Nasty mulberry crash on undo repeatably kills Mac OS X entirely

[abligh]

(verified by Cyrus Daboo per mulberry-discuss)

I've finally discovered how to repeat the Mulberry bug that's been, ahem, bugging me. It's a nasty bug as it kills the whole Mac, not just Mulberry. This is on an up to date Leopard with 4.0.8.

Reply to a message (the one I'm using is 3 lines with about 20 lines of sig). Select the top of the message (the bit above the quotes), and hit delete, then type in a name (like "Cyrus,") and two returns. Now go under the 3 useful lines of message, select to the end, and press delete. If the bug is going to happen, you see your 3 lines deleted too (even though they weren't selected). Now press CTRL-Z several times. You then see the rotating multicolour hourglass thing, the screen shift to the left (slowly) by one pixel, and the machine hangs. Sometimes you get some other display corruption. The OS-X Gui is dead from that point on. It looks to me like some system call has been passed a bad parameter it didn't catch, and it's moving a block of memory with negative length or something.

Cyrus Daboo wrote on mulberry-discuss

I was able to reproduce this.

ssh'ing in showed that Mulberry itself had died. There is a crash log recorded for that and it appears to show a memory corruption issue - I suspect its doing a memcpy with a negative int that is being treated as a very large signed int. However, that really should not affect the system in this manner. I will have to investigate this in more detail to see exactly what is up and try and get a reproducible test app to send to Apple.