Bug 4016 - Claws-mail segfault
Summary: Claws-mail segfault
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: Folders/IMAP (show other bugs)
Version: 3.16.0
Hardware: PC Linux
: P3 major
Assignee: users
Depends on:
Reported: 2018-04-23 22:36 UTC by rce-dev
Modified: 2018-04-24 19:49 UTC (History)
0 users

See Also:


Description rce-dev 2018-04-23 22:36:00 UTC
Claws-mail segfaults under two conditions as described below:
1: claws-mail segfaults while executing or closing "Checkfor new folders"
2: claws-mail segfaults while exiting claws-mail:

claws-mail configuration:

imap localhost:1143 STARTLS (ProtonMail Bridge)
smtp localhost:1025 STARTLS
use non-blocking SSL/TLS

Fedora fc27
claws-mail version 3.16.0
libetpan   version 1.8

PC: ThinkPad T540p

GDB Backtrace when claws-mail segfaults while executing or closing
"Check for new folders"

claws-mail[10696]: segfault at 0 ip 00007fb4cd366814 sp \
00007fb4c0dfba70 error 4 in libetpan.so[7fb4cd333000+c2000]

gdb backtrace:
#0  0x00007fb4cd366814 in clist_foreach (lst=0x0, func=func@entry=0x7fb4cd380a20 <mailimap_flag_free>, data=data@entry=0x0) at clist.c:220
#1  0x00007fb4cd380ad5 in mailimap_flag_list_free (flag_list=0x7fb4b8031c90) at mailimap_types.c:1204
#2  0x00007fb4cd382800 in mailimap_selection_info_free (sel_info=0x7fb4b8032140) at mailimap_types.c:3109
#3  0x00007fb4cd36b588 in mailimap_select_condstore_optional (session=0x2814250, mb=0x7fb4b802a810 "Sent", condstore=condstore@entry=0, p_mod_sequence_value=p_mod_sequence_value@entry=0x7fb4c0dfbb08) at condstore.c:497
#4  0x00007fb4cd36c310 in mailimap_select (session=<optimized out>, mb=<optimized out>) at mailimap.c:2094
#5  0x00000000005acbbf in select_run (op=<optimized out>) at imap-thread.c:1341
#6  0x00000000005cf546 in thread_run (data=0x2708fe0) at etpan-thread-manager.c:340
#7  0x00007fb4ce75b50b in start_thread () at /usr/lib64/libpthread.so.0
#8  0x00007fb4cd07216f in clone () at /usr/lib64/libc.so.6

GDB Backtrace when claws-mail segfaults while exiting claws-mail:

claws-mail[23534]: segfault at 0 ip 00007f8b0898d814 sp 00007f8af7ffeaf0 error 4 in libetpan.so.20.1.0[7f8b0895a000+c2000]

#0  0x00007f8b0898d814 in clist_foreach (lst=0x0, func=func@entry=0x7f8b089a7a20 <mailimap_flag_free>, data=data@entry=0x0) at clist.c:220
#1  0x00007f8b089a7ad5 in mailimap_flag_list_free (flag_list=0x7f8aec03f530) at mailimap_types.c:1204
#2  0x00007f8b089a9800 in mailimap_selection_info_free (sel_info=0x7f8aec03d530) at mailimap_types.c:3109
#3  0x00007f8b0899406e in mailimap_free (session=0x25e4000) at mailimap.c:2694
#4  0x00000000005cf546 in thread_run (data=0x27e1f70) at etpan-thread-manager.c:340
#5  0x00007f8b09d8250b in start_thread () at /usr/lib64/libpthread.so.0
#6  0x00007f8b0869916f in clone () at /usr/lib64/libc.so.6
Comment 1 Andrej Kacian 2018-04-24 08:47:31 UTC
On a quick glance, it seems to me that the crash is inside libetpan, due to a missing NULL check on the sel_flags member of struct mailimap_selection_info. It is initialized to NULL when the struct is allocated earlier, but perhaps due to the IMAP server's lack of support for flags, it is never used, and mailimap_selection_info_free() (and subsequently clist_free()) does not expect it.

Can you please post contents of ~/.claws-mail/claws.log (with folder names etc. sufficiently sanitized, if you feel like it) from the crashing run? I'd like to see the network traffic between Claws Mail and the server.
Comment 2 Andrej Kacian 2018-04-24 10:54:20 UTC
If you are in a position to recompile libetpan yourself, can you please try it with this change applied? It should fix the crash.

Comment 3 rce-dev 2018-04-24 18:14:47 UTC
I've compiled libetpan with the suggested changes.

The crash issue is fixed.

May I assume there is no need for the information requested in Comment 1?

Thanks, very much, for your assistance.
Comment 4 Andrej Kacian 2018-04-24 19:49:25 UTC
Thanks for the confirmation, I sent the fix upstream: https://github.com/dinhviethoa/libetpan/pull/290

As for the log, you're right that it is not necessary, although I'm still curious how exactly the IMAP protocol responses from this ProtonMail Bridge look, so that it confuses libetpan and makes it hit this unhandled case. If you could send it to me privately (ticho at claws-mail.org), I'd be grateful. It's up to you, though.

I'm closing this ticket as INVALID, since it is not a bug in Claws Mail.

Note You need to log in before you can comment on or make changes to this bug.