A NOTE has been added to this issue. ====================================================================== http://www.dbmail.org/mantis/view.php?id=789 ====================================================================== Reported By: jasb Assigned To: netvulture ====================================================================== Project: DBMail Issue ID: 789 Category: IMAP daemon Reproducibility: have not tried Severity: crash Priority: normal Status: feedback target: ====================================================================== Date Submitted: 21-Jul-09 23:51 CEST Last Modified: 30-Jul-09 23:46 CEST ====================================================================== Summary: dbmail-imapd crash with invalid pointer reason Description: Hi, After this commit on GIT HEAD:
http://git.dbmail.eu/cgit/cgit.cgi/paul/dbmail/commit/?id=02b0fe06c4947fb50bdcbe3ac39661006f78aa07 imapd crashes with invalid pointer on this. Attached there's the GDB trace for this. ====================================================================== ---------------------------------------------------------------------- (0002837) waza123 (reporter) - 22-Jul-09 14:02 http://www.dbmail.org/mantis/view.php?id=789#c2837 ---------------------------------------------------------------------- i have many crashes in all sectors. dbmail-imapd dbmail-pop3d dbmail-lmtpd v2.3.6 ---------------------------------------------------------------------- (0002838) pschmiel (reporter) - 23-Jul-09 12:55 http://www.dbmail.org/mantis/view.php?id=789#c2838 ---------------------------------------------------------------------- I have the same problem with a crashing imapd. Backtrace is attached. ---------------------------------------------------------------------- (0002839) pschmiel (reporter) - 23-Jul-09 16:30 http://www.dbmail.org/mantis/view.php?id=789#c2839 ---------------------------------------------------------------------- I think the following changes did the trick. No more crashes since this modification: if(D->data != NULL) g_free(D->data); if(D != NULL) g_free(D); ---------------------------------------------------------------------- (0002840) waza123 (reporter) - 23-Jul-09 16:37 http://www.dbmail.org/mantis/view.php?id=789#c2840 ---------------------------------------------------------------------- yes, you have to check if it exists before free it ---------------------------------------------------------------------- (0002841) pschmiel (reporter) - 23-Jul-09 18:02 http://www.dbmail.org/mantis/view.php?id=789#c2841 ---------------------------------------------------------------------- got another crash a few minutes ago. looks like the pointer points to an invalid address location so it is not NULL but nevertheless it can't be freed... ---------------------------------------------------------------------- (0002844) netvulture (developer) - 24-Jul-09 19:25 http://www.dbmail.org/mantis/view.php?id=789#c2844 ---------------------------------------------------------------------- I think I might have triggered the crash on my system by using IDLE and then reading messages fairly fast, switching from IDLE to OPERATION and BACK in short order. Will try to reproduce this weekend under gdb operation. ---------------------------------------------------------------------- (0002863) jasb (reporter) - 28-Jul-09 22:30 http://www.dbmail.org/mantis/view.php?id=789#c2863 ---------------------------------------------------------------------- Hi Jon, Were you able to reproduce this and fix it? ---------------------------------------------------------------------- (0002869) netvulture (developer) - 29-Jul-09 06:09 http://www.dbmail.org/mantis/view.php?id=789#c2869 ---------------------------------------------------------------------- Looking at the bt you attached, the session is null, thus is does make sense that is should blow up if it tries to free a memory address that isn't even defined in a null object. So it would appear that a job is pushed to the thread pool with a bogus session pointer. http://www.dbmail.org/mantis/view.php?id=6 0x08054090 in imap_idle_loop (self=0x0, timeout=30) at imapcommands.c:1088 1088 g_free(D->data); There is a trace already in place in imap_idle_loop() that should tell you what the session address is. Is it 0x0 when it blows up? ---------------------------------------------------------------------- (0002885) netvulture (developer) - 30-Jul-09 23:46 http://www.dbmail.org/mantis/view.php?id=789#c2885 ---------------------------------------------------------------------- Please try my bug fix testing branch git clone git://git.dbmail.eu/netvulture/dbmail nvc_bug_test The (proposed) fix for bug http://www.dbmail.org/mantis/view.php?id=790 is in there along with some other things that I've found that could be causing crashes. Bug 790 might be the cause of this bug. Issue History Date Modified Username Field Change ====================================================================== 21-Jul-09 23:51 jasb New Issue 21-Jul-09 23:51 jasb File Added: imapd_invalid_pointer.txt 22-Jul-09 14:02 waza123 Note Added: 0002837 23-Jul-09 12:55 pschmiel File Added: backtrace.txt 23-Jul-09 12:55 pschmiel Note Added: 0002838 23-Jul-09 13:22 pschmiel Issue Monitored: pschmiel 23-Jul-09 16:30 pschmiel Note Added: 0002839 23-Jul-09 16:36 waza123 Note Added: 0002840 23-Jul-09 16:37 waza123 Note Edited: 0002840 23-Jul-09 18:02 pschmiel Note Added: 0002841 24-Jul-09 19:23 netvulture Status new => assigned 24-Jul-09 19:23 netvulture Assigned To => netvulture 24-Jul-09 19:25 netvulture Note Added: 0002844 24-Jul-09 19:25 netvulture Status assigned => acknowledged 28-Jul-09 22:30 jasb Note Added: 0002863 29-Jul-09 06:09 netvulture Note Added: 0002869 29-Jul-09 06:10 netvulture Status acknowledged => feedback 30-Jul-09 23:46 netvulture Note Added: 0002885 ====================================================================== _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail-dev
