 (Fedora Project) 1338400541
:/usr/lib64/libnss_files-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libresolv-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libfreebl3.so nss-softokn-freebl-3.13.4-2.fc17.x86_64 (Fedora Project) 1338400528
:/usr/lib64/libpthread-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libkrb5support.so.0.1 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libc-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libdl-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libselinux.so.1 libselinux-2.1.10-3.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib64/libtinfo.so.5.9 ncurses-libs-5.9-4.20120204.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib64/libidn.so.11.6.7 libidn-1.24-1.fc17.x86_64 (Fedora Project) 1338400555
:/usr/lib64/libcom_err.so.2.1 libcom_err-1.42-4.fc17.x86_64 (Fedora Project) 1338400540
:/usr/lib64/libgpgme.so.11.7.0 gpgme-1.3.0-8.fc17.x86_64 (Fedora Project) 1338862763
:/usr/lib64/libgssapi_krb5.so.2.2 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libncursesw.so.5.9 ncurses-libs-5.9-4.20120204.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib/locale/locale-archive glibc-common-2.15-37.fc17.x86_64 (Fedora Project) 1338400533
:/usr/lib64/libgcc_s-4.7.0-20120507.so.1 libgcc-4.7.0-5.fc17.x86_64 (Fedora Project) 1338400520
:/usr/lib64/libgnutls.so.26.22.0 gnutls-2.12.17-1.fc17.x86_64 (Fedora Project) 1338400569
:/usr/lib64/librt-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libkeyutils.so.1.4 keyutils-libs-1.5.5-2.fc17.x86_64 (Fedora Project) 1338400554
:/usr/lib64/ld-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libk5crypto.so.3.1 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libgcrypt.so.11.7.0 libgcrypt-1.5.0-3.fc17.x86_64 (Fedora Project) 1338400543
:/usr/bin/mutt mutt-5:1.5.21-11.fc17.x86_64 (Fedora Project) 1338401173

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=nienna
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GPG_AGENT_INFO=/run/user/dallan/keyring-AhAMtT/gpg:0:1
:TERM=xterm
:SHELL=/bin/bash
:HISTSIZE=1000
:GJS_DEBUG_OUTPUT=stderr
:WINDOWID=33554438
:GNOME_KEYRING_CONTROL=/run/user/dallan/keyring-AhAMtT
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:QT_GRAPHICSSYSTEM_CHECKED=1
:USER=dallan
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:SSH_AUTH_SOCK=/run/user/dallan/keyring-AhAMtT/ssh
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1266,unix/unix:/tmp/.ICE-unix/1266
:USERNAME=dallan
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/dallan/.local/bin:/home/dallan/bin
:MAIL=/var/spool/mail/dallan
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/dallan
:XMODIFIERS=@im=none
:'EDITOR=emacs -nw'
:GNOME_KEYRING_PID=1262
:LANG=en_US.UTF-8
:'PS1=\\[\\033[01;32m\\]\\h\\[\\033[01;34m\\] \\w\\[\\033[31m\\]$(__git_ps1 \"(%s)\") \\[\\033[01;34m\\]\\$\\[\\033[00m\\] '
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:GPG_TTY=/dev/pts/0
:XDG_SEAT=seat0
:HOME=/home/dallan
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:LOGNAME=dallan
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-5QJ6gKLOoi,guid=bb0e64acbba844aa000b0f34000000af
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/dallan
:DISPLAY=:0
:COLORTERM=gnome-terminal
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-dallan-8lhcdy/database
:_=/usr/bin/mutt

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            8388608              unlimited            bytes     
:Max core file size        0                    unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             1024                 30537                processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       30537                30537                signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

open_fds:
:0:/dev/pts/0
:1:/dev/pts/0
:2:/dev/pts/0
:3:/tmp/mutt-nienna-1000-1924-1296179532563191120
:4:/home/dallan/mail.corp.redhat.com/maildir/INBOX/new/1340024013_0.1818.nienna,U=619894,FMD5=7e33429f656f1e6e9d79b29c3f82c57e:2,

var_log_messages:
:Jun 12 20:56:29 nienna yum[14284]: Installed: mutter-debuginfo-3.4.1-3.fc17.x86_64
:Jun 18 09:17:08 nienna kernel: [ 1674.257819] mutt[1924]: segfault at 1 ip 0000000000462b2a sp 00007fff66e3dae0 error 4 in mutt[400000+c6000]
:Jun 18 09:17:08 nienna abrt[3510]: Saved core dump of pid 1924 (/usr/bin/mutt) to /var/spool/abrt/ccpp-2012-06-18-09:17:08-1924 (4308992 bytes)

Comment 1 Dave Allan 2012-06-18 13:22:51 UTC

Created attachment 592640 [details]
File: backtrace

Comment 2 Dave Allan 2012-06-18 13:22:53 UTC

Created attachment 592641 [details]
File: maps

Comment 3 Honza Horak 2012-06-25 14:29:27 UTC

Created attachment 594197 [details]
proposed patch - handle NULL return value of strchr

Thanks for the report. I'm unfortunately unable to reproduce this failure, but I found that strchr return value was not properly handled when the function returned NULL.

I created a patch and will believe it will fix the issue. If you can reproduce the failure, you can try the patch attached (new builds will be available soon).

Comment 4 Fedora Update System 2012-06-25 14:34:33 UTC

mutt-1.5.21-12.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/mutt-1.5.21-12.fc17

Comment 5 Dave Allan 2012-06-25 16:26:59 UTC

That build fixes the segfault for me, and I gave it karma.  It took me a bit to verify it, as I had used mutt to move the corrupt message into a new mailbox, which caused mutt to write headers that made the crash not repro any more, so I had to go recorrupt the message before I could repro. :)  The message was originally the single character '0'.  I'll attach a tarball with the mailbox; on the unpatched mutt it reproduces 100% of the time if I view the message's headers.

Comment 6 Dave Allan 2012-06-25 16:46:02 UTC

Created attachment 594236 [details]
mailbox with the corrupt message

Comment 7 Dave Allan 2012-06-25 16:47:06 UTC

Taking a look at the patch, I agree it should fix the crash (which it does in my case).  Thanks!

Comment 8 Honza Horak 2012-06-26 06:28:43 UTC

(In reply to comment #6)
> Created attachment 594236 [details]
> mailbox with the corrupt message

Strange, when I run mutt -f corrupt I still don't see the segfault. But anyway, thanks for your response.

Comment 9 Dave Allan 2012-06-26 13:53:41 UTC

(In reply to comment #8)
> Strange, when I run mutt -f corrupt I still don't see the segfault. But

Did you try to view headers on the corrupt message?

Comment 10 Honza Horak 2012-06-26 14:06:24 UTC

(In reply to comment #9)
> Did you try to view headers on the corrupt message?

Oh, I forgot that the problem was encountered during header viewing, I can reproduce it now.

Comment 11 Fedora Update System 2012-06-26 21:28:52 UTC

Package mutt-1.5.21-12.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mutt-1.5.21-12.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9933/mutt-1.5.21-12.fc17
then log in and leave karma (feedback).

Comment 12 Fedora Update System 2012-07-10 16:29:03 UTC

mutt-1.5.21-12.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.