Cherry-picked upstream commit from five days ago; this lets me read mails again.
OK? Index: Makefile =================================================================== RCS file: /cvs/ports/mail/neomutt/Makefile,v retrieving revision 1.40 diff -u -p -r1.40 Makefile --- Makefile 7 Nov 2019 09:38:55 -0000 1.40 +++ Makefile 9 Nov 2019 11:28:47 -0000 @@ -5,7 +5,7 @@ COMMENT= tty-based e-mail client, Mutt w GH_ACCOUNT= neomutt GH_PROJECT= neomutt GH_TAGNAME= 20191102 -REVISION= 0 +REVISION= 1 DISTNAME= neomutt-${GH_TAGNAME:S/-//g} CATEGORIES= mail Index: patches/patch-init_c =================================================================== RCS file: patches/patch-init_c diff -N patches/patch-init_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-init_c 9 Nov 2019 11:25:27 -0000 @@ -0,0 +1,70 @@ +$OpenBSD$ + +From b486e37c1d5b5ea1b426f844a01c39c2827832dc Mon Sep 17 00:00:00 2001 +From: Richard Russon <r...@flatcap.org> +Date: Mon, 4 Nov 2019 01:09:41 +0000 +Subject: [PATCH] fix crash in mutt_extract_token() + +The first attempt to fix the crash in mutt_extract_token() just moved +the problem. This refactors the code to simplify the shuffling of +strings. + +Index: init.c +--- init.c.orig ++++ init.c +@@ -2735,9 +2735,6 @@ int mutt_extract_token(struct Buffer *dest, struct Buf + { + FILE *fp = NULL; + pid_t pid; +- char *ptr = NULL; +- size_t expnlen; +- struct Buffer expn; + int line = 0; + + pc = tok->dptr; +@@ -2783,7 +2780,7 @@ int mutt_extract_token(struct Buffer *dest, struct Buf + tok->dptr = pc + 1; + + /* read line */ +- mutt_buffer_init(&expn); ++ struct Buffer expn = mutt_buffer_make(0); + expn.data = mutt_file_read_line(NULL, &expn.dsize, fp, &line, 0); + mutt_file_fclose(&fp); + mutt_wait_filter(pid); +@@ -2792,21 +2789,22 @@ int mutt_extract_token(struct Buffer *dest, struct Buf + * plus whatever else was left on the original line */ + /* BUT: If this is inside a quoted string, directly add output to + * the token */ +- if (expn.data && qc) ++ if (expn.data) + { +- mutt_buffer_addstr(dest, expn.data); +- FREE(&expn.data); +- } +- else if (expn.data) +- { +- expnlen = mutt_str_strlen(expn.data); +- tok->dsize = expnlen + mutt_str_strlen(tok->dptr) + 1; +- ptr = mutt_mem_malloc(tok->dsize); +- memcpy(ptr, expn.data, expnlen); +- strcpy(ptr + expnlen, tok->dptr); +- mutt_buffer_strcpy(tok, ptr); +- tok->dptr = tok->data; +- FREE(&ptr); ++ if (qc) ++ { ++ mutt_buffer_addstr(dest, expn.data); ++ } ++ else ++ { ++ struct Buffer *copy = mutt_buffer_pool_get(); ++ mutt_buffer_fix_dptr(&expn); ++ mutt_buffer_copy(copy, &expn); ++ mutt_buffer_addstr(copy, tok->dptr); ++ mutt_buffer_copy(tok, copy); ++ tok->dptr = tok->data; ++ mutt_buffer_pool_release(©); ++ } + FREE(&expn.data); + } + }