https://bugzilla.redhat.com/601982 Backtrace: https://bugzilla.redhat.com/attachment.cgi?id=422388 Initially reported against Claws Mail 3.7.6, but ChangeLog doesn't mention anything related, so the bug could still be alive. [...] Skimming over compose.c, it seems to me that there is a race that makes it possible to call compose_close -> compose_destroy twice. Am I reading it wrong? Imagine a first call of compose_close failing to lock the compose mutex. Then it's setting up a timeout func to call compose_close again. Meanwhile, a compose_delete_cb calls compose_close_cb, which in turn enters compose_close. If it succeeds at locking the mutex, it proceeds to calling compose_destroy. Afterwards, compose_close is called once more as the timeout func, but working with a ptr to freed memory.
Claws Mail 3.7.9 https://bugzilla.redhat.com/731859 Backtrace: https://bugzilla.redhat.com/attachment.cgi?id=518932
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ ++ ChangeLog 2014-04-30 22:50:03.332330890 +0200 http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=ec473b1334ab854fc405c325ac514a0cacbf08e2 Merge: db125fa 8880d1a Author: Colin Leroy <colin@colino.net> Date: Wed Apr 30 22:50:02 2014 +0200 Merge branch 'master' of file:///home/git/claws http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=8880d1a9996875e5cb872509de1d47c22e0b9b04 Author: Colin Leroy <colin@colino.net> Date: Wed Apr 30 22:48:13 2014 +0200 Fix bug #2398, "Race when closing compose during drafting" Thanks to Michael Schwendt for spotting the problem.
Marking fixed :)