SEGV when replying to mail.

[Brian Stafford <brian stafford uklinux net>]

Hi folks,

when I reply to mail with Content-Type: header's charset parameter set to
"us-ascii" I get a SEGV when I postpone or queue the reply.  This does not
happen when the charset parameter is set to "iso-8859-1".  I cannot say for
certain that it cannot reply to us-ascii messages or that replying to iso-8859-1
messages is reliable.

The core dump happens in send.c and seems to be in consequence of a NULL
pointer being dereferenced.

The sequence is as follows: in libbalsa/send.c near line 1335

                newbdy = add_mutt_body_plain(body->charset, encoding);

because body->charset == NULL, add_mutt_body_plain fails returning NULL.
Then near line 1352 the code SEGVs when newbdy is dereferenced.

                tempfp = safe_fopen(newbdy->filename, "w+");

I don't really know balsa well enough to trace this one.  Stack trace follows
Cheers,
Brian Stafford

(gdb) where
#0  0x80a811b in libbalsa_create_msg (message=0x829ac20, msg=0x829ecf0, 
    tmpfile=0x829fcd4 "", encoding=2, queu=0) at send.c:1352
#1  0x80a6bb8 in libbalsa_message_queue (message=0x829ac20, outbox=0x8150698, 
    fccbox=0x8150390, encoding=2) at send.c:293
#2  0x808dbd6 in send_message_handler (bsmsg=0x81a8388, queue_only=1)
    at sendmsg-window.c:2038
#3  0x808dd09 in queue_message_cb (widget=0x8164ff8, bsmsg=0x81a8388)
    at sendmsg-window.c:2100
#4  0x408ac91f in gtk_marshal_NONE__NONE (object=0x8164ff8, 
    func=0x808dcfc <queue_message_cb>, func_data=0x81a8388, args=0xbffff354)
    at gtkmarshal.c:312
#5  0x408d9157 in gtk_handlers_run (handlers=0x81b16c8, signal=0xbffff310, 
    object=0x8164ff8, params=0xbffff354, after=0) at gtksignal.c:1917
#6  0x408d862f in gtk_signal_real_emit (object=0x8164ff8, signal_id=111, 
    params=0xbffff354) at gtksignal.c:1477
#7  0x408d68c0 in gtk_signal_emit (object=0x8164ff8, signal_id=111)
    at gtksignal.c:552
#8  0x4090a18b in gtk_widget_activate (widget=0x8164ff8) at gtkwidget.c:2890
#9  0x408b42cb in gtk_menu_shell_activate_item (menu_shell=0x819af68, 
    menu_item=0x8164ff8, force_deactivate=1) at gtkmenushell.c:856
#10 0x408b36ab in gtk_menu_shell_button_release (widget=0x819af68, 
    event=0x8198058) at gtkmenushell.c:486
#11 0x408ac601 in gtk_marshal_BOOL__POINTER (object=0x819af68, 
    func=0x408b3528 <gtk_menu_shell_button_release>, func_data=0x0, 
    args=0xbffff6c4) at gtkmarshal.c:28
#12 0x408d8668 in gtk_signal_real_emit (object=0x819af68, signal_id=27, 
    params=0xbffff6c4) at gtksignal.c:1492
#13 0x408d68c0 in gtk_signal_emit (object=0x819af68, signal_id=27)
    at gtksignal.c:552
#14 0x4090a05b in gtk_widget_event (widget=0x819af68, event=0x8198058)
    at gtkwidget.c:2864
#15 0x408ac569 in gtk_propagate_event (widget=0x8164ff8, event=0x8198058)
    at gtkmain.c:1378
#16 0x408ab7fa in gtk_main_do_event (event=0x8198058) at gtkmain.c:818
#17 0x40952e02 in gdk_event_dispatch (source_data=0x0, 
    current_time=0xbffffa48, user_data=0x0) at gdkevents.c:2139
#18 0x409817c6 in g_main_dispatch (dispatch_time=0xbffffa48) at gmain.c:656
#19 0x40981d81 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#20 0x40981ef9 in g_main_run (loop=0x8150990) at gmain.c:935
#21 0x408ab16a in gtk_main () at gtkmain.c:524
#22 0x807dddf in main (argc=1, argv=0xbffffaf4) at main.c:371