Package: isync
Version: 1.4.3-1
Severity: normal

Before the upgrade (1.3.0-2.2, on bullseye), I am able to run mbsync
without too many issues. After the upgrade, it completely crashes with
what looks like an assertion failure:

C: 0/1  B: 134/205  F: +0/0 *0/0 #0/0  N: +4/4 *0/0 #0/0
Warning: lost track of 676 pulled message(s)
C: 0/1  B: 134/205  F: +0/0 *0/0 #0/0  N: +4/681 *0/0 #0/0
Warning: message 1 from far side has incomplete header.
C: 0/1  B: 134/205  F: +0/0 *0/0 #0/0  N: +5/681 *0/0 #0/0corrupted size vs. 
prev_size while consolidating
Abandon (core dumped)

Here's the backtrace:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f529fa18537 in __GI_abort () at abort.c:79
#2  0x00007f529fa71768 in __libc_message (action=action@entry=do_abort, 
    fmt=fmt@entry=0x7f529fb7fe2d "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007f529fa78a5a in malloc_printerr (
    str=str@entry=0x7f529fb82280 "corrupted size vs. prev_size while 
consolidating") at malloc.c:5347
#4  0x00007f529fa7a12e in _int_free (av=0x7f529fbb1b80 <main_arena>, 
    p=0x5613006c9860, have_lock=<optimized out>) at malloc.c:4332
#5  0x00005612ff5f01a7 in copy_msg_convert (vars=0x561300587510, 
    out_cr=<optimized out>, in_cr=<optimized out>) at ./src/sync.c:534
#6  msg_fetched (sts=<optimized out>, aux=0x561300587510) at ./src/sync.c:559
#7  0x00005612ff5f9832 in done_imap_cmd (ctx=ctx@entry=0x7f52a0140010, 
    cmd=cmd@entry=0x561300635b30, response=response@entry=0)
    at ./src/drv_imap.c:326
#8  0x00005612ff600bc2 in imap_socket_read (aux=0x7f52a0140010)
    at ./src/drv_imap.c:1740
#9  0x00005612ff5f72b7 in event_wait () at ./src/util.c:831
#10 main_loop () at ./src/util.c:903
#11 0x00005612ff5ec38f in main (argc=<optimized out>, argv=<optimized out>)
    at ./src/main.c:797

It could be this is a new assertion for something that was broken
already in a previous version. I'm dealing with corruption issues on
the IMAP server side, but it seems to me this should still not crash,
especially on hostile server data...

(I don't have a particular reason to believe this is a security issue,
but i guess that if this is caused by a malicious message, it might be
a mild DOS condition..)

-- System Information:
Debian Release: 11.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable'), 
(1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-9-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages isync depends on:
ii  libc6       2.31-13+deb11u2
ii  libdb5.3    5.3.28+dfsg1-0.8
ii  libsasl2-2  2.1.27+dfsg-2.1
ii  libssl1.1   1.1.1k-1+deb11u1
ii  zlib1g      1:1.2.11.dfsg-2

isync recommends no packages.

Versions of packages isync suggests:
ii  mutt  2.0.5-4.1

-- no debconf information

Reply via email to