[Dovecot] Patch to fix leak in imap_refresh_proctitle in beta[5, 6]
Timo Sirainen
tss at iki.fi
Wed Jun 16 17:52:43 EEST 2010
On Tue, 2010-06-15 at 21:04 -0500, Mike Abbott wrote:
> >> 6 imap 0x0000000105867333 imap_refresh_proctitle + 218 ->
> >> 7 imap 0x00000001058666ce cmd_sync_continue + 199 ->
> >
> > But how does this happen? Did it optimize away some functions
>
> Yeah optimized out tail-calls, e.g. client_destroy ->
> imap_refresh_proctitle and client_command_free ->
> imap_refresh_proctitle. I have been digging deeper and found that
> sometimes imap_clients->command_queue->name points to garbage, so
> imap_refresh_proctitle is appending 500MB strings of garbage.
Is it complete garbage or 0xde character? (Or if you don't use
--with-devel-checks then 0xde shouldn't be appearing.)
> Combined with a little command pipelining this leads to 4+GB data
> stack pools. I'll resume digging tomorrow. Let me know if you need
> any info; I can reproduce this in seconds.
I couldn't find anything obviously wrong in the code.
More information about the dovecot
mailing list