Red Hat Bugzilla – Bug 172388
mhshow crashes on empty Content-Type
Last modified: 2007-11-30 17:11:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7
Description of problem:
When a multipart/mixed message has a part with an empty Content-Type, show crashes , apparently due to some memory being double-freed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Put the example message in a folder.
2. show it.
Actual Results: show crashes
Expected Results: show should do something graceful, like assume that the faulty part is text/plain or notify the user that the part is being skipped.
Created attachment 120694 [details]
show crash output
Created attachment 120695 [details]
sample crash-causing message
Incidentally, leaving a Content-Type empty violates RFC 1521. Whatever email
client which is generating these is seriously broken.
Created attachment 120701 [details]
Fix for this issue
The problem here is that when something goes wrong during mime processing, nmh
will try to close a file stream twice. This patch removes the spurious
This issue is fixed in nmh-1.1-10.fc3, nmh-1.1-10.fc4 and nmh-1.1-10.fc5.