[Dovecot] dovecot 1.1.4 maildir imap segfault in message_parse_header_next

Diego Liziero diegoliz at gmail.com
Thu Oct 16 13:07:24 EEST 2008 

On Thu, Oct 16, 2008 at 11:39 AM, Timo Sirainen <tss at iki.fi> wrote:
> On Oct 16, 2008, at 11:33 AM, Diego Liziero wrote:
>
>> Today a user got this imap segfault with vanilla 1.1.4 (I don't know
>
> Hmm. And Maildir as topic says?

No, sorry, wrong subject, mbox

>> #0  0x080c8d41 in message_parse_header_next (ctx=0x8774fa0,
>> hdr_r=0xbfa438e0) at message-header-parser.c:114
>
> p *ctx.input
> p *ctx.input.real_stream

(gdb)  p *ctx.input
$1 = {v_offset = 0, stream_errno = 0, mmaped = 0, blocking = 1, closed
= 0, seekable = 1, eof = 0, real_stream = 0x8771538}
(gdb) p *ctx.input.real_stream
$2 = {iostream = {refcount = 3, close = 0x80e3f10
<io_stream_default_close_destroy>,
    destroy = 0x80c6d50 <i_stream_header_filter_destroy>,
set_max_buffer_size = 0x80c6d20
<i_stream_header_filter_set_max_buffer_size>,
    destroy_callback = 0x8094630 <index_mail_stream_destroy_callback>,
destroy_context = 0x8776138},
  read = 0x80c6940 <i_stream_header_filter_read>, seek = 0x80c6be0
<i_stream_header_filter_seek>,
  sync = 0x80c5fa0 <i_stream_header_filter_sync>, stat = 0x80c6b40
<i_stream_header_filter_stat>, istream = {v_offset = 0,
    stream_errno = 0, mmaped = 0, blocking = 1, closed = 0, seekable =
1, eof = 0, real_stream = 0x8771538}, fd = -1,
  abs_start_offset = 374333755, statbuf = {st_dev = 0, __pad1 = 0,
__st_ino = 0, st_mode = 0, st_nlink = 0, st_uid = 0, st_gid = 0,
    st_rdev = 0, __pad2 = 0, st_size = -1, st_blksize = 0, st_blocks =
0, st_atim = {tv_sec = 1224104682, tv_nsec = 0}, st_mtim = {
      tv_sec = 1224104682, tv_nsec = 0}, st_ctim = {tv_sec =
1224104682, tv_nsec = 0}, st_ino = 0}, buffer = 0x0, w_buffer = 0x0,
  buffer_size = 0, max_buffer_size = 8192, skip = 0, pos = 0, parent =
0x8770fe0, parent_start_offset = 0, line_str = 0x0}

>>       size = 0
>
> i_stream_read_data() returned 0 bytes, but
>
>>       ret = -2
>
> it also returned that the input buffer is full. That shouldn't be happening.
> http://hg.dovecot.org/dovecot-1.1/rev/82d4756f43cc should catch it earlier.

Ok thanks.

More information about the dovecot mailing list