I've tried to stress test dovecot 1.1.4 with imaptest for days without any assertion failure or crash. Just some "got too little data" messages.

So far it's the most stable 1.1.x version.

Today a user got this imap segfault with vanilla 1.1.4 (I don't know if it's something you have already fixed in current tree). The user didn't complain of anything, I've just found the error in the logs and the core file.

Regards, Diego.

Core was generated by `/usr/libexec/dovecot/imap'. Program terminated with signal 11, Segmentation fault. #0 0x080c8d41 in message_parse_header_next (ctx=0x8774fa0, hdr_r=0xbfa438e0) at message-header-parser.c:114 114 if (msg[0] == '\n' || (gdb) bt full #0 0x080c8d41 in message_parse_header_next (ctx=0x8774fa0, hdr_r=0xbfa438e0) at message-header-parser.c:114 msg = (const unsigned char *) 0x0 i = <value optimized out> size = 0 startpos = <value optimized out> colon_pos = 4294967295 parse_size = 0 value_pos = <value optimized out> ret = -2 continued = false continues = <value optimized out> crlf_newline = false #1 0x080c62f5 in read_header (mstream=0x877d6d0) at istream-header-filter.c:163 hdr = (struct message_header_line *) 0x0 highwater_offset = <value optimized out> pos = <value optimized out> ret = <value optimized out> matched = false hdr_ret = <value optimized out> __PRETTY_FUNCTION__ = '\0' #2 0x080c6a17 in i_stream_header_filter_read (stream=0x877d6d0) at istream-header-filter.c:293 mstream = (struct header_filter_istream *) 0xfffffffe ret = <value optimized out> pos = <value optimized out> #3 0x080d4fa8 in i_stream_read (stream=0x877d6f8) at istream.c:73 _stream = (struct istream_private *) 0xfffffffe ret = <value optimized out> __PRETTY_FUNCTION__ = '\0' #4 0x080d505d in i_stream_read_data (stream=0x877d6f8, data_r=0xbfa439a8, size_r=0xbfa439a4, threshold=0) at istream.c:299 ret = 0 read_more = false __PRETTY_FUNCTION__ = '\0' #5 0x080cb8ec in message_get_body_size (input=0x877d6f8, body=0xbfa439d8, has_nuls=0x0) at message-size.c:76 msg = <value optimized out> i = <value optimized out> size = <value optimized out> missing_cr_count = <value optimized out> __PRETTY_FUNCTION__ = '\0' #6 0x08064178 in fetch_body_header_fields (ctx=0x875e668, mail=0x8776138, body=0x875e958) at imap-fetch-body.c:458 size = {physical_size = 0, virtual_size = 0, lines = 0} old_offset = 0 #7 0x08062218 in imap_fetch (ctx=0x875e668) at imap-fetch.c:309 _data_stack_cur_id = 4 ret = <value optimized out> __PRETTY_FUNCTION__ = "\000\000\000\000\000\000\000\000\000\000" #8 0x0805bd9e in cmd_fetch (cmd=0x875e5c0) at cmd-fetch.c:152 ctx = (struct imap_fetch_context *) 0x875e668 args = (const struct imap_arg *) 0x8762638 search_arg = (struct mail_search_arg *) 0x875e610 messageset = <value optimized out> ret = <value optimized out> #9 0x0805fe8c in client_command_input (cmd=0x875e5c0) at client.c:580 client = (struct client *) 0x875e368 command = <value optimized out> __PRETTY_FUNCTION__ = '\0' #10 0x0805ff35 in client_command_input (cmd=0x875e5c0) at client.c:629 client = (struct client *) 0x875e368 command = (struct command *) 0x0 __PRETTY_FUNCTION__ = '\0' #11 0x080606f5 in client_handle_input (client=0x875e368) at client.c:670 _data_stack_cur_id = 3 ret = <value optimized out> remove_io = <value optimized out> handled_commands = false #12 0x0806090e in client_input (client=0x875e368) at client.c:725 cmd = <value optimized out> output = (struct ostream *) 0x875e4ec bytes = 197 __PRETTY_FUNCTION__ = '\0' #13 0x080d8710 in io_loop_handler_run (ioloop=0x875c9b0) at ioloop-epoll.c:203 ctx = <value optimized out> event = (const struct epoll_event *) 0x875cae8 list = (struct io_list *) 0x875e568 io = (struct io_file *) 0x875e548 tv = {tv_sec = 4, tv_usec = 926334} t_id = 2 msecs = <value optimized out> ret = 1 i = 0 j = 0 call = <value optimized out> #14 0x080d77f8 in io_loop_run (ioloop=0x875c9b0) at ioloop.c:320 No locals. #15 0x0806848c in main (argc=Cannot access memory at address 0x0 ) at main.c:293 No locals.