On Sat, 2012-12-29 at 16:30 +0100, Kamil Jońca wrote:
> Dec 29 16:28:15 LDA(kjonca): Panic: pool_data_stack_realloc(): stack frame
> changed
> Dec 29 16:28:15 LDA(kjonca): Error: Raw backtrace:
> /usr/lib/dovecot/libdovecot.so.0(+0x47f1a) [0x7fcf2ccc9f1a] ->
> /usr/lib/dovecot/libdovecot.so.0(default_fatal_handler+0x2a) [0x7fcf2ccc9fda]
> -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7fcf2cc9e1b3] ->
> /usr/lib/dovecot/libdovecot.so.0(+0x58cae) [0x7fcf2ccdacae] ->
> /usr/lib/dovecot/libdovecot.so.0(+0x44435) [0x7fcf2ccc6435] ->
> /usr/lib/dovecot/libdovecot.so.0(buffer_write+0x7f) [0x7fcf2ccc679f] ->
> /usr/lib/dovecot/libdovecot.so.0(+0x63504) [0x7fcf2cce5504] ->
> /usr/lib/dovecot/libdovecot.so.0(str_c+0x9) [0x7fcf2cce5569] ->
> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x4a6af) [0x7fcf2adf36af] ->
> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_match_value+0x86)
> [0x7fcf2ade5c86] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_match+0xb2)
> [0x7fcf2ade5f52] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x43057)
> [0x7fcf2adec057] ->
> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_continue+0xc5)
> [0x7fcf2addda35] ->
> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_interpreter_run+0x2b)
> [0x7fcf2adddbbb] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x46642)
> [0x7fcf2adef642] ->
> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_execute+0x31) [0x7fcf2adeff91]
> -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3112) [0x7fcf2b031112]
> -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x45) [0x7fcf2d2278d5]
> -> /usr/lib/dovecot//dovecot-lda(main+0x38a) [0x40295a] ->
> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7fcf2c8ffead] ->
> /usr/lib/dovecot//dovecot-lda() [0x4031e1]
I think the attached patch fixes this. Stephan can figure out a
non-kludgy fix. :)
Stephan: I think there are other similar bugs in Sieve. str_c() is
called in quite a lot of places a long way from where the string was
created. str_data() would be safe to call anywhere. Compile latest
dovecot-2.1 hg with --enable-devel-checks and Pigeonhole's make test
crashes. (I guess the str_add_nul() check could be moved inside the if()
block if that would make this (much) easier to fix.)
diff -r b56711807edc src/lib-sieve/sieve-match.c
--- a/src/lib-sieve/sieve-match.c Mon Nov 26 21:16:54 2012 +0100
+++ b/src/lib-sieve/sieve-match.c Fri Jan 04 03:39:12 2013 +0200
@@ -97,6 +97,7 @@
match = 0;
while ( match == 0 &&
(ret=sieve_stringlist_next_item(key_list, &key_item)) > 0 ) {
+ (void)str_c(key_item);
T_BEGIN {
match = mcht->def->match_key
(mctx, value, value_size, str_c(key_item), str_len(key_item));
