[Dovecot] patch for crash while FTS-searching through virtual mailbox

Thu Feb 28 22:48:46 EET 2013

FTS-searching through a virtual mailbox crashes dovecot-2.1.15 when the FTS backend does not support lookup_multi.

src/plugins/fts/fts-api.h says for fts_backend_lookup() that "The arrays in result must be initialized by caller."  FTS backends can therefore assume that the arrays are initialized by their caller.  However, fts_backend_lookup_multi() does not initialize the per-box arrays before calling the FTS backend’s lookup function.  This patch fixes the resulting crash.

--- dovecot-2.1.15/src/plugins/fts/fts-api.c	2012-08-03 09:09:28.000000000 -0500
+++ dovecot/src/plugins/fts/fts-api.c	2013-02-28 14:35:43.000000000 -0600
@@ -337,8 +337,12 @@
 	result->box_results = p_new(result->pool, struct fts_result, i+1);
 
 	for (i = 0; boxes[i] != NULL; i++) {
+		struct fts_result *box_result = &result->box_results[i];
+		p_array_init(&box_result->definite_uids, result->pool, 32);
+		p_array_init(&box_result->maybe_uids, result->pool, 32);
+		p_array_init(&box_result->scores, result->pool, 32);
 		if (backend->v.lookup(backend, boxes[i], args,
-				      and_args, &result->box_results[i]) < 0)
+				      and_args, box_result) < 0)
 			return -1;
 	}
 	return 0;

