Re: core dump of 1.4.3

[Oswald B. <osw...@gm...>]

On Wed, Nov 17, 2021 at 08:08:22AM +0900, Norbert Preining wrote:
>Today I got a bug report about a crash including a backtrace:
>
i know, i watch the debian package. you don't need to forward anything 
to me. in fact, i was about to reply directly on the bts before it 
occurred to me to check the other folder first.

>Do you have any suggestion?
>
it's an obvious heap corruption, which may be exploitable in the worst 
case (the glibc allocator seems to catch the condition, but others may 
not, or a more carefully crafted message may sidestep it).

the easiest way to get to the bottom of it should be running

   valgrind --tool=memcheck --num-callers=50 mbsync -D <...>
   
(mbsync's -D should help identify the culprit message, a verbatim copy 
of which should be inspected).

antoine, you can send the log (and the message, if it's not too 
confidential) to me in private.