[Dovecot] Segfault in imap_bodystructure_write when searching

Timo Sirainen tss at iki.fi
Sun Jun 1 18:56:39 EEST 2008 

On Sun, 2008-06-01 at 16:47 +0200, Christer Mjellem Strand wrote:
> >> Whenever I try to search on my dovecot test install, dovecot dies. It
> >> immediately spawns a new process, which the client tries to connect to,
> >> and send search commands to, causing that to die, and so forth. This loop
> >> means I have to kill either the server or the client.
> >
> > Your dovecot.index.cache file is probably broken somehow. Try moving
> > dovecot.index* files elsewhere and see if it works then? If it does and
> > dovecot.index.cache doesn't contain anything too sensitive
> > (subjects/from/to addresses), could you send me the dovecot.index*
> > files?
> >
> > If it crashes even without dovecot.index* files then the mails
> > themselves contain a broken message. It would help if I could get that
> > message.
> 
> Bullseye. Why did I fail to mention that I was trying to use uiddb from 
> Courier? :P
> Using your conversion script fixed it, but simply copying the Courier file 
> crashed Dovecot. According to http://wiki.dovecot.org/Migration/Courier this 
> is supposed to work though, so either that page is wrong, or Dovecot has a 
> bug.

The Courier and Dovecot v1.0 uidlist files are nearly identical. The
only difference is that Dovecot adds the ":2,flags" to filenames which
is kind of an optimistic optimization that it's able to find filenames
without scanning maildir to find the exact filename. But this isn't
relied on in any way. So the problem most likely was caused/fixed by
something else.

> >> betty - ~vpopmail/domains/bar.com/foo # gdb /usr/lib/dovecot/imap core
> > ..
> >> (no debugging symbols found)
> >> Core was generated by `imap'.
> >> Program terminated with signal 11, Segmentation fault.
> >> #0  0x080a539d in imap_bodystructure_write ()

You said this happens when searching? imap_bodystructure_write() is
never called on SEARCH, so this is probably also because the backtrace
was corrupted.

Do you know what exactly was the SEARCH command that caused the crash?
(rawlog could help: http://wiki.dovecot.org/Debugging/Rawlog) I tried
reproducing the crash with the files you sent privately, but I can't
seem to cause it to crash.

One way to maybe avoid gdb backtrace corruption is to attach gdb while
the process is still running. Like:

1. Log in so imap process exists
2. gdb /usr/lib/dovecot/imap `pidof imap`
3. cont
4. make it crash
5. bt full

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080601/2f73cc46/attachment.bin

More information about the dovecot mailing list