Referring to segfaults that end with: > #0 0x080f88b7 in folder_item_get_msginfo_by_msgid (item=0xc05b0000, msgid= > 0xc074a000 <Address 0xc074a000 out of bounds>) at folder.c:2771 > folder = <value optimized out> > msginfo = <value optimized out> Full backtrace e.g. at: https://bugzilla.redhat.com/attachment.cgi?id=443912 ( http://bugzilla.redhat.com/631090 ) In this bug tracker, I've tried to find an already open ticket for this, but could only find bug 2145, which mentions Claws Mail "becoming unresponsive" and contains a useless backtrace with missing details. In that ticket, one user added a comment on exactly this problem, however. How to reproduce? That's the hard part unfortunately, but it happens occasionally when using GoogleMail via IMAP. Quoting myself from the different ticket: Some users tried to delete a message, some tried to open another folder while Claws Mail was busy working on one, and I know Claws Mail can also crash occasionally during IMAP if the connection is lost/interrupted somehow.
Latest user report for Claws Mail 3.7.9 (Fedora 15 x86_64, https://bugzilla.redhat.com/711339) shows some interesting invalid pointers: | #0 folder_item_get_msginfo_by_msgid (item=0x726f463e623c0a32, | msgid=0x696c7065523e623c <Address 0x696c7065523e623c out of bounds>) | at folder.c:2799 Those two pointer values (FolderItem *item, const gchar *msgid) look like ASCII and the result of something corrupting the memory somewhere: roF>b< 2ilpeR>b<
Created attachment 1285 [details] gdb trace reappeared with 3.9.2git27 four times during last 24h after IMAP timeout while flagging messages Quoting the original report: "There is a problem in Claws Mail related to interrupting busy IMAP connections (in various ways), and I think Claws Mail ought to become able to protect itself against running into such conditions."
It probably happens while filtering messages. Any hint is welcome. As usal I keep the core files for later questions. imap-thread.c:1449:imap select - end imap.c:3822:select: exists 1702 recent 2 expunge 0 uid_validity 1328764413 can_create_flags 1 imap.c:4861:IMAP changing flags imap-thread.c:3266:imap store - begin imap-thread.c:388:found imap 0x8a52700 imap-thread.c:388:found imap 0x8a52700 [09:17:09] IMAP4> 683 UID STORE 152063368 +FLAGS.SILENT (\Seen) mainwindow.c:2796:mainwin in full screen state. Keeping original settings [09:17:13] IMAP4< 683 OK Store completed. imap-thread.c:3256:imap store run - end 0 imap-thread.c:404:generic_cb imap-thread.c:3278:imap store - en Program received signal SIGSEGV, Segmentation fault. folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804 2804 if (item->no_select) Thread 1 (Thread 0xb63c6b00 (LWP 2592)): #0 folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804 #1 0x08195073 in procmsg_msg_has_flagged_parent_real (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4, parentmsgs=0x8421b60) at procmsg.c:2138 #2 0x08195c1b in procmsg_msg_has_flagged_parent (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4) at procmsg.c:2186 #3 0x08195c87 in procmsg_msg_has_marked_parent (info=info@entry=0x8796700) at procmsg.c:2198 #4 0x08195df5 in update_folder_msg_counts (item=item@entry=0x87fa108, msginfo=msginfo@entry=0x8796700, old_flags=old_flags@entry=81923) at procmsg.c:1940 #5 0x081960c1 in procmsg_msginfo_unset_flags (msginfo=msginfo@entry=0x8796700, perm_flags=perm_flags@entry=3, tmp_flags=tmp_flags@entry=0) at procmsg.c:2059 #6 0x081ac6ba in summary_msginfo_unset_flags (msginfo=0x8796700, flags=3, tmp_flags=0) at summaryview.c:3438 #7 0x081b2014 in msginfo_mark_as_read (summaryview=0x8669438, msginfo=<optimized out>, row=0x89a0360) at summaryview.c:3523 #8 0x081b20ed in msginfo_mark_as_read_timeout (data=data@entry=0x941b990) at summaryview.c:3541 #9 0xb740e087 in g_timeout_dispatch (source=source@entry=0x8904ff8, callback=0x81b20a0 <msginfo_mark_as_read_timeout>, user_data=0x941b990) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:4413 #10 0xb740d333 in g_main_dispatch (context=0x84fbca8, context@entry=0x8729550) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3054 #11 g_main_context_dispatch (context=context@entry=0x84fbca8) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3630 #12 0xb740d6d0 in g_main_context_iterate (context=context@entry=0x84fbca8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3701 #13 0xb740d7b1 in g_main_context_iteration (context=0x84fbca8, context@entry=0x0, may_block=may_block@entry=1) at /build/glib2.0-EIRQgp/glib2.0-2.36.3/./glib/gmain.c:3762 #14 0xb7c35bd1 in IA__gtk_main_iteration () at /build/gtk+2.0-2e9BNH/gtk+2.0-2.24.20/gtk/gtkmain.c:1345 #0 folder_item_get_msginfo_by_msgid (item=0x26d, msgid=0x16 <Address 0x16 out of bounds>) at folder.c:2804 2804 if (item->no_select) item = 0x26d msgid = 0x16 <Address 0x16 out of bounds> #1 0x08195073 in procmsg_msg_has_flagged_parent_real (info=info@entry=0x8796700, perm_flags=perm_flags@entry=4, parentmsgs=0x8421b60) at procmsg.c:2138 2138 tmp = folder_item_get_msginfo_by_msgid(info->folder, (gdb) p *info $1 = {refcnt = 0, msgnum = 0, size = 4294967515, mtime = 0, date_t = 1, thread_date = 1, flags = {perm_flags = 81920, tmp_flags = 218}, fromname = 0x1 <Address 0x1 out of bounds>, date = 0xdb <Address 0xdb out of bounds>, from = 0x26d <Address 0x26d out of bounds>, to = 0x0, cc = 0x26d <Address 0x26d out of bounds>, newsgroups = 0xdb <Address 0xdb out of bounds>, subject = 0x26e <Address 0x26e out of bounds>, msgid = 0xda <Address 0xda out of bounds>, inreplyto = 0x16 <Address 0x16 out of bounds>, xref = 0xdb <Address 0xdb out of bounds>, folder = 0x26d, to_folder = 0x0, to_filter_folder = 0x26d, filter_op = 219, references = 0x26e, fromspace = 0x0, score = 0, plaintext_file = 0x0, hidden = 0, total_size = 0, planned_download = 0, tags = 0x0, extradata = 0x9a9acc8} (gdb) p *parentmsgs $2 = {size = 8, mod = 7, mask = 7, nnodes = 0, noccupied = 4, keys = 0x8892200, hashes = 0x90991c0, values = 0x9787428, hash_func = 0xb73faf70 <g_direct_hash>, key_equal_func = 0x0, ref_count = 1, version = 533326, key_destroy_func = 0x0, value_destroy_func = 0x0} #4 0x08195df5 in update_folder_msg_counts (item=item@entry=0x87fa108, msginfo=msginfo@entry=0x8796700, old_flags=old_flags@entry=81923) at procmsg.c:1940 1940 if (procmsg_msg_has_marked_parent(msginfo)) (gdb) p *item $4 = {stype = F_NORMAL, name = 0x87fa1d8 "pfir", path = 0x87f9fd8 "INBOX/projects/opentech/privacy/pfir", mtime = 1328765083, new_msgs = -1, unread_msgs = 0, total_msgs = 23, unreadmarked_msgs = 0, marked_msgs = 0, replied_msgs = 0, forwarded_msgs = 0, locked_msgs = 0, ignored_msgs = 0, watched_msgs = 0, order = 0, last_num = -1, cache = 0x8cc8ae8, cache_dirty = 1, mark_dirty = 1, tags_dirty = 0, no_sub = 0, no_select = 0, collapsed = 0, thread_collapsed = 0, threaded = 1, hide_read_msgs = 0, ret_rcpt = 0, search_match = 0, hide_del_msgs = 0, hide_read_threads = 0, op_count = 0, opened = 1, update_flags = (unknown: 0), sort_key = SORT_BY_DATE, sort_type = SORT_ASCENDING, node = 0x87f6480, folder = 0x87c43c0, account = 0x0, apply_sub = 0, mark_queue = 0x0, data = 0x0, prefs = 0x87fa1f8, parent_stype = F_NORMAL, processing_pending = 0, scanning = 0, last_seen = 27} #7 0x081b2014 in msginfo_mark_as_read (summaryview=0x8669438, msginfo=<optimized out>, row=0x89a0360) at summaryview.c:3523 3523 (msginfo, MSG_NEW | MSG_UNREAD, 0); (gdb) p *summaryview $5 = {vbox = 0x8612dc8, mainwidget_book = 0x866c060, scrolledwin = 0x858e138, ctree = 0x8539478, hbox = 0x8612e20, hbox_l = 0x8612f80, hbox_spc = 0x8621010, stat_box = 0x8612ed0, stat_box2 = 0x8612f28, folder_pixmap = 0x86b1b40, folder_pixmap_eventbox = 0x8613770, statlabel_folder = 0x8628810, statlabel_select = 0x8628890, statlabel_msgs = 0x8628910, toggle_eventbox = 0x8613200, toggle_arrow = 0x8613250, toggle_search = 0x8618f08, quick_search_pixmap = 0x86ca430, popupmenu = 0x85fe690, colorlabel_menu = 0x86c54d8, tags_menu = 0x86c55d8, window = 0x84fb160, selected = 0x8f39850, displayed = 0x0, display_msg = 0, color_important = {pixel = 0, red = 0, green = 0, blue = 65535}, col_state = {{type = S_COL_MARK, visible = 1}, {type = S_COL_STATUS, visible = 1}, {type = S_COL_MIME, visible = 1}, {type = S_COL_SUBJECT, visible = 1}, {type = S_COL_FROM, visible = 1}, {type = S_COL_DATE, visible = 1}, {type = S_COL_SIZE, visible = 1}, {type = S_COL_NUMBER, visible = 0}, {type = S_COL_SCORE, visible = 0}, {type = S_COL_LOCKED, visible = 0}, {type = S_COL_TO, visible = 0}, {type = S_COL_TAGS, visible = 0}}, col_pos = {0, 1, 2, 3, 4, 10, 5, 6, 7, 8, 9, 11}, color_marked = {pixel = 0, red = 0, green = 0, blue = 65535}, color_dim = {pixel = 0, red = 35000, green = 35000, blue = 35000}, lock_count = 0, mainwin = 0x8536678, folderview = 0x86253f8, headerview = 0x0, messageview = 0x869d778, ext_messageview = 0x0, quicksearch = 0x8670ee0, folder_item = 0x87fa108, important_score = 0, sort_key = SORT_BY_DATE, sort_type = SORT_ASCENDING, threaded = 1, thread_collapsed = 0, simplify_subject_preg = 0x0, unreadmarked = 0, total_size = 194222, deleted = 0, moved = 0, copied = 0, msgid_table = 0x97caba8, subject_table = 0x9108c88, mlist = 0x0, msginfo_update_callback_id = 93, folder_item_update_callback_id = 3, folder_update_callback_id = 3, target_list = 0x8698588, recursive_matched_folders = 0x0, search_root_folder = 0x0} (gdb) p *row $6 = {list = {data = 0x9676780, next = 0x0, prev = 0x9676780}} (sorry for all that this noise, maybe some useful info hides in the dirt)
@kardan@riseup.net: it's generally better if you describe how the bug can be reproduced rather than filling the bug tracker with loads of stuff.
Closing in favour of bug 2769 and due to the comments in bug 3084.