Hi! I was able to reproduce this issue with 2.3.21, but it seems to have been fixed in main. I think https://github.com/dovecot/core/commit/1c1b77dbf9a548aac788efb76973ce2d0fa6c732.patch will fix this.
Aki > On 18/01/2024 22:51 EET John van der Kamp via dovecot <dovecot@dovecot.org> > wrote: > > > Hello, > > > I've found a crash in a very specific setup. A dovecot server with imapc > connection needs to receive an email with no body contents for the intent of > generating a preview/snippet. It crashes somewhere deep in the jungle of > istream and snapshots. I've included a script which sets up the systems to > reproduce the crash. > > > I've tested this with several versions. 2.3.16 doesn't seem to be affected, > but 2.3.20 and 2.3.21 are affect. > > > For me it produces a traceback like this, using the ubuntu version from here: > https://packages.ubuntu.com/noble/dovecot-core > > > (gdb) bt > #0 __pthread_kill_implementation (no_tid=0, signo=6, > threadid=140530132887360) at ./nptl/pthread_kill.c:44 > #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at > ./nptl/pthread_kill.c:78 > #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at > ./nptl/pthread_kill.c:89 > #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at > ../sysdeps/posix/raise.c:26 > #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 > #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, > type=LOG_TYPE_PANIC) at ../lib/failures.c:465 > #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, > args=<optimized out>) at ../lib/failures.c:477 > #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, > format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 > #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d > (%s): assertion failed: (%s)") at ../lib/failures.c:530 > #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free > (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 > #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at > ../lib-mail/istream-header-filter.c:655 > #11 0x00007fcfb8bf25ac in i_stream_snapshot_free > (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 > #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at > ../lib/istream.c:66 > #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) > at index/index-mail.c:1151 > #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure > (mail=0x55dabe292058, field=MAIL_CACHE_BODY_SNIPPET) at > index/index-mail.c:1551 > #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet > (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 > #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, > value_r=0x7ffc16cc8050) at index/index-mail.c:1730 > #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, > field=field@entry=MAIL_FETCH_BODY_SNIPPET, > value_r=value_r@entry=0x7ffc16cc8050) > at > /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 > #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, > mail=0x55dabe292058, preview=0x55dabe28f1f8) at > ./src/imap/imap-fetch-body.c:615 > #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, > cancel=false) at ./src/imap/imap-fetch.c:562 > #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, > cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 > #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at > ./src/imap/cmd-fetch.c:382 > #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at > ./src/imap/imap-commands.c:201 > #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at > ./src/imap/imap-client.c:1237 > #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at > ./src/imap/imap-client.c:1307 > #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic > pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 > #26 client_handle_input (client=0x55dabe26d2c8) at > ./src/imap/imap-client.c:1363 > #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at > ./src/imap/imap-client.c:1407 > #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at > ../lib/ioloop.c:737 > #29 0x00007fcfb8bff81a in io_loop_handler_run_internal > (ioloop=0x55dabe243fd0) at ../lib/ioloop-epoll.c:222 > #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at > ../lib/ioloop.c:789 > #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at > ../lib/ioloop.c:762 > #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, > callback=callback@entry=0x55dabc533210 <client_connected>) at > ../lib-master/master-service.c:878 > #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) > at ./src/imap/main.c:575 > > > John > > > > Hello, > > I've found a crash in a very specific setup. A dovecot server with imapc > connection needs to receive an email with no body contents for the intent of > generating a preview/snippet. It crashes somewhere deep in the jungle of > istream and snapshots. I've included a script which sets up the systems to > reproduce the crash. > > I've tested this with several versions. 2.3.16 doesn't seem to be affected, > but > 2.3.20 and 2.3.21 are affect. > > For me it produces a traceback like this, using the ubuntu version from here: > https://packages.ubuntu.com/noble/dovecot-core > > (gdb) bt > #0 __pthread_kill_implementation (no_tid=0, signo=6, > threadid=140530132887360) > at ./nptl/pthread_kill.c:44 > #1 __pthread_kill_internal (signo=6, threadid=140530132887360) at ./nptl/ > pthread_kill.c:78 > #2 __GI___pthread_kill (threadid=140530132887360, signo=signo@entry=6) at ./ > nptl/pthread_kill.c:89 > #3 0x00007fcfb8842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/ > raise.c:26 > #4 0x00007fcfb88287f3 in __GI_abort () at ./stdlib/abort.c:79 > #5 0x00007fcfb8b37fe5 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) > at ../lib/failures.c:465 > #6 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, > args=<optimized out>) at ../lib/failures.c:477 > #7 0x00007fcfb8be50d7 in i_internal_fatal_handler (ctx=<optimized out>, > format=<optimized out>, args=<optimized out>) at ../lib/failures.c:879 > #8 0x00007fcfb8b37eea in i_panic (format=0x7fcfb8c29020 "file %s: line %d > (%s): assertion failed: (%s)") at ../lib/failures.c:530 > #9 0x00007fcfb8b3387b in i_stream_header_filter_snapshot_free > (_snapshot=<optimized out>) at ../lib-mail/istream-header-filter.c:663 > #10 i_stream_header_filter_snapshot_free (_snapshot=0x55dabe297a60) at ../lib- > mail/istream-header-filter.c:655 > #11 0x00007fcfb8bf25ac in i_stream_snapshot_free > (_snapshot=_snapshot@entry=0x55dabe29b0d0) at ../lib/istream.c:253 > #12 0x00007fcfb8bf2654 in i_stream_unref (stream=0x7ffc16cc7fa0) at ../lib/ > istream.c:66 > #13 0x00007fcfb8d96baa in index_mail_write_body_snippet (mail=0x55dabe292058) > at index/index-mail.c:1151 > #14 0x00007fcfb8d97e48 in index_mail_parse_bodystructure (mail=0x55dabe292058, > field=MAIL_CACHE_BODY_SNIPPET) at index/index-mail.c:1551 > #15 0x00007fcfb8d97fe2 in index_mail_fetch_body_snippet > (value_r=0x7ffc16cc8050, mail=0x55dabe292058) at index/index-mail.c:1602 > #16 index_mail_get_special (_mail=0x55dabe292058, field=<optimized out>, > value_r=0x7ffc16cc8050) at index/index-mail.c:1730 > #17 0x00007fcfb8d16ffe in mail_get_special (mail=mail@entry=0x55dabe292058, > field=field@entry=MAIL_FETCH_BODY_SNIPPET, > value_r=value_r@entry=0x7ffc16cc8050) > at > /home/ubuntu/dovecot/new/dovecot-2.3.21+dfsg1/src/lib-storage/mail.c:418 > #18 0x000055dabc52645c in fetch_snippet (ctx=0x55dabe26e050, > mail=0x55dabe292058, preview=0x55dabe28f1f8) at ./src/imap/imap-fetch-body.c: > 615 > #19 0x000055dabc52b5cc in imap_fetch_more_int (ctx=0x55dabe26e050, > cancel=false) at ./src/imap/imap-fetch.c:562 > #20 0x000055dabc52b8ad in imap_fetch_more (ctx=0x55dabe26e050, > cmd=0x55dabe26de98) at ./src/imap/imap-fetch.c:617 > #21 0x000055dabc51fd07 in cmd_fetch (cmd=0x55dabe26de98) at ./src/imap/cmd- > fetch.c:382 > #22 0x000055dabc528af4 in command_exec (cmd=0x55dabe26de98) at > ./src/imap/imap- > commands.c:201 > #23 0x000055dabc52e9e2 in client_command_input (cmd=<optimized out>) at ./src/ > imap/imap-client.c:1237 > #24 0x000055dabc52ea96 in client_command_input (cmd=<optimized out>) at ./src/ > imap/imap-client.c:1307 > #25 0x000055dabc52eeed in client_handle_next_command (remove_io_r=<synthetic > pointer>, client=0x55dabe26d2c8) at ./src/imap/imap-client.c:1349 > #26 client_handle_input (client=0x55dabe26d2c8) at ./src/imap/imap-client.c: > 1363 > #27 0x000055dabc52f2c4 in client_input (client=0x55dabe26d2c8) at ./src/imap/ > imap-client.c:1407 > #28 0x00007fcfb8bfe27d in io_loop_call_io (io=0x55dabe26e660) at ../lib/ > ioloop.c:737 > #29 0x00007fcfb8bff81a in io_loop_handler_run_internal (ioloop=0x55dabe243fd0) > at ../lib/ioloop-epoll.c:222 > #30 0x00007fcfb8bff8d4 in io_loop_handler_run (ioloop=0x55dabe243fd0) at ../ > lib/ioloop.c:789 > #31 0x00007fcfb8bffa90 in io_loop_run (ioloop=0x55dabe243fd0) at ../lib/ > ioloop.c:762 > #32 0x00007fcfb8b6ce57 in master_service_run (service=0x55dabe243e20, > callback=callback@entry=0x55dabc533210 <client_connected>) at ../lib-master/ > master-service.c:878 > #33 0x000055dabc51ad37 in main (argc=<optimized out>, argv=<optimized out>) at > ./src/imap/main.c:575 > > John > > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-le...@dovecot.org _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
