here is my concern situation:
You have a bitcoin-qt wallet with 3BTC
you send 1BTC to somebody, and the wallet also sends some BTC to a change address within itself
a malled txid repeats this exact same transaction, and is seen by the bitcoin-qt wallet
what happens:
a) your wallet shows a balance of 2BTC and an unconfirmed txid that will never complete
b) your wallet shows a balance of 1BTC because it thinks that there is 1BTC that you sent away waiting on confirmation
c) your wallet shows something else entirely because the change addresses get FUBAR'd
My biggest concern is that while these malled transactions wont cause clients/wallets to report the wrong balance for received transactions (because it never confirms the second deposit), what if it is incorrectly displaying balances after a SENT transaction is malled with a copied txid that the wallet sees in the blockchain and beleives you have asked toi send funds
None of the a), b) or c) you've suggested is correct, although a) is close. Your wallet will show 2 BTC, and one of the two transactions, original or mutated one, will be confirmed and included in the blockchain permanently. Only thing that is let to be uncertain is the TxID of the confirmed transaction, it can be either one of these, depending on the miner who finds the block which includes the transaction, that miner decides which one will be in the blockchain forever.
Bitcoin-qt wallet is completely unaffected by this problem, so there's zero chance you can lose funds. Unfortunately, exchanges can't use that wallet in a way single persons use it because they serve multiple accounts, so they make their own wallet software implementation. MtGox software is sub-par, and depends on the TxID to account for the payment, which is unacceptable, only inputs and outputs inside the transaction should define if the funds are moved or not.
