[neomutt-devel] [PATCH] Fix crash when editing message

Pietro Cerutti gahr at gahr.ch
Tue Apr 23 13:11:31 CEST 2019 

Fixed in https://github.com/neomutt/neomutt/commit/e15a23 - thanks!

On Apr 23 2019, 10:45 UTC, Jules Maselbas <jmaselbas at kalray.eu> wrote:
>In some cases bail is jumped to before fp being initialized,
>this lead to a segmentation fault when closing the file fp.
>
>Signed-off-by: Jules Maselbas <jmaselbas at kalray.eu>
>--- 8< ---
>Steps to reproduce:
>1. open mailbox
>2. edit a mail
>3. quit without changing anything
>4. crash with segmentation fault
>
>Output:
>---NeoMutt:
>Message not modified
>Program received signal SIGSEGV, Segmentation fault.
>(gdb) bt
>#0  0x00007ffff66e3eed in fclose@@GLIBC_2.2.5 () from /lib64/libc.so.6
>#1  0x00000000004bd228 in mutt_file_fclose (fp=fp at entry=0x7fffffff8d98) at mutt/file.c:155
>#2  0x000000000041ffb9 in ev_message (action=action at entry=EVM_EDIT, m=m at entry=0x89b2f0, e=<optimized out>) at editmsg.c:235
>#3  0x00000000004206be in mutt_ev_message (m=0x89b2f0, el=el at entry=0x7fffffffb590, action=action at entry=EVM_EDIT) at editmsg.c:270
>#4  0x000000000042dabf in mutt_index_menu () at index.c:3115
>#5  0x0000000000408b70 in main (argc=1, argv=<optimized out>, envp=<optimized out>) at main.c:1220
>------------------------------------------
>NeoMutt 20180716-1344-11488f
>System: Linux 3.10.0-957.10.1.el7.x86_64 (x86_64)
>ncurses: ncurses 5.9.20130511 (compiled with 5.9.20130511)
>libidn: 1.28 (compiled with 1.28)
>hcache backends: lmdb
>cc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36)
>------------------------------------------
> editmsg.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/editmsg.c b/editmsg.c
>index b6679971c..530e86fe5 100644
>--- a/editmsg.c
>+++ b/editmsg.c
>@@ -129,6 +129,7 @@ static int ev_message(enum EvMessage action, struct Mailbox *m, struct Email *e)
>
>   /* Do not reuse the stat sb here as it is outdated. */
>   time_t mtime = mutt_file_decrease_mtime(fname, NULL);
>+  FILE *fp = NULL;
>
>   mutt_edit_file(NONULL(C_Editor), fname);
>
>@@ -167,7 +168,7 @@ static int ev_message(enum EvMessage action, struct Mailbox *m, struct Email *e)
>     goto bail;
>   }
>
>-  FILE *fp = fopen(fname, "r");
>+  fp = fopen(fname, "r");
>   if (!fp)
>   {
>     rc = -1;
>-- 
>2.21.0.196.g041f5ea
>

-- 
Pietro Cerutti

More information about the neomutt-devel mailing list