use of ftruncate without checking the return value

[Vincent Lefevre]

I can see in mbox.c:

    if (i == 0)
    {
      ctx->size = ftello (ctx->fp); /* update the size of the mailbox */
      ftruncate (fileno (ctx->fp), ctx->size);
    }

It is not checked whether ftruncate has failed. I suppose that
this could cause data loss or data corruption.

The attached patch, based on what is done for fseeko, should fix this.

However, with this patch, if ftruncate fails, Mutt crashes.
Actually, it seems that the error case i == -1 isn't handled
correctly (same problem if fseeko fails).

(gdb) bt
#0  0x00007fdbdaf7a478 in __GI_raise (sig=sig@entry=6)
    at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007fdbdaf7b8fa in __GI_abort () at abort.c:89
#2  0x00007fdbdafb8ffa in __libc_message (do_abort=do_abort@entry=2, 
    fmt=fmt@entry=0x7fdbdb0b0cd8 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007fdbdafbe946 in malloc_printerr (action=3, 
    str=0x7fdbdb0b0d50 "double free or corruption (!prev)", 
    ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5000
#4  0x00007fdbdafbf12e in _int_free (av=0x7fdbdb2e5b20 <main_arena>, 
    p=<optimized out>, have_lock=0) at malloc.c:3861
#5  0x00007fdbdafaf663 in _IO_new_fclose (fp=0x1227340) at iofclose.c:85
#6  0x0000000000468153 in safe_fclose (f=f@entry=0x1022888) at lib.c:208
#7  0x000000000043e5df in mx_fastclose_mailbox (ctx=ctx@entry=0x1022880)
    at mx.c:728
#8  0x0000000000437f2d in mbox_sync_mailbox (ctx=ctx@entry=0x1022880, 
    index_hint=index_hint@entry=0x7ffe3654a2b4) at mbox.c:995
#9  0x000000000043db83 in sync_mailbox (ctx=ctx@entry=0x1022880, 
    index_hint=index_hint@entry=0x7ffe3654a2b4) at mx.c:745
#10 0x000000000043f36d in mx_sync_mailbox (ctx=ctx@entry=0x1022880, 
    index_hint=index_hint@entry=0x7ffe3654a2b4) at mx.c:1148
#11 0x000000000041db3e in mutt_index_menu () at curs_main.c:1115
#12 0x0000000000405c9f in main (argc=1, argv=<optimized out>) at main.c:1209

-- 
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

diff -r bd0e695f627e mbox.c
--- a/mbox.c    Fri Mar 11 13:47:29 2016 +0100
+++ b/mbox.c    Fri Mar 11 14:56:31 2016 +0100
@@ -968,7 +968,11 @@
     if (i == 0)
     {
       ctx->size = ftello (ctx->fp); /* update the size of the mailbox */
-      ftruncate (fileno (ctx->fp), ctx->size);
+      if (ftruncate (fileno (ctx->fp), ctx->size) != 0)
+      {
+        i = -1;
+        dprint (1, (debugfile, "mbox_sync_mailbox: ftruncate() failed\n"));
+      }
     }
   }