Hi,

while implementing thread support in our mail application I found a bug which kills IMAP(alpha5, SUSE 10) process...

These are the commands:

x OK Logged in.

x select INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk $Forwarded Spam)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk $Forwarded Spam \*)] Flags permitted.
* 2280 EXISTS
* 1 RECENT
* OK [UNSEEN 473] First unseen.
* OK [UIDVALIDITY 1136386397] UIDs valid
* OK [UIDNEXT 2319] Predicted next UID
x OK [READ-WRITE] Select completed.

x uid thread references utf8 (SUBJECT "locking")
* THREAD (2289 2307)
* 2281 EXISTS
* 1 RECENT
x OK Thread completed.

x UID THREAD REFERENCES UTF8 (SUBJECT 'locking')
Connection closed by foreign host.


This is the code dump:

(gdb) bt full
#0  0xdededede in ?? ()
No symbol table info available.
#1  0x08060127 in mail_thread_deinit (ctx=0x80c0120) at imap-thread.c:100
No locals.
#2  0x080611e2 in imap_thread (cmd=0x80c5c34, charset=0x80c5f48 "UTF8", args=0x80ea980, type=MAIL_THREAD_REFERENCES) at imap-thread.c:156
        wanted_headers = {0x80b6645 "message-id", 0x80b2947 "in-reply-to", 0x80b2953 "references", 0x80b1978 "subject", 0x0}
        client = (struct client *) 0x80c5bf0
        headers_ctx = (struct mailbox_header_lookup_ctx *) 0x80eb188
        ctx = (struct thread_context *) 0x80c0120
        mail = (struct mail *) 0x80ced28
        ret = 0
#3  0x080598b5 in cmd_thread (cmd=0x80c5c34) at cmd-thread.c:66
        client = (struct client *) 0x80c5bf0
        sargs = <value optimized out>
        args = (struct imap_arg *) 0x80c5ea0
        args_count = <value optimized out>
        pool = 0x80ea930
        error = <value optimized out>
        charset = 0x80c5f48 "UTF8"
        str = 0x80c5f38 "REFERENCES"
#4  0x0805a271 in _client_input (context=0x80c5bf0) at client.c:338
        cmd = (struct client_command_context *) 0x80c5c34
        ret = <value optimized out>
#5  0x080a91c8 in io_loop_handler_run (ioloop=0x80c49b0) at ioloop-epoll.c:250
        ctx = <value optimized out>
        event = (struct epoll_event *) 0x80c4a00
        io = (struct io *) 0x80c5da8
        tv = {tv_sec = 0, tv_usec = 999991}
        t_id = 2
        msecs = <value optimized out>
        ret = 0
        i = 0
        call = <value optimized out>
#6  0x080a881b in io_loop_run (ioloop=0x80c49b0) at ioloop.c:230
No locals.
#7  0x080617e4 in main (argc=3, argv=0xbfa6e7d4, envp=0xbfa6e7e4) at main.c:235
No locals.

Hope this is enough.


Sebastjan