FTS-searching through a virtual mailbox crashes dovecot-2.1.15 when the FTS
backend does not support lookup_multi.
src/plugins/fts/fts-api.h says for fts_backend_lookup() that "The arrays in
result must be initialized by caller." FTS backends can therefore assume that
the arrays are initialized by their caller. However,
fts_backend_lookup_multi() does not initialize the per-box arrays before
calling the FTS backend’s lookup function. This patch fixes the resulting
crash.
--- dovecot-2.1.15/src/plugins/fts/fts-api.c 2012-08-03 09:09:28.000000000
-0500
+++ dovecot/src/plugins/fts/fts-api.c 2013-02-28 14:35:43.000000000 -0600
@@ -337,8 +337,12 @@
result->box_results = p_new(result->pool, struct fts_result, i+1);
for (i = 0; boxes[i] != NULL; i++) {
+ struct fts_result *box_result = &result->box_results[i];
+ p_array_init(&box_result->definite_uids, result->pool, 32);
+ p_array_init(&box_result->maybe_uids, result->pool, 32);
+ p_array_init(&box_result->scores, result->pool, 32);
if (backend->v.lookup(backend, boxes[i], args,
- and_args, &result->box_results[i]) < 0)
+ and_args, box_result) < 0)
return -1;
}
return 0;
