On 10/09/2013 02:45 PM, Thomas Preud'homme wrote: >> I've deleted "/var/spool/dspam/data" and let dspam deliver a mail, that >> produces this backtrace: >> >> #0 0xb6f118ec in raise () from /lib/arm-linux-gnueabi/libpthread.so.0 >> No symbol table info available. >> #1 0xb6a5acf4 in __aeabi_ldiv0 () from >> /usr/lib/arm-linux-gnueabi/dspam/libhash_drv.so No symbol table info >> available. >> #2 0xb6a59b9c in _hash_drv_seek (map=map@entry=0xb57073d8, >> offset=offset@entry=16147856, hashcode=<optimized out>, >> flags=flags@entry=1) at hash_drv.c:1194 header = <optimized out> >> rec = <optimized out> >> fpos = <optimized out> >> iterations = 0 > > Ok, this bug was very likely introduced with the patch I made to handle > corrupted css file. Unfortunetely I don't have the time to fix the patch now.
Yes the bug was introduced between 3.10.2+dfsg-9 and 3.10.2+dfsg-10. As I'm running -9 without problems. Although the incremental diff from -9 to -10 doesn't look suspicious at the first glance: > diff --git a/src/hash_drv.c b/src/hash_drv.c > index 349b491..daae2e7 100644 > --- a/src/hash_drv.c > +++ b/src/hash_drv.c > @@ -1187,32 +1187,36 @@ unsigned long _hash_drv_seek( > unsigned long fpos; > unsigned long iterations = 0; > > if (offset >= map->file_len) > return 0; > > fpos = sizeof(struct _hash_drv_header) + > ((hashcode % header->hash_rec_max) * sizeof(struct > _hash_drv_spam_record)); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ According to the backtrace's line number the diff-by-zero should happen here. But the modulo, which is IIRC implemented on ARM as divide/multiply/difference, was here all the time. Was there a compiler change? Maybe some new optimisations brakes the code. > rec = (void *)((unsigned long) map->addr + offset + fpos); > - while(rec->hashcode != hashcode && /* Match token */ > - rec->hashcode != 0 && /* Insert on empty */ > - iterations < map->max_seek) /* Max Iterations */ > + while(rec + sizeof(*rec) <= map->file_len && /* not end of file */ > + rec->hashcode != hashcode && /* Match token */ > + rec->hashcode != 0 && /* Insert on empty */ > + iterations < map->max_seek) /* Max Iterations */ > { > iterations++; > fpos += sizeof(struct _hash_drv_spam_record); > > if (fpos >= (header->hash_rec_max * sizeof(struct > _hash_drv_spam_record))) > fpos = sizeof(struct _hash_drv_header); > rec = (void *)((unsigned long) map->addr + offset + fpos); > } > > + if (rec + sizeof(*rec) > map->file_len) > + return 0; > + > if (rec->hashcode == hashcode) > return fpos; > > if (rec->hashcode == 0 && (flags & HSEEK_INSERT)) > return fpos; > > return 0; > } > I'm very busy for a few weeks but I'll try to take a look at it as soon as > possible. Thanks, Marc
signature.asc
Description: OpenPGP digital signature