#991377 neomutt: SIGSEGV on null pointer dereference in cmd_parse_fetch()

Package:
neomutt
Source:
neomutt
Description:
command line mail reader based on Mutt, with added features
Submitter:
"Kim Alvefur (Zash)"
Date:
2021-07-21 23:39:03 UTC
Severity:
normal
#991377#5
Date:
2021-07-21 23:34:13 UTC
From:
To:
Dear Maintainer,

I experienced a crash in neomutt. I'm afraid I'm not sure what exactly
triggered it, or how to reproduce.

(gdb) bt
#0  0x00005595a5ee9b61 in cmd_parse_fetch (s=0x5595a724f822 "13 FETCH (UID 7898 FLAGS (\\Seen))", adata=0x5595a6f6e9d0) at ../imap/command.c:427
#1  cmd_handle_untagged (adata=0x5595a6f6e9d0) at ../imap/command.c:998
#2  imap_cmd_step (adata=adata@entry=0x5595a6f6e9d0) at ../imap/command.c:1130
#3  0x00005595a5eea570 in imap_cmd_step (adata=adata@entry=0x5595a6f6e9d0) at ../imap/command.c:1082
#4  0x00005595a5ef1d68 in read_headers_normal_eval_cache (adata=adata@entry=0x5595a6f6e9d0, msn_end=msn_end@entry=10202, uid_next=uid_next@entry=22692, store_flag_updates=store_flag_updates@entry=false,
    eval_condstore=eval_condstore@entry=false) at ../imap/message.c:729
#5  0x00005595a5ef285a in imap_read_headers (m=m@entry=0x5595a6f31a10, msn_begin=msn_begin@entry=1, msn_end=msn_end@entry=10202, initial_download=initial_download@entry=true) at ../imap/message.c:1338
#6  0x00005595a5eec585 in imap_mbox_open (m=0x5595a6f31a10) at ../imap/imap.c:2084
#7  0x00005595a5e830b8 in mx_mbox_open (m=0x5595a6f31a10, flags=flags@entry=0 '\000') at ../mx.c:400
#8  0x00005595a5e63eb5 in change_folder_mailbox (menu=0x5595a7282250, m=<optimized out>, oldcount=oldcount@entry=0x7ffed068b104, cur=cur@entry=0x7ffed068b110, read_only=read_only@entry=false) at ../index.c:756
#9  0x00005595a5e65376 in mutt_index_menu (dlg=0x5595a728df60) at ../index.c:2456
#10 0x00005595a5e4514a in main (argc=1, argv=0x7ffed068deb8, envp=<optimized out>) at ../main.c:1236

So it points to this line:

../imap/command.c
427    mutt_debug(LL_DEBUG2, "Message UID %u updated\n", imap_edata_get(e)->uid);

(gdb) p e
$1 = (struct Email *) 0x5595a789c200

imap_edata_get(e) returns e->edata or NULL, but the former is apparently also NULL:

(gdb) p e->edata
$2 = (void *) 0x0

So that would explain the SIGSEGV. Not sure where to go from here, not
familiar with this codebase.