[Dovecot] lda crash?
Timo Sirainen
tss at iki.fi
Fri Jan 4 03:56:10 EET 2013
On Sat, 2012-12-29 at 16:30 +0100, Kamil Jońca wrote:
> Dec 29 16:28:15 LDA(kjonca): Panic: pool_data_stack_realloc(): stack frame changed
> Dec 29 16:28:15 LDA(kjonca): Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x47f1a) [0x7fcf2ccc9f1a] -> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fcf2ccc9fda] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fcf2cc9e1b3] -> /usr/lib/dovecot/libdovecot.so.0(+0x58cae) [0x7fcf2ccdacae] -> /usr/lib/dovecot/libdovecot.so.0(+0x44435) [0x7fcf2ccc6435] -> /usr/lib/dovecot/libdovecot.so.0(buffer_write+0x7f) [0x7fcf2ccc679f] -> /usr/lib/dovecot/libdovecot.so.0(+0x63504) [0x7fcf2cce5504] -> /usr/lib/dovecot/libdovecot.so.0(str_c+0x9) [0x7fcf2cce5569] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x4a6af) [0x7fcf2adf36af] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_match_value+0x86) [0x7fcf2ade5c86] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_match+0xb2) [0x7fcf2ade5f52] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x43057) [0x7fcf2adec057] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_continue+0xc5) [0x7fcf2addda35] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b) [0x7fcf2adddbbb] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x46642) [0x7fcf2adef642] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_execute+0x31) [0x7fcf2adeff91] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3112) [0x7fcf2b031112] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x45) [0x7fcf2d2278d5] -> /usr/lib/dovecot//dovecot-lda(main+0x38a) [0x40295a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fcf2c8ffead] -> /usr/lib/dovecot//dovecot-lda() [0x4031e1]
I think the attached patch fixes this. Stephan can figure out a
non-kludgy fix. :)
Stephan: I think there are other similar bugs in Sieve. str_c() is
called in quite a lot of places a long way from where the string was
created. str_data() would be safe to call anywhere. Compile latest
dovecot-2.1 hg with --enable-devel-checks and Pigeonhole's make test
crashes. (I guess the str_add_nul() check could be moved inside the if()
block if that would make this (much) easier to fix.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-patch
Size: 446 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130104/8d8f6a3f/attachment-0002.bin>
More information about the dovecot
mailing list