[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#216512: [jon@dowland.name: Re: bug#1836: mutt-1.5.5.1+cvs20040105i: mutt segfaults when executing a regexp on a particular Maildir]

Hi,

A problem I was having with mutt seems to be this bug. Attached is some
diagnosis and info about reproducing the bug. I hope it proves of use
with future diagnosis.

Attachments: a backtrace, a gzipped spam which triggers the problem.
Reproduce by opening the Maildir and tag-pattern [0-9] in mutt. 

----- Forwarded message from Jon Dowland <jon@dowland.name> -----

From: Jon Dowland <jon@dowland.name>
Subject: Re: bug#1836: mutt-1.5.5.1+cvs20040105i: mutt segfaults when executing a regexp on a particular Maildir
Date: Fri, 2 Apr 2004 12:43:09 +0100
To: Alain Bench <veronatif@free.fr>
X-Spam-Level: 

On Thu, Apr 01, 2004 at 04:05:04PM +0200, Alain Bench wrote:
> Hello Jon, thank you very much for your bug report.
> 
>     The report seems to not have reached mutt-dev list, found it only on
> the BTS at <URL:http://bugs.guug.de/db/18/1836.html>.

Hi, glad to hear it reached someone :) I submitted it via the `muttbug'
program as part of the mutt debian package. However, I was experiencing
mail problems at around the time I submitted the bug, and I did notice a
bounce from a mutt address in my logs.

>  On Monday, March 22, 2004 at 3:26:24 PM +0000, Jon Dowland wrote:
> 
> > I have a large-ish box of mail which has been filtered as potentially
> > being spam. When attempting to tag all messages matching the regexp
> > [0-9]+$, mutt segfaults: Executing command on matching
> > messages...Segmentation fault
> 
>     Could you please check the backtrace? Let segfault create a core,
> gdb $(which mutt) core, then type "bt" and "quit".

Attached as mutt-backtrace. If necessary I can install the deb package
libc6-dbg; which may provide more info.

> > I imagine it is only one of the messages which is related to the
> > segfault, and so I would be greatful for any advice on identifying
> > candidates.
> 
>     Hum... Perhaps limit to half messages (~m 1-1000) and <tag-pattern>
> [0-9]+$, then again. Or use the pattern in a color header statement then
> open every mail... Someone has a better suggestion?

I tried 
        color index brightmagenta default [0-9]+$ 
which helped me narrow it down to one spam - attached as segfault-spam.tar.gz

> > I am willing to perform more sophisticated experiments
> 
>     What is version of Glibc Debian package? 

ii  libc6          2.3.2.ds1-11   GNU C Library: Shared libraries and Timezone

> What is output of "locale"?

I use en_GB.UTF-8. I can confirm the problem doesn't exist if I set the
LANG to "en_GB" first.

> If it uses UTF-8 anywhere, check if Glibc regex bug #216512 applies to
> your case (there are various shell or C test programs) on
> <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=216512>.

The shell command failed to throw the segfault but the C program
segfaulted as expected, the backtrace leading to re_exec in libc.so.6 .

So, it would appear that bug 216512 is to blame! Thanks for your help.
Do you think I should send a copy of this analysis to the bug?

-- 
Jonathan Dowland
http://jon.dowland.name/

----- End forwarded message -----
----- Forwarded message from Alain Bench <veronatif@free.fr> -----

From: Alain Bench <veronatif@free.fr>
Subject: Re: bug#1836: mutt-1.5.5.1+cvs20040105i: mutt segfaults when executing a regexp on a particular Maildir
Date: Tue, 6 Apr 2004 11:26:09 +0200 (CEST)
To: 1836@bugs.guug.de
X-Spam-Level: 

 On Friday, April 2, 2004 at 12:43:09 PM +0100, Jonathan Dowland wrote:

> On Thu, Apr 01, 2004 at 04:05:04PM +0200, Alain Bench wrote:
>> report seems to not have reached mutt-dev
> I was experiencing mail problems at around the time I submitted the
> bug, and I did notice a bounce from a mutt address in my logs.

    Probably more a problem at the list server: The guys making that
running have a hard work with those flows of new viruses these days...
Moderating this might be not so pleasant. Thanks men!


> one spam - attached as segfault-spam.tar.gz

    Doesn't crash here (I'm not touched by #216512). Headers B-encoded
announced as KS_C_5601-1987, but reality seems more like EUC-KR.

    MIME announces HTML body in KS_C_5601-1987 charset, but HTML
meta-tag announces EUC-KR. Meta-tag is right, seems like real EUC-KR
body. There is a 512 chars line, 592 once converted to UTF: That's less
then 1022, we don't seem to be in the truncation case (and moreover you
have patch-1.5.4.helmersson.incomplete_multibyte).

    The best suspects are one or both of:

| From: =?ks_c_5601-1987?B?sO23wbXwwNrAzrjVxq4=?= <krprint@lycos.co.kr>
| Subject: {Spam?} =?ks_c_5601-1987?B?KCCxpLDtICm79bfOv+4gsaSw7SDH9bjtLcClKMD8wNopxKu02bfOsdc=?=


> bug 216512 is to blame! Thanks for your help.

    Yes. And you're very welcome!


> Do you think I should send a copy of this analysis to the bug?

    Yes, please do. Unfortunately we can't reassign bugs from Mutt BTS
to Debian, and I couldn't locate a more upstream BTS, Glibc's Bugzilla
seems out. I'll close #1836 as I believe there is nothing Mutt can do to
prevent this segfault.


Bye!	Alain.
-- 
Mutt muttrc tip to send mails in best adapted first necessary and sufficient
charset (version for Western Latin-1/Latin-9/CP-850/CP-1252 terminal users):
set send_charset="us-ascii:iso-8859-1:iso-8859-15:windows-1252:utf-8"


----- End forwarded message -----

-- 
Jonathan Dowland
http://jon.dowland.name/

$ gdb `which mutt` core
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...(no debugging symbols found)...
Core was generated by `mutt -f =segfault'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libncursesw.so.5...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libncursesw.so.5
Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libidn.so.11...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libidn.so.11
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/gconv/ISO8859-1.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
Reading symbols from /usr/lib/gconv/BIG5.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/gconv/BIG5.so
#0  0x4017349b in re_exec () from /lib/libc.so.6
(gdb) bt
#0  0x4017349b in re_exec () from /lib/libc.so.6
#1  0x40173c51 in re_exec () from /lib/libc.so.6
#2  0x40307238 in ?? ()
(gdb) quit

Attachment: segfault-spam.tar.gz
Description: Binary data

Reply to: