[Bug 986534] New: mutt unconditionally segfaults when displaying a message
http://bugzilla.suse.com/show_bug.cgi?id=986534 Bug ID: 986534 Summary: mutt unconditionally segfaults when displaying a message Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: lpechacek@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- $ gdb mutt (gdb) run -F /dev/shm/muttrc <select a message to display....> Fetching message... 0K/3.9K (0%) Program received signal SIGSEGV, Segmentation fault. __strlen_ia32 () at ../sysdeps/i386/i586/strlen.S:94 94 movl (%eax), %ecx /* get word (= 4 bytes) in question */ Missing separate debuginfos, use: zypper install cyrus-sasl-crammd5-debuginfo-2.1.26-12.3.i586 cyrus-sasl-debuginfo-2.1.26-12.3.i586 cyrus-sasl-digestmd5-debuginfo-2.1.26-12.3.i586 cyrus-sasl-gssapi-debuginfo-2.1.26-12.3.i586 cyrus-sasl-plain-debuginfo-2.1.26-12.3.i586 glibc-locale-debuginfo-2.23-4.1.i586 krb5-debuginfo-1.14.2-1.2.i586 libassuan0-debuginfo-2.4.2-1.2.i586 libcom_err2-debuginfo-1.42.13-3.4.i586 libdb-4_8-debuginfo-4.8.30-31.60.i586 libffi4-debuginfo-5.3.1+r234891-1.20.i586 libgcc_s1-gcc6-debuginfo-6.1.1+r236988-1.1.i586 libgdbm4-debuginfo-1.12-1.1.i586 libgio-2_0-0-debuginfo-2.48.1-1.1.i586 libglib-2_0-0-debuginfo-2.48.1-1.1.i586 libgmime-2_6-0-debuginfo-2.6.20-4.4.i586 libgmodule-2_0-0-debuginfo-2.48.1-1.1.i586 libgobject-2_0-0-debuginfo-2.48.1-1.1.i586 libgpg-error0-debuginfo-1.22-1.1.i586 libgpgme11-debuginfo-1.6.0-2.3.i586 libidn11-debuginfo-1.32-1.4.i586 libkeyutils1-debuginfo-1.5.9-5.5.i586 libncurses5-debuginfo-6.0-9.1.i586 libnotmuch4-debuginfo-0.20.2-1.4.i586 libopenssl1_0_0-debuginfo-1.0.2h-1.2.i586 libpcre1-debuginfo-8.38-1.55.i586 libsasl2-3-debuginfo-2.1.26-12.2.i586 libselinux1-debuginfo-2.3-5.81.i586 libstdc++6-gcc6-debuginfo-6.1.1+r236988-1.1.i586 libtalloc2-debuginfo-2.1.6-1.2.i586 libuuid1-debuginfo-2.28-2.1.i586 libxapian22-debuginfo-1.2.23-1.2.i586 libz1-debuginfo-1.2.8-11.58.i586 (gdb) bt #0 __strlen_ia32 () at ../sysdeps/i386/i586/strlen.S:94 #1 0xb7a397f1 in __GI__IO_fputs (str=0x12430 <error: Cannot access memory at address 0x12430>, fp=0x802015a8) at iofputs.c:33 #2 0x800248a6 in mutt_copy_header (in=0x80201708, h=0x80303c30, out=0x802015a8, flags=786582, prefix=0x0) at copy.c:435 #3 0x80024cba in _mutt_copy_message (fpout=0x802015a8, fpin=0x80201708, hdr=0x80303c30, body=0x80303c98, flags=76, chflags=786582) at copy.c:653 #4 0x80025387 in mutt_copy_message (fpout=0x802015a8, src=0x801dc1b0, hdr=0x80303c30, flags=76, chflags=786582) at copy.c:770 #5 0x8001d5ab in mutt_display_message (cur=0x80303c30) at commands.c:152 #6 0x8002c500 in mutt_index_menu () at curs_main.c:1867 #7 0x8000e5f3 in main (argc=<optimized out>, argv=<optimized out>) at main.c:886 (gdb) frame 2 #2 0x800248a6 in mutt_copy_header (in=0x80201708, h=0x80303c30, out=0x802015a8, flags=786582, prefix=0x0) at copy.c:435 435 fputs (nm_header_get_tags(h), out); (gdb) print *((struct nm_hdrdata *) h->data) $1 = {folder = 0x41 <error: Cannot access memory at address 0x41>, tags = 0x12430 <error: Cannot access memory at address 0x12430>, tags_transformed = 0x0, tag_list = 0x19, oldpath = 0x6863694d <error: Cannot access memory at address 0x6863694d>, virtual_id = 0x206c6561 <error: Cannot access memory at address 0x206c6561>, magic = 2054447437} (gdb) shell cat /dev/shm/muttrc set spoolfile=imaps://imap.suse.de/INBOX set imap_user=lpechacek set imap_pass="ThePassword" source /etc/skel/.muttrc (gdb) Rebuilding Mutt without Notmuch support makes Mutt work fine again. Index: mutt.spec =================================================================== --- mutt.spec (revision 71) +++ mutt.spec (working copy) @@ -205,7 +205,7 @@ --enable-mailtool \ --enable-compressed \ --enable-sidebar \ -%if 0%{?is_opensuse} +%if 0%{?is_opensuse} && 0 --enable-notmuch \ %endif --enable-hcache \ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c2 Libor Pechacek <lpechacek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(lpechacek@suse.co | |m) | --- Comment #2 from Libor Pechacek <lpechacek@suse.com> --- (In reply to Bernhard Wiedemann from comment #1)
Can you still reproduce it?
Yes. Also with the latest snapshot. Steps to reproduce: 1) create muttrc for IMAPS accesss $ cat > muttrc set spoolfile=imaps://imap.suse.de/INBOX set imap_user=lpechacek set imap_pass="ThePassword" source /etc/skel/.muttrc 2) run mutt with the above config $ mutt -F muttrc 3) try to display any message body
Does it need a special message to crash it?
Don't think so. IOW I haven't found a message Mutt would display for me. ;) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Chenzi Cao <chcao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |werner@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c3 --- Comment #3 from Dr. Werner Fink <werner@suse.com> --- See https://github.com/neomutt/neomutt/issues/73 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c5 --- Comment #5 from Libor Pechacek <lpechacek@suse.com> --- Created attachment 683528 --> http://bugzilla.suse.com/attachment.cgi?id=683528&action=edit mutt debug log (In reply to Richard Russon from comment #4)
Please can you run mutt with debugging enabled (level 2 should be enough) and post the contents of ~/.muttdebug0
mutt -d 2
Hi Rich, nice to meet you! I've recompiled mutt with debugging enabled and re-ran the test with my (private) e-mail account. Find attached the log file. HTH -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c6 --- Comment #6 from Libor Pechacek <lpechacek@suse.com> --- Another possibly useful data point - the crash happens only with i586 version. x86_64 one works fine. Even installing i586 package on an x86_64 system is enough to replicate the bug. For the record, I have tried running Mutt with Valgrind and GCC Address Sanitizer but it still crashes exactly at the same place. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Libor Pechacek <lpechacek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|Other |i586 OS|Other |Linux -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c7 --- Comment #7 from Richard Russon <rich@flatcap.org> --- Hmm... The log cuts out before notmuch manages to log anything! Thanks, anyway.
the crash happens only with i586 version. x86_64 one works fine.
Ah, now that's interesting. There was a strange line of code I noticed -- it might be nothing.
installing i586 package on an x86_64 system is enough to replicate the bug.
I'll give that a try. I'm a bit busy at the moment -- trying to create a new release -- but I'll find and fix this bug soon. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c8 --- Comment #8 from Richard Russon <rich@flatcap.org> --- Hi Libor, Found it. Fixed it :-) The NotMuch patch was trying to display data on someone else's messages. The question remains: Why didn't this crash for everyone? Some things will have to remain a mystery. I've attached a patch which I'll include in the next release. Rich / FlatCap -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c9 --- Comment #9 from Richard Russon <rich@flatcap.org> --- Created attachment 683610 --> http://bugzilla.suse.com/attachment.cgi?id=683610&action=edit patch to fix crash -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c10 --- Comment #10 from Libor Pechacek <lpechacek@suse.com> --- (In reply to Richard Russon from comment #9)
Created attachment 683610 [details] patch to fix crash
This patch fixes the crash I observed. Thank you, Rich! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c11 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #11 from Dr. Werner Fink <werner@suse.com> --- Fixed -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:8080:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:8080:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:9239:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c13 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2019:0052-1: An update that solves 16 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,1120935,980830,982129,986534 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: openSUSE Leap 42.3 (src): mutt-1.10.1-2.5.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:9239:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=986534 http://bugzilla.suse.com/show_bug.cgi?id=986534#c14 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2019:1196-1: An update that solves 16 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1061343,1094717,1101428,1101566,1101567,1101568,1101569,1101570,1101571,1101573,1101576,1101577,1101578,1101581,1101582,1101583,1101588,1101589,980830,982129,986534 CVE References: CVE-2014-9116,CVE-2018-14349,CVE-2018-14350,CVE-2018-14351,CVE-2018-14352,CVE-2018-14353,CVE-2018-14354,CVE-2018-14355,CVE-2018-14356,CVE-2018-14357,CVE-2018-14358,CVE-2018-14359,CVE-2018-14360,CVE-2018-14361,CVE-2018-14362,CVE-2018-14363 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): mutt-1.10.1-55.6.1 SUSE Linux Enterprise Desktop 12-SP3 (src): mutt-1.10.1-55.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com