I tried to track this down to a single message but I failed - when I divided
the large mailbox into two halves, each of the halves went through successfully.
BTW, the spamassassing still segfaults regularly.
CL<
On Fri, Oct 05, 2007 at 06:27:13PM +0200, Karel Kulhavy wrote:
> While running spamassassin (the one in OpenBSD 4.0) my Perl (also OBSD 4.0)
> happened to segfault when learning what is spam. There is no suspicion on bad
> hardware, and this situation already happened in the past several times
> ocassionally.
>
> There were 9153 spam messages in the folder. I'll try if I can isolate a
> single
> one that triggers it. It's actually segfaulting in libc in some hash
> manipulation routine but it's clear to me this can be a delayed memory
> corruption
> bug caused by some Perl binding or Perl itself.
>
> #0 0x00639d71 in memmove () from /usr/lib/libc.so.39.3
> No symbol table info available.
> #1 0x0062fcb4 in __delpair (hashp=0x7d5a5200, bufp=0x870d8040, ndx=1707) at
> /usr/src/lib/libc/db/hash/hash_page.c:140
> i = 2127618048
> src = 0x7ed0e000
> "\232\b{?v?q?l?g?b?]?X?S\b{?v?q?l?g?b?]?X?S?N?I?D???:?5?0?+?&?!?\234?\227?\222?\215?\210?\203?~?y?t?o?j?e?`?[?V?Q?L?G?B?=?8?3?.?)?$?\037?\032?\025?\020?\v?\006?\001?|>w>r>m>h>c>^>Y>T>O>J>E>@>;>6>1>,>'>">\235>\230>\223>\216>\211>\204>\177>z>u>p>k>f>a>\\>W>R>M>H>C>>>"...
> dst = 0xffffec1b <Address 0xffffec1b out of bounds>
> bp = (u_int16_t *) 0x7d5a5200
> newoff = 4107
> pairlen = 18
> n = 2202
> #2 0x0062b812 in hash_access (hashp=0x7d5a5200, action=HASH_PUT,
> key=0xcf7e2190, val=0xcf7e2188) at /usr/src/lib/libc/db/hash/hash.c:670
> rbufp = (BUFHEAD *) 0x870d8040
> bufp = (BUFHEAD *) 0x267a2a96
> save_bufp = (BUFHEAD *) 0x870d8040
> bp = (u_int16_t *) 0xffffec1b
> n = 2202
> ndx = 1707
> off = -1953344059
> size = 5
> kp = 0x8b9255c0 "\020\237^5u"
> pageno = 4107
> #3 0x0557f083 in XS_DB_File_STORE () from
> /usr/libdata/perl5/i386-openbsd/5.8.8/auto/DB_File/DB_File.so
> No symbol table info available.
> #4 0x067ddd08 in Perl_pp_entersub () at
> /usr/src/gnu/usr.bin/perl/pp_hot.c:2877
> av = (AV * const) 0x267a81b0
> items = 645610516
> markix = 0
> sp = (SV **) 0x859c428c
> sv = (SV *) 0x876f43e4
> gv = (GV *) 0x5
> stash = (HV *) 0x0
> cv = (CV *) 0x876f43e4
> cx = (PERL_CONTEXT *) 0x267a81b0
> gimme = 0
> #5 0x068085b9 in Perl_runops_standard () at
> /usr/src/gnu/usr.bin/perl/run.c:37
> No locals.
> #6 0x067ef008 in S_call_body (myop=0xcf7e22f0, is_eval=27 '\033') at
> /usr/src/gnu/usr.bin/perl/perl.c:2733
> No locals.
> #7 0x067eef2e in Perl_call_sv (sv=0x85062030, flags=66) at
> /usr/src/gnu/usr.bin/perl/perl.c:2609
> sp = (SV **) 0x859c428c
> myop = {op_next = 0x0, op_sibling = 0x0, op_ppaddr = 0x67dda50
> <Perl_pp_entersub>, op_targ = 0, op_type = 0, op_seq = 0, op_flags = 66 'B',
> op_private = 0 '\0',
> op_first = 0x0, op_other = 0x0}
> method_op = {op_next = 0xcf7e22f0, op_sibling = 0x0, op_ppaddr =
> 0x67de738 <Perl_pp_method>, op_targ = 0, op_type = 0, op_seq = 0, op_flags =
> 0 '\0',
> op_private = 0 '\0', op_first = 0x0}
> oldmark = 0
> retval = 0
> oldscope = 23
> oldcatch = 0 '\0'
> oldop = (OP *) 0x7c774380
> cur_env = {je_prev = 0x8b9255e0, je_buf = {-2063196112, -813817160,
> 108820867, -2063196112, 0, 116, 0, 0, 0, 0, 645598328}, je_ret = -2063196112,
> je_mustcatch = 120 'x'}
> #8 0x067ee93c in Perl_call_method (methname=0x26796ab5 "STORE", flags=2) at
> /usr/src/gnu/usr.bin/perl/perl.c:2542
> No locals.
> #9 0x067cc38c in S_magic_methcall (sv=0x876a4d98, mg=0x870d8420,
> meth=0x26796ab5 "STORE", flags=2, n=3, val=0x7ed1100b) at
> /usr/src/gnu/usr.bin/perl/mg.c:1492
> sp = (SV **) 0x859c428c
> #10 0x067cc6e0 in Perl_magic_setpack (sv=0x876a4d98, mg=0x870d8420) at
> /usr/src/gnu/usr.bin/perl/mg.c:1529
> next = (PERL_SI *) 0x3ffff402
> sp = (SV **) 0x267b3578
> #11 0x067ca62d in Perl_mg_set (sv=0x876a4d98) at
> /usr/src/gnu/usr.bin/perl/mg.c:236
> vtbl = (const MGVTBL *) 0x3ffff402
> mgs_ix = 792
> mg = (MAGIC *) 0xffffec1b
> nextmg = (MAGIC *) 0x0
> #12 0x067d7535 in Perl_pp_sassign () at /usr/src/gnu/usr.bin/perl/pp_hot.c:125
> sp = (SV **) 0x816e6004
> right = (SV *) 0x876a4d98
> left = (SV *) 0x8506212c
> #13 0x068085b9 in Perl_runops_standard () at
> /usr/src/gnu/usr.bin/perl/run.c:37
> No locals.
> #14 0x067ee5df in S_run_body (oldscope=1) at
> /usr/src/gnu/usr.bin/perl/perl.c:2368
> No locals.
> #15 0x067ee533 in perl_run (my_perl=0x7dcc3030) at
> /usr/src/gnu/usr.bin/perl/perl.c:2285
> oldscope = 1
> ret = 1073738754
> cur_env = {je_prev = 0x267b3740, je_buf = {108978918, 645598328,
> -813816740, -813816616, -813816484, -813816560, -813816568, 0, -2025615324,
> 160, -813826009},
> je_ret = 3, je_mustcatch = 1 '\001'}
> #16 0x1c0012a6 in main ()
> No symbol table info available.
>
> CL<
