From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 Description of problem: When a multipart/mixed message has a part with an empty Content-Type, show crashes , apparently due to some memory being double-freed. Version-Release number of selected component (if applicable): nmh-1.1-9.fc4 How reproducible: Always Steps to Reproduce: 1. Put the example message in a folder. 2. show it. Actual Results: show crashes Expected Results: show should do something graceful, like assume that the faulty part is text/plain or notify the user that the part is being skipped. Additional info:
Created attachment 120694 [details] show crash output
Created attachment 120695 [details] sample crash-causing message
Incidentally, leaving a Content-Type empty violates RFC 1521. Whatever email client which is generating these is seriously broken.
Created attachment 120701 [details] Fix for this issue The problem here is that when something goes wrong during mime processing, nmh will try to close a file stream twice. This patch removes the spurious fclose().
This issue is fixed in nmh-1.1-10.fc3, nmh-1.1-10.fc4 and nmh-1.1-10.fc5.