Bug 2351

Summary: IMAP related crash in folder_item_get_msginfo_by_msgid () at folder.c:2771
Product: Claws Mail (GTK 2) Reporter: Michael Schwendt <mschwendt>
Component: Folders/IMAPAssignee: users
Status: RESOLVED INVALID    
Severity: normal CC: andreas.bierfert
Priority: P3    
Version: 3.7.8   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
gdb trace none

Description Michael Schwendt 2011-01-23 22:25:41 UTC 
Referring to segfaults that end with:

> #0  0x080f88b7 in folder_item_get_msginfo_by_msgid (item=0xc05b0000, msgid=
>     0xc074a000 <Address 0xc074a000 out of bounds>) at folder.c:2771
>         folder = <value optimized out>
>         msginfo = <value optimized out>

Full backtrace e.g. at: https://bugzilla.redhat.com/attachment.cgi?id=443912
( http://bugzilla.redhat.com/631090 )

In this bug tracker, I've tried to find an already open ticket for this, but could only find bug 2145, which mentions Claws Mail "becoming unresponsive" and contains a useless backtrace with missing details. In that ticket, one user added a comment on exactly this problem, however.

How to reproduce? That's the hard part unfortunately, but it happens occasionally when using GoogleMail via IMAP. Quoting myself from the different ticket: Some users tried to delete a message, some tried to open another folder while Claws Mail was busy working on one, and I know Claws Mail can also crash occasionally during IMAP if the connection is lost/interrupted somehow.
Comment 1 Michael Schwendt 2011-06-07 11:47:57 UTC 
Latest user report for Claws Mail 3.7.9 (Fedora 15 x86_64, https://bugzilla.redhat.com/711339) shows some interesting invalid pointers:

| #0  folder_item_get_msginfo_by_msgid (item=0x726f463e623c0a32,
| msgid=0x696c7065523e623c <Address 0x696c7065523e623c out of bounds>)
| at folder.c:2799

Those two pointer values (FolderItem *item, const gchar *msgid) look like ASCII
and the result of something corrupting the memory somewhere:

  roF>b<
  2ilpeR>b<
Comment 2 kardan 2013-07-30 20:31:00 UTC 
Created attachment 1285 [details]
gdb trace

reappeared with 3.9.2git27 four times during last 24h after IMAP timeout while flagging messages

Quoting the original report:
"There is a problem in Claws Mail related to interrupting busy IMAP connections (in various ways), and I think Claws Mail ought to become able to protect itself against running into such conditions."
Comment 3 kardan 2013-08-14 10:33:31 UTC 
It probably happens while filtering messages. Any hint is welcome. As usal I keep the core files for later questions.

imap-thread.c:1449:imap select - end
imap.c:3822:select: exists 1702 recent 2 expunge 0 uid_validity 1328764413 can_create_flags 1
imap.c:4861:IMAP changing flags
imap-thread.c:3266:imap store - begin
imap-thread.c:388:found imap 0x8a52700
imap-thread.c:388:found imap 0x8a52700
[09:17:09] IMAP4> 683 UID STORE 152063368 +FLAGS.SILENT (\Seen) 
mainwindow.c:2796:mainwin in full screen state. Keeping original settings
[09:17:13] IMAP4< 683 OK Store completed. 
imap-thread.c:3256:imap store run - end 0
imap-thread.c:404:generic_cb
imap-thread.c:3278:imap store - en

Program received signal SIGSEGV, Segmentation fault.
folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804
2804            if (item->no_select)

Thread 1 (Thread 0xb63c6b00 (LWP 2592)):
#0  folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804
#1  0x08195073 in procmsg_msg_has_flagged_parent_real (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4, parentmsgs=0x8421b60) at procmsg.c:2138
#2  0x08195c1b in procmsg_msg_has_flagged_parent (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4) at procmsg.c:2186
#3  0x08195c87 in procmsg_msg_has_marked_parent (info=info@entry=0x8796700) at procmsg.c:2198
#4  0x08195df5 in update_folder_msg_counts (item=item@entry=0x87fa108, msginfo=msginfo@entry=0x8796700, old_flags=old_flags@entry=81923) at procmsg.c:1940
#5  0x081960c1 in procmsg_msginfo_unset_flags (msginfo=msginfo@entry=0x8796700, perm_flags=perm_flags@entry=3, tmp_flags=tmp_flags@entry=0) at procmsg.c:2059
#6  0x081ac6ba in summary_msginfo_unset_flags (msginfo=0x8796700, flags=3, tmp_flags=0) at summaryview.c:3438
#7  0x081b2014 in msginfo_mark_as_read (summaryview=0x8669438, msginfo=<optimized out>, row=0x89a0360) at summaryview.c:3523
#8  0x081b20ed in msginfo_mark_as_read_timeout (data=data@entry=0x941b990) at summaryview.c:3541
#9  0xb740e087 in g_timeout_dispatch (source=source@entry=0x8904ff8, callback=0x81b20a0 <msginfo_mark_as_read_timeout>, user_data=0x941b990) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:4413
#10 0xb740d333 in g_main_dispatch (context=0x84fbca8, context@entry=0x8729550) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3054
#11 g_main_context_dispatch (context=context@entry=0x84fbca8) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3630
#12 0xb740d6d0 in g_main_context_iterate (context=context@entry=0x84fbca8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3701
#13 0xb740d7b1 in g_main_context_iteration (context=0x84fbca8, context@entry=0x0, may_block=may_block@entry=1) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3762
#14 0xb7c35bd1 in IA__gtk_main_iteration () at /build/gtk+2.0-2e9BNH/gtk+2.0-2.24.20/gtk/gtkmain.c:1345

#0  folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804
2804            if (item->no_select)
item = 0x26d
msgid = 0x16 <Address 0x16 out of bounds>
#1  0x08195073 in procmsg_msg_has_flagged_parent_real (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4, parentmsgs=0x8421b60)
    at procmsg.c:2138
2138                    tmp = folder_item_get_msginfo_by_msgid(info->folder,
(gdb) p *info
$1 = {refcnt = 0, msgnum = 0, size = 4294967515, mtime = 0, date_t = 1, thread_date = 1, flags = {perm_flags = 81920, tmp_flags = 218}, 
  fromname = 0x1 <Address 0x1 out of bounds>, date = 0xdb <Address 0xdb out of bounds>, from = 0x26d <Address 0x26d out of bounds>, to = 0x0, 
  cc = 0x26d <Address 0x26d out of bounds>, newsgroups = 0xdb <Address 0xdb out of bounds>, subject = 0x26e <Address 0x26e out of bounds>, 
  msgid = 0xda <Address 0xda out of bounds>, inreplyto = 0x16 <Address 0x16 out of bounds>, xref = 0xdb <Address 0xdb out of bounds>, 
  folder = 0x26d, to_folder = 0x0, to_filter_folder = 0x26d, filter_op = 219, references = 0x26e, fromspace = 0x0, score = 0, 
  plaintext_file = 0x0, hidden = 0, total_size = 0, planned_download = 0, tags = 0x0, extradata = 0x9a9acc8}
(gdb) p *parentmsgs
$2 = {size = 8, mod = 7, mask = 7, nnodes = 0, noccupied = 4, keys = 0x8892200, hashes = 0x90991c0, values = 0x9787428, 
  hash_func = 0xb73faf70 <g_direct_hash>, key_equal_func = 0x0, ref_count = 1, version = 533326, key_destroy_func = 0x0, 
  value_destroy_func = 0x0}
#4  0x08195df5 in update_folder_msg_counts (item=item@entry=0x87fa108, msginfo=msginfo@entry=0x8796700, old_flags=old_flags@entry=81923)
    at procmsg.c:1940
1940                    if (procmsg_msg_has_marked_parent(msginfo))
(gdb) p *item
$4 = {stype = F_NORMAL, name = 0x87fa1d8 "pfir", path = 0x87f9fd8 "INBOX/projects/opentech/privacy/pfir", mtime = 1328765083, new_msgs = -1, 
  unread_msgs = 0, total_msgs = 23, unreadmarked_msgs = 0, marked_msgs = 0, replied_msgs = 0, forwarded_msgs = 0, locked_msgs = 0, 
  ignored_msgs = 0, watched_msgs = 0, order = 0, last_num = -1, cache = 0x8cc8ae8, cache_dirty = 1, mark_dirty = 1, tags_dirty = 0, no_sub = 0, 
  no_select = 0, collapsed = 0, thread_collapsed = 0, threaded = 1, hide_read_msgs = 0, ret_rcpt = 0, search_match = 0, hide_del_msgs = 0, 
  hide_read_threads = 0, op_count = 0, opened = 1, update_flags = (unknown: 0), sort_key = SORT_BY_DATE, sort_type = SORT_ASCENDING, 
  node = 0x87f6480, folder = 0x87c43c0, account = 0x0, apply_sub = 0, mark_queue = 0x0, data = 0x0, prefs = 0x87fa1f8, parent_stype = F_NORMAL, 
  processing_pending = 0, scanning = 0, last_seen = 27}
#7  0x081b2014 in msginfo_mark_as_read (summaryview=0x8669438, msginfo=<optimized out>, row=0x89a0360) at summaryview.c:3523
3523                            (msginfo, MSG_NEW | MSG_UNREAD, 0);
(gdb) p *summaryview
$5 = {vbox = 0x8612dc8, mainwidget_book = 0x866c060, scrolledwin = 0x858e138, ctree = 0x8539478, hbox = 0x8612e20, hbox_l = 0x8612f80, 
  hbox_spc = 0x8621010, stat_box = 0x8612ed0, stat_box2 = 0x8612f28, folder_pixmap = 0x86b1b40, folder_pixmap_eventbox = 0x8613770, 
  statlabel_folder = 0x8628810, statlabel_select = 0x8628890, statlabel_msgs = 0x8628910, toggle_eventbox = 0x8613200, toggle_arrow = 0x8613250, 
  toggle_search = 0x8618f08, quick_search_pixmap = 0x86ca430, popupmenu = 0x85fe690, colorlabel_menu = 0x86c54d8, tags_menu = 0x86c55d8, 
  window = 0x84fb160, selected = 0x8f39850, displayed = 0x0, display_msg = 0, color_important = {pixel = 0, red = 0, green = 0, blue = 65535}, 
  col_state = {{type = S_COL_MARK, visible = 1}, {type = S_COL_STATUS, visible = 1}, {type = S_COL_MIME, visible = 1}, {type = S_COL_SUBJECT, 
      visible = 1}, {type = S_COL_FROM, visible = 1}, {type = S_COL_DATE, visible = 1}, {type = S_COL_SIZE, visible = 1}, {type = S_COL_NUMBER, 
      visible = 0}, {type = S_COL_SCORE, visible = 0}, {type = S_COL_LOCKED, visible = 0}, {type = S_COL_TO, visible = 0}, {type = S_COL_TAGS, 
      visible = 0}}, col_pos = {0, 1, 2, 3, 4, 10, 5, 6, 7, 8, 9, 11}, color_marked = {pixel = 0, red = 0, green = 0, blue = 65535}, 
  color_dim = {pixel = 0, red = 35000, green = 35000, blue = 35000}, lock_count = 0, mainwin = 0x8536678, folderview = 0x86253f8, 
  headerview = 0x0, messageview = 0x869d778, ext_messageview = 0x0, quicksearch = 0x8670ee0, folder_item = 0x87fa108, important_score = 0, 
  sort_key = SORT_BY_DATE, sort_type = SORT_ASCENDING, threaded = 1, thread_collapsed = 0, simplify_subject_preg = 0x0, unreadmarked = 0, 
  total_size = 194222, deleted = 0, moved = 0, copied = 0, msgid_table = 0x97caba8, subject_table = 0x9108c88, mlist = 0x0, 
  msginfo_update_callback_id = 93, folder_item_update_callback_id = 3, folder_update_callback_id = 3, target_list = 0x8698588, 
  recursive_matched_folders = 0x0, search_root_folder = 0x0}
(gdb) p *row
$6 = {list = {data = 0x9676780, next = 0x0, prev = 0x9676780}}

(sorry for all that this noise, maybe some useful info hides in the dirt)
Comment 4 Paul 2013-08-14 10:36:28 UTC 
@kardan@riseup.net: it's generally better if you describe how the bug can be reproduced rather than filling the bug tracker with loads of stuff.
Comment 5 Michael Schwendt 2014-02-08 02:20:22 UTC 
Closing in favour of bug 2769 and due to the comments in bug 3084.