--- /dev/null
+Return-Path: <m.walters@qmul.ac.uk>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 28AB2431FC0\r
+ for <notmuch@notmuchmail.org>; Tue, 7 Aug 2012 00:07:28 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -1.098\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-1.098 tagged_above=-999 required=5\r
+ tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001,\r
+ NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id IxGIHB1npRPQ for <notmuch@notmuchmail.org>;\r
+ Tue, 7 Aug 2012 00:07:27 -0700 (PDT)\r
+Received: from mail2.qmul.ac.uk (mail2.qmul.ac.uk [138.37.6.6])\r
+ (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))\r
+ (No client certificate requested)\r
+ by olra.theworths.org (Postfix) with ESMTPS id 4B077431FAF\r
+ for <notmuch@notmuchmail.org>; Tue, 7 Aug 2012 00:07:27 -0700 (PDT)\r
+Received: from smtp.qmul.ac.uk ([138.37.6.40])\r
+ by mail2.qmul.ac.uk with esmtp (Exim 4.71)\r
+ (envelope-from <m.walters@qmul.ac.uk>)\r
+ id 1Sydsv-0004Wx-5r; Tue, 07 Aug 2012 08:07:23 +0100\r
+Received: from 94-192-233-223.zone6.bethere.co.uk ([94.192.233.223]\r
+ helo=localhost)\r
+ by smtp.qmul.ac.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69)\r
+ (envelope-from <m.walters@qmul.ac.uk>)\r
+ id 1Sydsu-0004hu-QX; Tue, 07 Aug 2012 08:07:21 +0100\r
+From: Mark Walters <markwalters1009@gmail.com>\r
+To: Ben Gamari <bgamari.foss@gmail.com>, notmuch@notmuchmail.org\r
+Subject: Re: Segmentation fault in notmuch search --format=json\r
+In-Reply-To: <871ujjuu2z.fsf@gmail.com>\r
+References: <871ujjuu2z.fsf@gmail.com>\r
+User-Agent: Notmuch/0.13.2+96~g634443c (http://notmuchmail.org) Emacs/23.4.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Tue, 07 Aug 2012 08:07:14 +0100\r
+Message-ID: <878vdrp4d9.fsf@qmul.ac.uk>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=us-ascii\r
+X-Sender-Host-Address: 94.192.233.223\r
+X-QM-SPAM-Info: Sender has good ham record. :)\r
+X-QM-Body-MD5: cb4bcd839c256c4625019fd72fc50e77 (of first 20000 bytes)\r
+X-SpamAssassin-Score: -1.8\r
+X-SpamAssassin-SpamBar: -\r
+X-SpamAssassin-Report: The QM spam filters have analysed this message to\r
+ determine if it is\r
+ spam. We require at least 5.0 points to mark a message as spam.\r
+ This message scored -1.8 points.\r
+ Summary of the scoring: \r
+ * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,\r
+ * medium trust\r
+ * [138.37.6.40 listed in list.dnswl.org]\r
+ * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\r
+ provider * (markwalters1009[at]gmail.com)\r
+ * -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay\r
+ * domain\r
+ * 0.5 AWL AWL: From: address is in the auto white-list\r
+X-QM-Scan-Virus: ClamAV says the message is clean\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 07 Aug 2012 07:07:28 -0000\r
+\r
+On Tue, 07 Aug 2012, Ben Gamari <bgamari.foss@gmail.com> wrote:\r
+> It seems some messages trigger a segmentation fault in\r
+> `do_search_threads()`. It appears the problem occurs (at least) when\r
+> `authors` is NULL.\r
+\r
+Hi thanks for the bug report and detailed debugging. I think I can see\r
+the problem and there is a test patch to fix it below, and this does\r
+appear to be a regression.\r
+\r
+In json.c the function json_quote_str explicitly checks/allows for a\r
+NULL pointer passed as a string and pretends it is just an empty\r
+string. That behaviour was lost in the move to structured formatters.\r
+\r
+A simple fix is to put this check for a null pointer in json_string in\r
+sprinter-json.c which is what this patch does.\r
+\r
+Incidentally this is the second time this bug has appeared: \r
+\r
+ commit cacefbf3d6dd5bce0b60b3cdfce29bfa371dfaea\r
+ Author: David Edmondson <dme@dme.org>\r
+ Date: Tue Apr 6 08:24:00 2010 +0100\r
+\r
+ json: Avoid calling strlen(NULL)\r
+ \r
+ MIME parts may have no filename, which previously resulted in calling\r
+ strlen(NULL).\r
+\r
+so it really might be worth having a test for it!\r
+\r
+Finally, I think nothing in json.c is used anymore so perhaps it\r
+ could be removed.\r
+\r
+\r
+diff --git a/sprinter-json.c b/sprinter-json.c\r
+index c9b6835..0a07790 100644\r
+--- a/sprinter-json.c\r
++++ b/sprinter-json.c\r
+@@ -118,6 +118,8 @@ json_string_len (struct sprinter *sp, const char *val, size_t len)\r
+ static void\r
+ json_string (struct sprinter *sp, const char *val)\r
+ {\r
++ if (val == NULL)\r
++ val = "";\r
+ json_string_len (sp, val, strlen (val));\r
+ }\r
+ \r
+\r