Re: [Dovecot] dovecot 1.1.4 maildir imap segfault in message_parse_header_next

16 Oct 2008


      On Thu, Oct 16, 2008 at 11:39 AM, Timo Sirainen tss@iki.fi wrote:
...
On Oct 16, 2008, at 11:33 AM, Diego Liziero wrote:
...
Today a user got this imap segfault with vanilla 1.1.4 (I don't know
Hmm. And Maildir as topic says?
No, sorry, wrong subject, mbox
...
...
#0  0x080c8d41 in message_parse_header_next (ctx=0x8774fa0,
hdr_r=0xbfa438e0) at message-header-parser.c:114
p *ctx.input
p *ctx.input.real_stream
(gdb)  p *ctx.input
$1 = {v_offset = 0, stream_errno = 0, mmaped = 0, blocking = 1, closed
= 0, seekable = 1, eof = 0, real_stream = 0x8771538}
(gdb) p *ctx.input.real_stream
$2 = {iostream = {refcount = 3, close = 0x80e3f10
,
destroy = 0x80c6d50 ,
set_max_buffer_size = 0x80c6d20
,
destroy_callback = 0x8094630 ,
destroy_context = 0x8776138},
read = 0x80c6940 , seek = 0x80c6be0
,
sync = 0x80c5fa0 , stat = 0x80c6b40
, istream = {v_offset = 0,
stream_errno = 0, mmaped = 0, blocking = 1, closed = 0, seekable =
1, eof = 0, real_stream = 0x8771538}, fd = -1,
abs_start_offset = 374333755, statbuf = {st_dev = 0, __pad1 = 0,
__st_ino = 0, st_mode = 0, st_nlink = 0, st_uid = 0, st_gid = 0,
st_rdev = 0, __pad2 = 0, st_size = -1, st_blksize = 0, st_blocks =
0, st_atim = {tv_sec = 1224104682, tv_nsec = 0}, st_mtim = {
tv_sec = 1224104682, tv_nsec = 0}, st_ctim = {tv_sec =
1224104682, tv_nsec = 0}, st_ino = 0}, buffer = 0x0, w_buffer = 0x0,
buffer_size = 0, max_buffer_size = 8192, skip = 0, pos = 0, parent =
0x8770fe0, parent_start_offset = 0, line_str = 0x0}
...
...
  size = 0
i_stream_read_data() returned 0 bytes, but
...
  ret = -2
it also returned that the input buffer is full. That shouldn't be happening.
http://hg.dovecot.org/dovecot-1.1/rev/82d4756f43cc should catch it earlier.
Ok thanks.