From d94b68aa6932bf79f8b1a2ad4eff018ba002b69f Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Mon, 17 Oct 2016 11:22:13 -0700
Subject: [PATCH] Actually fix gpgme segfault in create_recipient_set().

Changeset 6e44bfa16096 did not fix the segv.  (Sorry, I made the fix
based off a report on IRC but didn't trigger the segv myself: it was
caused by an out-of-tree patch).

The actual problem was that the rset was only resized on a successful
gpgme_get_key().  However, on error, the array still needs to be
NULL-terminated before calling free_recipient_set().

Move the resize so it always takes place.  This obviates the need for
the NULL check added in 6e44bfa16096.
---
 crypt-gpgme.c | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/crypt-gpgme.c b/crypt-gpgme.c
index 3dcce46ca..51d5569b9 100644
--- a/crypt-gpgme.c
+++ b/crypt-gpgme.c
@@ -673,20 +673,15 @@ static gpgme_key_t *create_recipient_set (const char *keylist,
 	    else
 	      err = gpgme_get_key (context, buf, &key, 0);
 
+            safe_realloc (&rset, sizeof (*rset) * (rset_n + 1));
 	    if (! err)
-	      {
-		safe_realloc (&rset, sizeof (*rset) * (rset_n + 1));
-		rset[rset_n++] = key;
-	      }
+              rset[rset_n++] = key;
 	    else
 	      {
 		mutt_error (_("error adding recipient `%s': %s\n"),
 			    buf, gpgme_strerror (err));
-                if (rset)
-                  {
-                    rset[rset_n] = NULL;
-                    free_recipient_set (&rset);
-                  }
+                rset[rset_n] = NULL;
+                free_recipient_set (&rset);
 		gpgme_release (context);
 		return NULL;
 	      }
-- 
2.40.0