Re: [Dovecot] imap crash during URLFETCH
On 3.5.2013, at 4.19, Mike Abbott wrote: >>> without having set *mpurl_r to NULL >> >> Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 > > That fixes it, thanks, but I wonder if it's incomplete? I notice that these > also sometimes don't set *mpurl_r: > imap_msgpart_url_create() > imap_msgpart_url_parse() > imap_urlauth_fetch() > > That last one in particular is called from imap_urlauth_fetch_local() in the > same way as the one you fixed. Well, Dovecot functions in general don't set stuff to NULL when it returns failure, so I shouldn't have fixed it that way.. These fix the bugs I found: http://hg.dovecot.org/dovecot-2.2/rev/a45bfb4c7d66 clang static analyzer is pretty good at catching these though, wonder why it didn't catch these.
Re: [Dovecot] imap crash during URLFETCH
>> without having set *mpurl_r to NULL > > Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 That fixes it, thanks, but I wonder if it's incomplete? I notice that these also sometimes don't set *mpurl_r: imap_msgpart_url_create() imap_msgpart_url_parse() imap_urlauth_fetch() That last one in particular is called from imap_urlauth_fetch_local() in the same way as the one you fixed.
Re: [Dovecot] imap crash during URLFETCH
On 30.4.2013, at 4.07, Mike Abbott wrote: > Dovecot-2.2.1's imap processes crash reliably when they use an IMAP URL with > an invalid access specifier. A backtrace and some debug output follows. The > crash is likely caused by imap_urlauth_fetch_parsed() returning 0 without > having set *mpurl_r to NULL, and then imap_urlauth_fetch_local() freeing an > uninitialized pointer. Right, fixed: http://hg.dovecot.org/dovecot-2.2/rev/24aa10efe132 I also noticed another crash: http://hg.dovecot.org/dovecot-2.2/rev/2a3134b0c25d
