833044 – [abrt] mutt-1.5.21-11.fc17: write_one_header: Process /usr/bin/mutt was killed by signal 11 (SIGSEGV)

Bug 833044 - [abrt] mutt-1.5.21-11.fc17: write_one_header: Process /usr/bin/mutt was killed by signal 11 (SIGSEGV)

Summary: [abrt] mutt-1.5.21-11.fc17: write_one_header: Process /usr/bin/mutt was kille...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mutt
Sub Component:
Version:	17
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Honza Horak
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:0e5808c5e467fd838772dc7c00f...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-18 13:22 UTC by Dave Allan
Modified:	2016-04-27 05:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-07-10 16:29:03 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (18.62 KB, text/plain) 2012-06-18 13:22 UTC, Dave Allan	no flags	Details
File: maps (14.16 KB, text/plain) 2012-06-18 13:22 UTC, Dave Allan	no flags	Details
proposed patch - handle NULL return value of strchr (454 bytes, patch) 2012-06-25 14:29 UTC, Honza Horak	no flags	Details \| Diff
mailbox with the corrupt message (258 bytes, application/x-compressed-tar) 2012-06-25 16:46 UTC, Dave Allan	no flags	Details
View All

Description Dave Allan 2012-06-18 13:22:45 UTC

libreport version: 2.0.10
abrt_version:   2.0.10
backtrace_rating: 4
cmdline:        mutt
comment:        I tried to open a message that looked corrupt--Date of Jan 01, no subject, no body.  I also tried to view headers, but I think I had gotten back to the index before mutt segfaulted.  When I went back into mutt and tried to view headers again, mutt segfaulted immediately, so maybe my recollection of what happened the first time isn't 100% accurate.
crash_function: write_one_header
executable:     /usr/bin/mutt
kernel:         3.4.0-1.fc17.x86_64
pid:            1924
pwd:            /home/dallan
time:           Mon 18 Jun 2012 09:17:08 AM EDT
uid:            1000
username:       dallan

backtrace:      Text file, 19067 bytes
maps:           Text file, 14501 bytes

build_ids:
:b6d75088f555d197be1476cb1c580640826ae029
:dec0de92024bee74c75c04bde4c54c097fe68ae8
:7a2d1bbcea83acd10fab3375dd50d35bd33ec5d0
:66ff6e23f48b16dd1cd292e31a109a8c98ff70f2
:27b3fcec6b172b710e05eac89090e26760effab4
:a2d5b50b07df0fb9c52fcc682c6121d3e7276249
:5b3b844c8bf4cfac9e024beabd790a24d516db08
:f4f9ce91c43285df84177f9684a3e7f190a0aae1
:4504beabd434c4e335d484b890a6adf1f8d995f6
:591c7ebbd3f4b573e01caf6e462b01a226faa9cf
:cbb8a8e0998ebc35f3394e942b5bf90d19d90fc5
:a4ec59d7fc9c453fb4287d7ebc5fcf6579792e65
:51df4cbbc11bdab5dfc33ed3fd5782b8a5c7602d
:f64b7319b84d426ed547084bdb2577f4f596c18f
:5f038f3fb1b1571769e7c9b79e025fe328052950
:67792c148d2b8f13f6732c9367e926c26d7376c5
:24a03d7c61290865d3a6d6bccbd9c077491bba27
:3d60535f052babb998bae4807bc992c5d15df5c4
:1130dae5bac891d67ed5e24d38278a18ee64b987
:73777e822e00ca152ffca281ab0ace0cb498ec48
:8f1c8e7a9290087a1de608de917e41455f885af0
:5be9c729cee3f221a7e409b4b4e89c9ceb37395f
:46bb3fa8cc22f53c1cb0461de27b3ab21912205e
:c2f5ae8bd64df0fc996cf96b95525a8f8fb28fd2
:4d09d82785dab5f95c01b69bc0785145a5954d30
:db1b4087b2d3bbced5355c6a9eaf69e2f9ee0341
:d32cbeacfd9f41e3cd29b697dd111f44a2d9c127
:b8fbfcf46c40bfab17852624ec3212cf28e9f8bd
:e3f83e6ed76d65ff9d0d4aa5fcc7bf0c6bfaaadd
:5dd234206476b0387cd251598aa72a2c95c763c5
:822e9b3523e8312240f41a25722d539bc77ed436
:2583bf68f2f1c27bb1d9964faa91971bd35e14d8
:1b7abd5c8129b91c0ca4f0f0812e61660236fd38
:2d920fc18d5d62c399484534249b104e12049777

cgroup:
:9:perf_event:/
:8:blkio:/
:7:net_cls:/
:6:freezer:/
:5:devices:/
:4:memory:/
:3:cpuacct,cpu:/
:2:cpuset:/
:1:name=systemd:/user/dallan/2

core_backtrace:
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x62b2a - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x65f1c - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1b1d4 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1b641 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1bc42 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x1c0a1 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x15026 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x21bd0 - [exe] -
:1130dae5bac891d67ed5e24d38278a18ee64b987 0x88db - [exe] -

dso_list:
:/usr/lib64/libgpg-error.so.0.8.0 libgpg-error-1.10-2.fc17.x86_64 (Fedora Project) 1338400543
:/usr/lib64/libtasn1.so.3.1.15 libtasn1-2.12-1.fc17.x86_64 (Fedora Project) 1338400568
:/usr/lib64/libsasl2.so.2.0.23 cyrus-sasl-lib-2.1.23-29.fc17.x86_64 (Fedora Project) 1338400553
:/usr/lib64/gconv/ISO8859-1.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libcrypt-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libassuan.so.0.1.0 libassuan-2.0.1-2.fc17.x86_64 (Fedora Project) 1338400591
:/usr/lib64/libkrb5.so.3.3 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libp11-kit.so.0.0.0 p11-kit-0.12-1.fc17.x86_64 (Fedora Project) 1338400559
:/usr/lib64/libz.so.1.2.5 zlib-1.2.5-6.fc17.x86_64 (Fedora Project) 1338400539
:/usr/lib64/libm-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/gconv/gconv-modules.cache glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libtokyocabinet.so.9.10.0 tokyocabinet-1.4.47-2.fc17.x86_64 (Fedora Project) 1338400619
:/usr/lib64/libbz2.so.1.0.6 bzip2-libs-1.0.6-4.fc17.x86_64 (Fedora Project) 1338400541
:/usr/lib64/libnss_files-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libresolv-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libfreebl3.so nss-softokn-freebl-3.13.4-2.fc17.x86_64 (Fedora Project) 1338400528
:/usr/lib64/libpthread-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libkrb5support.so.0.1 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libc-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libdl-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libselinux.so.1 libselinux-2.1.10-3.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib64/libtinfo.so.5.9 ncurses-libs-5.9-4.20120204.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib64/libidn.so.11.6.7 libidn-1.24-1.fc17.x86_64 (Fedora Project) 1338400555
:/usr/lib64/libcom_err.so.2.1 libcom_err-1.42-4.fc17.x86_64 (Fedora Project) 1338400540
:/usr/lib64/libgpgme.so.11.7.0 gpgme-1.3.0-8.fc17.x86_64 (Fedora Project) 1338862763
:/usr/lib64/libgssapi_krb5.so.2.2 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libncursesw.so.5.9 ncurses-libs-5.9-4.20120204.fc17.x86_64 (Fedora Project) 1338400538
:/usr/lib/locale/locale-archive glibc-common-2.15-37.fc17.x86_64 (Fedora Project) 1338400533
:/usr/lib64/libgcc_s-4.7.0-20120507.so.1 libgcc-4.7.0-5.fc17.x86_64 (Fedora Project) 1338400520
:/usr/lib64/libgnutls.so.26.22.0 gnutls-2.12.17-1.fc17.x86_64 (Fedora Project) 1338400569
:/usr/lib64/librt-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libkeyutils.so.1.4 keyutils-libs-1.5.5-2.fc17.x86_64 (Fedora Project) 1338400554
:/usr/lib64/ld-2.15.so glibc-2.15-37.fc17.x86_64 (Fedora Project) 1338400534
:/usr/lib64/libk5crypto.so.3.1 krb5-libs-1.10-7.fc17.x86_64 (Fedora Project) 1339809521
:/usr/lib64/libgcrypt.so.11.7.0 libgcrypt-1.5.0-3.fc17.x86_64 (Fedora Project) 1338400543
:/usr/bin/mutt mutt-5:1.5.21-11.fc17.x86_64 (Fedora Project) 1338401173

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=nienna
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GPG_AGENT_INFO=/run/user/dallan/keyring-AhAMtT/gpg:0:1
:TERM=xterm
:SHELL=/bin/bash
:HISTSIZE=1000
:GJS_DEBUG_OUTPUT=stderr
:WINDOWID=33554438
:GNOME_KEYRING_CONTROL=/run/user/dallan/keyring-AhAMtT
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:QT_GRAPHICSSYSTEM_CHECKED=1
:USER=dallan
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:SSH_AUTH_SOCK=/run/user/dallan/keyring-AhAMtT/ssh
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1266,unix/unix:/tmp/.ICE-unix/1266
:USERNAME=dallan
:PATH=/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/home/dallan/.local/bin:/home/dallan/bin
:MAIL=/var/spool/mail/dallan
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/dallan
:XMODIFIERS=@im=none
:'EDITOR=emacs -nw'
:GNOME_KEYRING_PID=1262
:LANG=en_US.UTF-8
:'PS1=\\[\\033[01;32m\\]\\h\\[\\033[01;34m\\] \\w\\[\\033[31m\\]$(__git_ps1 \"(%s)\") \\[\\033[01;34m\\]\\$\\[\\033[00m\\] '
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:GPG_TTY=/dev/pts/0
:XDG_SEAT=seat0
:HOME=/home/dallan
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:LOGNAME=dallan
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-5QJ6gKLOoi,guid=bb0e64acbba844aa000b0f34000000af
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/dallan
:DISPLAY=:0
:COLORTERM=gnome-terminal
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-dallan-8lhcdy/database
:_=/usr/bin/mutt

limits:
:Limit                     Soft Limit           Hard Limit           Units     
:Max cpu time              unlimited            unlimited            seconds   
:Max file size             unlimited            unlimited            bytes     
:Max data size             unlimited            unlimited            bytes     
:Max stack size            8388608              unlimited            bytes     
:Max core file size        0                    unlimited            bytes     
:Max resident set          unlimited            unlimited            bytes     
:Max processes             1024                 30537                processes 
:Max open files            1024                 4096                 files     
:Max locked memory         65536                65536                bytes     
:Max address space         unlimited            unlimited            bytes     
:Max file locks            unlimited            unlimited            locks     
:Max pending signals       30537                30537                signals   
:Max msgqueue size         819200               819200               bytes     
:Max nice priority         0                    0                    
:Max realtime priority     0                    0                    
:Max realtime timeout      unlimited            unlimited            us        

open_fds:
:0:/dev/pts/0
:1:/dev/pts/0
:2:/dev/pts/0
:3:/tmp/mutt-nienna-1000-1924-1296179532563191120
:4:/home/dallan/mail.corp.redhat.com/maildir/INBOX/new/1340024013_0.1818.nienna,U=619894,FMD5=7e33429f656f1e6e9d79b29c3f82c57e:2,

var_log_messages:
:Jun 12 20:56:29 nienna yum[14284]: Installed: mutter-debuginfo-3.4.1-3.fc17.x86_64
:Jun 18 09:17:08 nienna kernel: [ 1674.257819] mutt[1924]: segfault at 1 ip 0000000000462b2a sp 00007fff66e3dae0 error 4 in mutt[400000+c6000]
:Jun 18 09:17:08 nienna abrt[3510]: Saved core dump of pid 1924 (/usr/bin/mutt) to /var/spool/abrt/ccpp-2012-06-18-09:17:08-1924 (4308992 bytes)

Comment 1 Dave Allan 2012-06-18 13:22:51 UTC

Created attachment 592640 [details]
File: backtrace

Comment 2 Dave Allan 2012-06-18 13:22:53 UTC

Created attachment 592641 [details]
File: maps

Comment 3 Honza Horak 2012-06-25 14:29:27 UTC

Created attachment 594197 [details]
proposed patch - handle NULL return value of strchr

Thanks for the report. I'm unfortunately unable to reproduce this failure, but I found that strchr return value was not properly handled when the function returned NULL.

I created a patch and will believe it will fix the issue. If you can reproduce the failure, you can try the patch attached (new builds will be available soon).

Comment 4 Fedora Update System 2012-06-25 14:34:33 UTC

mutt-1.5.21-12.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/mutt-1.5.21-12.fc17

Comment 5 Dave Allan 2012-06-25 16:26:59 UTC

That build fixes the segfault for me, and I gave it karma.  It took me a bit to verify it, as I had used mutt to move the corrupt message into a new mailbox, which caused mutt to write headers that made the crash not repro any more, so I had to go recorrupt the message before I could repro. :)  The message was originally the single character '0'.  I'll attach a tarball with the mailbox; on the unpatched mutt it reproduces 100% of the time if I view the message's headers.

Comment 6 Dave Allan 2012-06-25 16:46:02 UTC

Created attachment 594236 [details]
mailbox with the corrupt message

Comment 7 Dave Allan 2012-06-25 16:47:06 UTC

Taking a look at the patch, I agree it should fix the crash (which it does in my case).  Thanks!

Comment 8 Honza Horak 2012-06-26 06:28:43 UTC

(In reply to comment #6)
> Created attachment 594236 [details]
> mailbox with the corrupt message

Strange, when I run mutt -f corrupt I still don't see the segfault. But anyway, thanks for your response.

Comment 9 Dave Allan 2012-06-26 13:53:41 UTC

(In reply to comment #8)
> Strange, when I run mutt -f corrupt I still don't see the segfault. But

Did you try to view headers on the corrupt message?

Comment 10 Honza Horak 2012-06-26 14:06:24 UTC

(In reply to comment #9)
> Did you try to view headers on the corrupt message?

Oh, I forgot that the problem was encountered during header viewing, I can reproduce it now.

Comment 11 Fedora Update System 2012-06-26 21:28:52 UTC

Package mutt-1.5.21-12.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mutt-1.5.21-12.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9933/mutt-1.5.21-12.fc17
then log in and leave karma (feedback).

Comment 12 Fedora Update System 2012-07-10 16:29:03 UTC

mutt-1.5.21-12.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.