Segmentation fault in imap_bodystructure_is_plain_7bit

mihaiush mihaiush at gmail.com
Thu Jun 8 10:26:53 EEST 2017


Hi,

I have a lot of errors like this in my log:
Fatal: master: service(imap): child 26049 killed with signal 11 (core
dumped)

Dovecot 2.2.18 build from sources ./configure --prefix=/opt/dovecot2
--with-mysql --with-sqlite --with-solr --with-ssl --disable-rpath
--disable-static.
Debian Wheezy 3.2.63-2 x86_64.
Filesystem is ZFS.

All the core files are similar:
$ gdb /opt/dovecot2/libexec/dovecot/imap core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/dovecot2/libexec/dovecot/imap...done.
[New LWP 11635]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/opt/dovecot2/libexec/dovecot/imap imap-postlogin'.
Program terminated with signal 11, Segmentation fault.
#0  imap_bodystructure_is_plain_7bit (part=part at entry=0x234cd50) at
imap-bodystructure.c:458

458        if (data->content_subtype != NULL &&
(gdb) bt
#0  imap_bodystructure_is_plain_7bit (part=part at entry=0x234cd50) at
imap-bodystructure.c:458
#1  0x00007f920a0fbfaf in index_mail_body_parsed_cache_flags
(mail=0x234be60) at index-mail.c:587
#2  index_mail_parse_body_finish (mail=mail at entry=0x234be60,
field=field at entry=MAIL_CACHE_IMAP_BODYSTRUCTURE, success=success at entry=true)
at index-mail.c:1007
#3  0x00007f920a0fc369 in index_mail_parse_body (mail=mail at entry=0x234be60,
field=field at entry=MAIL_CACHE_IMAP_BODYSTRUCTURE) at index-mail.c:1081
#4  0x00007f920a0fc498 in index_mail_parse_bodystructure
(mail=mail at entry=0x234be60,
field=field at entry=MAIL_CACHE_IMAP_BODYSTRUCTURE) at index-mail.c:1222
#5  0x00007f920a0fcf1c in index_mail_get_special (_mail=_mail at entry=0x234be60,
field=field at entry=MAIL_FETCH_IMAP_BODYSTRUCTURE,
value_r=value_r at entry=0x7ffc1518fde8)
at index-mail.c:1379
#6  0x00007f920a0b29cd in dbox_mail_get_special (_mail=_mail at entry=0x234be60,
field=field at entry=MAIL_FETCH_IMAP_BODYSTRUCTURE,
value_r=value_r at entry=0x7ffc1518fde8)
at dbox-mail.c:229
#7  0x00007f920a0a83f0 in mdbox_mail_get_special (_mail=0x234be60,
field=MAIL_FETCH_IMAP_BODYSTRUCTURE, value_r=0x7ffc1518fde8) at
mdbox-mail.c:213
#8  0x00007f920a08f96d in mail_get_special (mail=<optimized out>,
field=field at entry=MAIL_FETCH_IMAP_BODYSTRUCTURE,
value_r=value_r at entry=0x7ffc1518fde8)
at mail.c:317
#9  0x0000000000419a6a in fetch_bodystructure (ctx=0x232bbd8,
mail=<optimized out>, context=<optimized out>) at imap-fetch.c:690
#10 0x0000000000419f9f in imap_fetch_more_int (ctx=ctx at entry=0x232bbd8,
cancel=false) at imap-fetch.c:506
#11 0x000000000041af07 in imap_fetch_more (ctx=0x232bbd8,
cmd=cmd at entry=0x232ba00)
at imap-fetch.c:558
#12 0x000000000040f0c9 in cmd_fetch (cmd=0x232ba00) at cmd-fetch.c:286
#13 0x0000000000418aec in command_exec (cmd=cmd at entry=0x232ba00) at
imap-commands.c:167
#14 0x0000000000417ad0 in client_command_input (cmd=cmd at entry=0x232ba00) at
imap-client.c:814
#15 0x0000000000417b64 in client_command_input (cmd=0x232ba00) at
imap-client.c:874
#16 0x0000000000417e45 in client_handle_next_command
(remove_io_r=<synthetic pointer>, client=0x232ade0) at imap-client.c:912
#17 client_handle_input (client=client at entry=0x232ade0) at imap-client.c:924
#18 0x0000000000418212 in client_input (client=0x232ade0) at
imap-client.c:966
#19 0x00007f9209df134b in io_loop_call_io (io=0x232b8f0) at ioloop.c:501
#20 0x00007f9209df1e5b in io_loop_handler_run_internal
(ioloop=ioloop at entry=0x22ec790)
at ioloop-epoll.c:220
#21 0x00007f9209df13d9 in io_loop_handler_run (ioloop=ioloop at entry=0x22ec790)
at ioloop.c:548
#22 0x00007f9209df1458 in io_loop_run (ioloop=0x22ec790) at ioloop.c:525
#23 0x00007f9209d92993 in master_service_run (service=0x22ec620,
callback=callback at entry=0x421140 <client_connected>) at master-service.c:581
#24 0x000000000040c60b in main (argc=2, argv=0x22ec390) at main.c:431
(gdb) q

I wrote a patch which solved the problem but:
- my C is absolutely basic,
- dovecot is already at version 2.2.30, maybe problem was already fixed.
Anyway I attached my patch, please have a look.

Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: segfault-null-context.patch
Type: text/x-patch
Size: 1144 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20170608/29678821/attachment.bin>


More information about the dovecot mailing list