Hi
here is the problem which our developer discovered in imapd in last
version of courier (courier-0.45.2 on FreeBSD 4.9-RELEASE-p4)
but sent it in wrong list ;-)
This is a forwarded message
From: Ondrej Jombik <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, March 24, 2004, 4:11:42 PM
Subject: fetchitem() patch
===8<==============Original message text===============
[ Please CC me in the answer as I'm not in the list ]
We discovered several SIGSEGVs while running Courier IMAP daemon.
Full backtrace concernin to this issue is in the attachement.
I discovered, that problem is in this part of code in fetch.c:
if (do_open && *fp == NULL)
{
*fp=open_cached_fp(msgnum);
if (!*fp) {
*open_err=1;
return rc;
}
}
if (parsemime && !*mimep)
{
*mimep=fetch_alloc_rfc2045(msgnum, *fp);
}
You can see, that if open_cached_fp() returns NULL, *open_err is properly set,
however *fp (with value of NULL) is passed into fetch_alloc_rfc2045() where
fseek(fp, 0L, SEEK_SET) is called causing immediate SIGSEGV (at least on
FreeBSD operating system).
Patch in the attachement tries to solve this.
Any reply would be appreciated.
Thanks,
Nepto
[ Please CC me in the answer as I'm not in the list ]
--
_/| Ondrej Jombik - [EMAIL PROTECTED] - http://nepto.sk - ICQ #122428216
<_ \ Platon SDG - open source software development - http://platon.sk
`\| Ako sa do hory vola, tak sa zhori traktor! (c) 1999 Rattkin/MFF
'`
===8<===========End of original message text===========
--
S pozdravom,
Jan Stanik
Jan Stanik
[EMAIL PROTECTED]
Nextra s.r.o.--- fetch.c.ori 2004-03-24 15:56:31.000000000 +0100
+++ fetch.c 2004-03-24 15:56:25.000000000 +0100
@@ -403,8 +403,10 @@
if (do_open && *fp == NULL)
{
*fp=open_cached_fp(msgnum);
- if (!*fp)
+ if (!*fp) {
*open_err=1;
+ return rc;
+ }
}
if (parsemime && !*mimep)
(gdb) bt full
#0 0x4811ef75 in fseeko () from /usr/lib/libc.so.4
No symbol table info available.
#1 0x4811ef27 in fseek () from /usr/lib/libc.so.4
No symbol table info available.
#2 0x804cb15 in fetch_alloc_rfc2045 (msgnum=4, fp=0x0) at fetch.c:1501
No locals.
#3 0x804a451 in fetchitem (fp=0xbfbfb0e8, open_err=0xbfbfb0dc,
fi=0x80af020, i=0x80ae7ec, msgnum=4, mimep=0xbfbfb0e4) at fetch.c:412
fetchfunc = (void (*)(struct __sFILE *, struct fetchinfo *,
struct imapscaninfo *, long unsigned int, struct rfc2045
*)) 0x804a4f0 <envelope>
parsemime = 1
rc = 0
do_open = 1
#4 0x8049f92 in do_fetch (n=5, byuid=0, p=0x80af020) at fetch.c:273
fi = (struct fetchinfo *) 0x80af020
fp = (struct __sFILE *) 0x0
rfc2045p = (struct rfc2045 *) 0x0
seen = 0
open_err = 1
#5 0x804f1b2 in do_msgset (msgset=0x80b0081 "", msgfunc=0x8049e78
<do_fetch>, msgfunc_arg=0x80af020, isuid=0) at imapd.c:1001
i = 5
j = 5
rc = 134638200
last = 6
#6 0x80581e4 in do_imap_command (tag=0xbfbfb398 "0000000e") at
imapd.c:5407
fi = (struct fetchinfo *) 0x80af020
msgset = 0x80b0080 "5"
curtoken = (struct imaptoken *) 0x80adba0
uid = 0
#7 0x8065b62 in mainloop () at mainloop.c:93
rc = 0
tag = "0000000e", '\000' <repeats 11876 times>,
"Rb\nH\bC\013H\001\000\000\000\003", '\000' <repeats 11 times>,
"\200G\013HP⿿\226g\nH�", '\000' <repeats 11 times>,
"\204g\nH\bC\013H", '\000' <repeats 20 times>,
"\214⿿\000\201\013H\bC\013H\003\000\000\000mg\nH\000\201\013H\000\000\000\000�\000\000\000Lg\nH\bC\013H\000\000\000\000\000\000\000\000��\nH\bC\013H\001\000\000\000�⿿�a\nH�\000\000\000,�,�\234a\nH\bC\013H\000
\001\000\003\000\000\000\022\020\000\000^?^?^?^?\000\000\000\000,��_\nH`�"...
curtoken = (struct imaptoken *) 0x80adba0
noerril = 0
#8 0x805a205 in main (argc=2, argv=0xbfbff48c) at imapd.c:6334
ip = 0xbfbffcc2 "195.168.1.5"
p = 0xbfbffe2a "IMAP"
tag = 0xbfbffe3c "00000000"
oldumask = 49087
