Re: [Dovecot] Dovecot 2.0beta3: Latest HG crashed upon LMTP Delivery

8 Mar 2010


      Bernhard Schmidt <berni@birkenwald.de> wrote:
...
...
Simple LMTP handshake crashes it:
Same here. I'm pretty sure it has been introduced with one of these two
changes:
Affects dovecot-lda as well:
mail.svr02.mucip.net:/var/run/dovecot# sudo -u vmail gdb
/usr/lib/dovecot/dovecot-lda
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/dovecot/dovecot-lda...Reading symbols from
/usr/lib/debug/usr/lib/dovecot/dovecot-lda...done.
(no debugging symbols found)...done.
(gdb) set args -d berni
(gdb) run
Starting program: /usr/lib/dovecot/dovecot-lda -d berni
[Thread debugging using libthread_db enabled]
Executing new program: /usr/bin/doveconf
[Thread debugging using libthread_db enabled]
Executing new program: /usr/lib/dovecot/dovecot-lda
[Thread debugging using libthread_db enabled]
asjk
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff78d21c0 in message_parse_header_next (ctx=0x6427b0,
hdr_r=<value optimized out>)
at message-header-parser.c:196
196	message-header-parser.c: Datei oder Verzeichnis nicht gefunden.
in message-header-parser.c
(gdb) bt full
#0  0x00007ffff78d21c0 in message_parse_header_next (ctx=0x6427b0,
hdr_r=<value optimized out>)
at message-header-parser.c:196
msg = 0x64c3d9 ""
i = 23591
size = 18446744073709464054
startpos = 0
colon_pos = 520
parse_size = 18446744073709464053
ret = <value optimized out>
continues = <value optimized out>
no_newline = <value optimized out>
crlf_newline = <value optimized out>
__PRETTY_FUNCTION__ = "message_parse_header_next"
#1  0x00007ffff78d3a97 in parse_next_header (ctx=0x64c588,
block_r=0x7fffffffcca0) at message-parser.c:480
part = 0x646f10
hdr = <value optimized out>
size = <value optimized out>
ret = <value optimized out>
__PRETTY_FUNCTION__ = "parse_next_header"
#2  0x00007ffff78d3149 in message_parser_parse_next_block (ctx=0x64c588,
block_r=0x7fffffffcca0)
at message-parser.c:768
ret = 23591
eof = false
full = false
__PRETTY_FUNCTION__ = "message_parser_parse_next_block"
#3  0x00007ffff78d334b in message_parser_parse_header (ctx=0x64c588,
hdr_size=0x646860,
callback=0x7ffff7b83a90 <index_mail_parse_part_header_cb>,
context=0x646648) at message-parser.c:807
block = {part = 0x646f10, hdr = 0x6427b0, data = 0x7ffff7b83a90
"\351\063\341\373\377ff.\017\037\204",
size = 0}
ret = <value optimized out>
__PRETTY_FUNCTION__ = "message_parser_parse_header"
I'm now on +27 (10867:c56358283605), still crashing.
Bernhard