Created attachment 1218 [details] Fix a segmentation fault in procmime_scan_text_content() in case of conversion failures On my system (FreeBSD 10-Current amd64) trying to reply to: http://lists.freebsd.org/pipermail/freebsd-current/2013-January/039176.html reliably causes claws-mail 3.9.0 to segfault in procmime_scan_text_content(). claws-mail-3.9.0cvs55 should still be affected, but I only checked the code. The attached patch prevents the NULL pointer dereferencing and causes claws-mail to quote an empty message instead. From a usability point of view it might be preferable to quote the unconverted text (risking incorrectly displayed characters), but from the code it's not clear to me if this is the intended behavior.
can you attach the msg file, please?
Created attachment 1219 [details] Reduced test case I attached a reduced test case with some personal information removed. It still causes the patched claws-mail to warn: (claws-mail:20052): Claws-Mail-WARNING **: procmime_get_text_content(): Code conversion failed. and should still trigger the crash. If not, I can request permission to attach the original or mail it privately.
Created attachment 1220 [details] potential fix Please revert your patch and try this patch. Let me know a) if it doesn't crash, and b) if the quoted text looks as expected. Thanks!
With your patch and without mine, claws-mail doesn't crash, the conversion warning isn't shown on the console and the quoted message looks as expected. Thanks, Paul.
Changes related to this bug have been committed. Please check latest CVS and update the bug accordingly. You can also get the patch from: http://www.claws-mail.org/tracker/ 2013-01-21 [paul] 3.9.0cvs57 * src/codeconv.h * src/procmime.c fix bug 2862, 'Segmentation fault when replying to a message where the "code conversion" fails'. add support for X-VIET-VPS encoding
Thanks Fabian.
The code that is removed by my patch still seems wrong to me, though. The context is: if (str) { [...] } else { conv_fail = TRUE; if ((scan_ret = scan_callback(str, cb_data)) == TRUE) break; } It looks like the else branch would always segfault due to str being NULL and I suspect that other messages could still reach it.
Created attachment 1223 [details] Test case with an invented charset that still causes claws-mail to crash I changed the charset in the test case and as expected this still triggers the crash.
I think I have hit the same bug. I have a few messages in my mailbox with: Content-Type: text/plain; charset=unknown-8bit When I try to reply to any of these, the composition window comes out empty and frozen, and eventually Claws-mail ends up crashing.
I gave a try to Fabian's patch from comment #0 and it fixes my crash as well. This confirms the concerns Fabian expressed in comment #7.
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=06e09c818f9455537e82e8395d658e0be336f873 Author: Paul <paul@claws-mail.org> Date: Wed Apr 24 10:19:48 2013 +0100 further fix to bug #2862, 'Segmentation fault when replying to a message where the "code conversion" fails'
I just gave a try to git HEAD (including commit 06e09c818f9455537e82e8395d658e0be336f873) and it works fine for me. Thanks Paul for the very fast fix! I think we can close this bug now.
BTW, Paul's patch mentioned in comment #11 added leading white space to some lines, making it look larger than it actually is.