Re: [Dbmail-dev] segfaults fixed in HEAD

Mon, 15 Nov 2004 18:14:31 +0100 (CET) 

I've fixed the segfaults plagueing cvs-head.



I'm no longer seeing segfaults, but I'm still getting double free  
errors.



Nov 15 08:49:56 nfs1 dbmail/imap4d[15979]: dbpgsql.c,db_free_result:  
trying to free a result set that is already NULL!



Spoke too soon.  If you push the imap server hard enough and do a full  
synchronize, you can segv it.


(gdb) bt
#0  0x0000000801434048 in kill () from /lib/libc.so.5
#1  0x000000080149c99d in abort () from /lib/libc.so.5
#2  0x000000080143f935 in ldexp () from /lib/libc.so.5
#3  0x000000080143f96c in ldexp () from /lib/libc.so.5
#4  0x000000080144086d in ldexp () from /lib/libc.so.5

#5  0x0000000800e4b93d in g_list_foreach () from  
/usr/local/lib/libglib-2.0.so.400
#6  0x00000000004167ce in dbmail_imap_session_fetch_get_items  
(self=0x528600) at dbmail-imapsession.c:1730
#7  0x000000000040d9b9 in _ic_fetch (self=0x528600) at  
imapcommands.c:2322

#8  0x000000000040e881 in _ic_uid (self=0x528600) at imapcommands.c:2839
#9  0x0000000000404728 in IMAPClientHandler (ci=0x65c860) at imap4.c:353

#10 0x0000000800659e4c in PerformChildTask (info=0x800768840) at  
serverchild.c:375
#11 0x0000000800659f46 in CreateChild (info=0x800768840) at  
serverchild.c:250

#12 0x000000080065a88a in manage_restart_children () at pool.c:369

#13 0x0000000800659395 in StartServer (conf=0x7fffffffe280) at  
server.c:115

#14 0x0000000000411903 in main (argc=-8608, argv=0x0) at imapd.c:186
(gdb) frame 6

#6  0x00000000004167ce in dbmail_imap_session_fetch_get_items  
(self=0x528600) at dbmail-imapsession.c:1730

1730            g_list_foreach(tlist, (GFunc)g_free, NULL);
(gdb) p *self

$1 = {ci = 0x800768860, use_uid = 1, msg_idnr = 3336, tag = 0x54fdd0  
"6", command = 0x54fde0 "UID", args = 0x51f8e8, fi = {bodyfetch =  
{noseen = 0, itemtype = -1,
      argstart = 0, argcnt = 0, octetstart = 0, octetcnt = 0, partspec  
= '\0' <repeats 99 times>}, msgparse_needed = 1, hdrparse_needed = 0,  
getBodyTotal = 0,
    getBodyTotalPeek = 0, getInternalDate = 0, getFlags = 0, getUID =  
1, getMIME_IMB = 1, getEnvelope = 0, getSize = 0,  
getMIME_IMB_noextension = 0, getRFC822Header = 0,
    getRFC822Text = 0, getRFC822 = 0, getRFC822Peek = 0}, message =  
0x0, headermsg = {mimeheader = {start = 0x0, total_nodes = 0},  
rfcheader = {start = 0x0,
      total_nodes = 0}, message_has_errors = 0, bodystart = {block = 0,  
pos = 0}, bodyend = {block = 0, pos = 0}, bodysize = 0, bodylines = 0,  
rfcheadersize = 0,
    children = {start = 0x0, total_nodes = 0}, rfcheaderlines = 0,  
mimerfclines = 0}, msginfo = 0x65f000}

(gdb) frame 7

#7  0x000000000040d9b9 in _ic_fetch (self=0x528600) at  
imapcommands.c:2322
2322                                    if  
(dbmail_imap_session_fetch_get_items(self) < 0)

(gdb) p *self

$2 = {ci = 0x800768860, use_uid = 1, msg_idnr = 3336, tag = 0x54fdd0  
"6", command = 0x54fde0 "UID", args = 0x51f8e8, fi = {bodyfetch =  
{noseen = 0, itemtype = -1,
      argstart = 0, argcnt = 0, octetstart = 0, octetcnt = 0, partspec  
= '\0' <repeats 99 times>}, msgparse_needed = 1, hdrparse_needed = 0,  
getBodyTotal = 0,
    getBodyTotalPeek = 0, getInternalDate = 0, getFlags = 0, getUID =  
1, getMIME_IMB = 1, getEnvelope = 0, getSize = 0,  
getMIME_IMB_noextension = 0, getRFC822Header = 0,
    getRFC822Text = 0, getRFC822 = 0, getRFC822Peek = 0}, message =  
0x0, headermsg = {mimeheader = {start = 0x0, total_nodes = 0},  
rfcheader = {start = 0x0,
      total_nodes = 0}, message_has_errors = 0, bodystart = {block = 0,  
pos = 0}, bodyend = {block = 0, pos = 0}, bodysize = 0, bodylines = 0,  
rfcheadersize = 0,
    children = {start = 0x0, total_nodes = 0}, rfcheaderlines = 0,  
mimerfclines = 0}, msginfo = 0x65f000}

(gdb) frame 8
#8  0x000000000040e881 in _ic_uid (self=0x528600) at imapcommands.c:2839
2839                    result = _ic_fetch(self);
(gdb) p *self

$3 = {ci = 0x800768860, use_uid = 1, msg_idnr = 3336, tag = 0x54fdd0  
"6", command = 0x54fde0 "UID", args = 0x51f8e8, fi = {bodyfetch =  
{noseen = 0, itemtype = -1,
      argstart = 0, argcnt = 0, octetstart = 0, octetcnt = 0, partspec  
= '\0' <repeats 99 times>}, msgparse_needed = 1, hdrparse_needed = 0,  
getBodyTotal = 0,
    getBodyTotalPeek = 0, getInternalDate = 0, getFlags = 0, getUID =  
1, getMIME_IMB = 1, getEnvelope = 0, getSize = 0,  
getMIME_IMB_noextension = 0, getRFC822Header = 0,
    getRFC822Text = 0, getRFC822 = 0, getRFC822Peek = 0}, message =  
0x0, headermsg = {mimeheader = {start = 0x0, total_nodes = 0},  
rfcheader = {start = 0x0,
      total_nodes = 0}, message_has_errors = 0, bodystart = {block = 0,  
pos = 0}, bodyend = {block = 0, pos = 0}, bodysize = 0, bodylines = 0,  
rfcheadersize = 0,
    children = {start = 0x0, total_nodes = 0}, rfcheaderlines = 0,  
mimerfclines = 0}, msginfo = 0x65f000}

(gdb) frame 9
#9  0x0000000000404728 in IMAPClientHandler (ci=0x65c860) at imap4.c:353

353                             result = (*imap_handler_functions[i])  
(session);

(gdb) p *ci

$4 = {tx = 0x4354454600444955, rx = 0x4220363333332048, ip =  
"ODYSTRUCTURE", '\0' <repeats 13 times>, "?e\000\000\000\000",
  clientname = "\000\004\n\000\004\000\004\000?\0000\0000\0000\000\000  
k\000\000\000\000\000\200\020\000\000\000\000\000\000?? 
[EMAIL PROTECTED] 
00\000\000\000\000?? 
e\000\000\000\000\000\001\000\000\000\000\000\000\000\000`k\000\000\000\ 
000\000\200\020\000\000\000\000\000\000\000? 
e\000\000\000\000\000\001\000\000\000\000\000\000\000\000\200k\000\000\0 
00\000\000\200\020\000\000\000\000\000\000  
?e\000\000\000\000\000\001\000\000\000\000\000\000\000\000? 
[EMAIL PROTECTED] 
e\000\000\000\000\000\004\000\000\000\000\000\000\000\000? 
k\000\000\000\000\000\200\020\000\000\000\000\000\000`? 
e\000\000\000\000\000"..., timeoutMsg = 0x65cd18 "0", timeout = 1,  
userData = 0x65cd1a}

(gdb) p *ci->tx
Error accessing memory address 0x4354454600444955: Bad address.
(gdb) p *ci->rx
Error accessing memory address 0x4220363333332048: Bad address.
(gdb) frame 10

#10 0x0000000800659e4c in PerformChildTask (info=0x800768840) at  
serverchild.c:375

375                     info->ClientHandler(&client);
(gdb) p *info

$5 = {maxConnect = 10000, listenSocket = 5, resolveIP = 1, timeout =  
4000, timeoutMsg = 0x41ba58 "* BYE dbmail IMAP4 server signing off due  
to timeout\r\n",

  ClientHandler = 0x404000 <IMAPClientHandler>}
(gdb) frame 11

#11 0x0000000800659f46 in CreateChild (info=0x800768840) at  
serverchild.c:250

250                     PerformChildTask(info);
(gdb) p *info

$6 = {maxConnect = 10000, listenSocket = 5, resolveIP = 1, timeout =  
4000, timeoutMsg = 0x41ba58 "* BYE dbmail IMAP4 server signing off due  
to timeout\r\n",

  ClientHandler = 0x404000 <IMAPClientHandler>}
(gdb) frame 12
#12 0x000000080065a88a in manage_restart_children () at pool.c:369
369                             CreateChild(&childinfo);
(gdb) frame 13

#13 0x0000000800659395 in StartServer (conf=0x7fffffffe280) at  
server.c:115

115                     manage_restart_children();
(gdb) p *conf

$7 = {listenSocket = 5, startChildren = 5, minSpareChildren = 2,  
maxSpareChildren = 8, maxChildren = 50, childMaxConnect = 10000,  
timeout = 4000,
  ip = "a.b.c.d", '\0' <repeats 18 times>, port = 143, resolveIP = 1,  
timeoutMsg = 0x41ba58 "* BYE dbmail IMAP4 server signing off due to  
timeout\r\n",
  serverUser = "nobody", '\0' <repeats 1017 times>, serverGroup =  
"nogroup", '\0' <repeats 1016 times>, ClientHandler = 0x404000  
<IMAPClientHandler>}


--
Sean Chittenden























					Reply via email to