ci_send_message: copy the x_original_to address list instead of using it

If an end user cancels the edit_envelope action, then cleanup is called.
When using directly the x_original_to address list directly, this
cleanup stage did actually clean the x_original_to pointer. Should the
user reply again to the same message, then the pointer would point to 0
and then any "unsafe" operation on it would trigger a SIGSEGV. Copying
it solves this issue safely.

diff --git a/send.c b/send.c
index fedd646ba23100cfb09490d12b98145186c99667..ef42edd5410a2d20959c0041b80fc4a0d0a16dac 100644 (file)
--- a/send.c
+++ b/send.c
@@ -1459,7 +1459,7 @@ int ci_send_message(int flags, struct Header *msg, char *tempfile,
      */
     if (cur->env->x_original_to && !msg->env->from)
     {
-      msg->env->from = cur->env->x_original_to;
+      msg->env->from = mutt_addr_copy_list(cur->env->x_original_to, false);
       /* Not more than one from address */
       msg->env->from->next = NULL;
       mutt_debug(5, "msg->env->from extracted from X-Original-To: header: %s\n",