Bug#917319: libdovecot: Segfault -- service(dict) killed with signal 11

2019-01-05 Thread Apollon Oikonomopoulos 
Control: tags -1 + upstream fixed-upstream

Hi!

On 03:40 Fri 04 Jan , Christian Schrötter wrote:
> > Not tested yet, but it looks like the right commit...
> 
> Tested and confirmed, it's the right bugfix! :-)
> 
> @Maintainer: I think this will be included in Dovecot v2.3.5. I don't
> know when the next release will be available, so maybe it's a good idea
> to include the patch [1] in the next package update as temporary
> solution for all affected users?
> 
> Patched sources are available at [2]. Test build for amd64 is available
> at [3]. This is only a small personal repository for private stuff.

Thanks to both of you for the report and the triaging. If upstream does 
not release v2.3.5 soon, I'll go ahead and upload a patched 2.3.4.

Regards,
Apollon

Bug#917319: libdovecot: Segfault -- service(dict) killed with signal 11

2019-01-03 Thread Christian Schrötter 
> Not tested yet, but it looks like the right commit...

Tested and confirmed, it's the right bugfix! :-)

@Maintainer: I think this will be included in Dovecot v2.3.5. I don't
know when the next release will be available, so maybe it's a good idea
to include the patch [1] in the next package update as temporary
solution for all affected users?

Patched sources are available at [2]. Test build for amd64 is available
at [3]. This is only a small personal repository for private stuff.

-- 
With kind regards,
Christian Schrötter

[1]:
https://github.com/dovecot/core/commit/aa5c05ebd5e2a2474514020d2114602bcb2f1157.patch

[2]: https://debrep.froonix.org/debian/dists/buster/main/source/mail/
[3]: https://debrep.froonix.org/debian/dists/buster/main/binary-amd64/mail/

Bug#917319: libdovecot: Segfault -- service(dict) killed with signal 11

2019-01-02 Thread Christian Schrötter 
Patch possibly already available:
https://github.com/dovecot/core/commit/aa5c05ebd5e2a2474514020d2114602bcb2f1157.patch

Not tested yet, but it looks like the right commit...

Bug#917319: libdovecot: Segfault -- service(dict) killed with signal 11

2018-12-29 Thread Bernhard Übelacker 
Hello Christian Schrötter,
not being involded in dovecot packaging I looked at this crash.

That address in event_unref seems to point here:

(gdb) disassemble /m event_unref,event_unref+370
Dump of assembler code from 0x77f33d70 to 0x77f33ee2:
...
210
211 void event_unref(struct event **_event)
212 {

213 struct event *event = *_event;
0x77f33d70 :  push   %rbp
0x77f33d71 :  push   %rbx
0x77f33d72 :  sub$0x8,%rsp
0x77f33d76 :  mov(%rdi),%rbx 
 <<< $rbx loaded with what $rdi (_event?) points to.

214
215 if (event == NULL)
0x77f33d79 :  test   %rbx,%rbx
0x77f33d7c : je 0x77f33e60 

216 return;
217 *_event = NULL;
0x77f33d82 : mov0x78(%rbx),%eax 
 <<< this instruction seems to crash
0x77f33d85 : movq   $0x0,(%rdi)

218
219 i_assert(event->refcount > 0);
0x77f33d8c : test   %eax,%eax
0x77f33d8e : jle0x77e8c8ca 


220 if (--event->refcount > 0)
0x77f33d94 : sub$0x1,%eax
...


So we might assume $rbx contains here an invalid pointer.
Some lines before, $rbx seems to be loaded with what _event
points to.

Unfortunately you removed all other frames from the backtrace,
therefore it would need a maintainer to be able to reproduce the fault,
to know from where event_unref got called.

But I think it would be easier for them if you could
provide all frames of the backtrace.
Even better would be if dovecot-core-dbgsym from the debug symbol
repository could be installed like described in [1],
before analyzing the core file.

Kind regards,
Bernhard

[1] https://wiki.debian.org/HowToGetABacktrace

Bug#917319: libdovecot: Segfault -- service(dict) killed with signal 11

2018-12-25 Thread Christian Schrötter 
Package: dovecot
Version: 1:2.3.4-2
Severity: important

Dear Maintainer,

the latest updates of Dovecot or some shared libraries at my Debian
Stretch system introduced a small bug. It's a nice new segfault... ;-)

> dovecot: dict: Fatal: master: service(dict):
> child 13578 killed with signal 11 (core dumped)
>
> dovecot: lda: Error: dict quota: Quota update failed:
> write(/var/run/dovecot/dict) failed: Broken pipe
> […] - Quota is now desynced

Core dump:

> Core was generated by `dovecot/dict'.
> Program terminated with signal SIGSEGV, Segmentation fault.
>
> #0  0x7f8d5b5efd82 in event_unref ()
> from /usr/lib/dovecot/libdovecot.so.0

Do you need more details about my (Postfixadmin with Sqlite3) setup
or is that enough information (for upstream) to fix this crash?

# doveconf -n service/dict
> service dict {
>   unix_listener dict {
> group = vmailuser
> mode = 0600
> user = vmailuser
>   }
> }

# doveconf -n dict
> dict {
>   quota = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
> }

# cat /etc/dovecot/dovecot-dict-sql.conf.ext
> connect = /path/to/sqlite3.db
>
> map {
> pattern = priv/quota/storage
> table = quota2
> username_field = username
> value_field = bytes
> }
>
> map {
> pattern = priv/quota/messages
> table = quota2
> username_field = username
> value_field = messages
> }

-- 
With kind regards,
Christian Schrötter