core-dump in imap (Dovecot 2.2.19)
Timo Sirainen
tss at iki.fi
Wed Dec 9 10:43:59 UTC 2015
> On 09 Dec 2015, at 10:55, Peter Eriksson <peter at ifm.liu.se> wrote:
>
> Just found a coredump from the imap process for one of our users on dovecot 2.2.19 on a Solaris 10/x86 system:
>
>> Dec 8 14:33:17 mail dovecot: [ID 583609 mail.crit] imap(leijo): Fatal:
> master: service(imap): child 14465 killed with signal 11 (core dumped)
>
> Please find attached dovecot -n output and some gdb backtrace. It seems that cmd->client was NULL when dereferencing it at line 178 in imap-commands.c (in the function command_exec):
>
>> 178 cmd->bytes_in += i_stream_get_absolute_offset(cmd->client->input) -
>> 179 cmd_start_bytes_in;
>
> Please let me know if you need more information. I don't know what the users was doing at that specific time.
That's pretty strange. The command seems to have been freed to early. v2.2.20 has some changes related to this, but I don't think it fixed a bug exactly like this. I added some new asserts to try to catch this earlier: http://hg.dovecot.org/dovecot-2.2/rev/4535ac0b8ab1
More information about the dovecot
mailing list