Re: [Fetchmail-users] bug in pop3.c of 6.4.0.beta4?

[Matthias A. <mat...@gm...>]

Am 15.11.18 um 15:46 schrieb Dr P. Kinsler:
> In pop3.c lines 1373-1374 (routine pop3_delete()) from fetchmail-6.4.0.beta4
> we have the lines:
>
>     rec = find_uid_by_num(dofastuidl ? &ctl->oldsaved : &ctl->newsaved, number);
>     rec->status = UID_DELETED;
>
> If find_uid_by_num() returns a 0 (NULL), the "rec->status = UID_DELETED"
> line then can trigger a segmentation fault.

Paul,

thanks for reporting and debugging this.

I am wondering how find_uid_by_num() could return 0 in this situation,
so I wonder if there is a flaw in the program logic in driver.c (in the
next two outer frame), but I think that your proposal to safeguard the
assignment is right to avoid the immediate crash. If the message isn't
known, we shouldn't be trying to save state for it.

I have committed similar code to what you've proposed, and uploaded to
the Git repositories as 8c57ec38. The "similar" is my adding another
pair of parentheses, which suppresses warnings in some
compiler/version/flag combinations. The fix should be in beta5 or rc1 or
whatever I'll call the next tarball.

I assume you have already tested such a change an know it to fix your
crashes?

Thanks again.

Best regards,
Matthias