Hi,
While testing cyrus-imapd-2.3.13rc3, I noticed log entries like the
following when deleting a top-level mailbox:
Oct 14 17:39:21 machine master[24378]: process 24391 exited, signaled to
death by 11
The mailbox had been removed from the filesystem, but the imapd process
appears to have segfaulted. Trussing the imapd showed:
stat("/var/imap/mailboxes.db", 0xFFBFB5B0) = 0
fcntl(6, F_SETLKW, 0xFFBFB628) = 0
rmdir("/var/spool/imap/v/wobble") = 0
Incurred fault #6, FLTBOUNDS %pc = 0x00047850
siginfo: SIGSEGV SEGV_MAPERR addr=0x
Received signal #11, SIGSEGV [default]
siginfo: SIGSEGV SEGV_MAPERR addr=0x
Looking at the code there is a clear NULL pointer bug in the
mailbox_delete function in imap/mailbox.c. The patch is:
$ diff -u imap/mailbox.c.orig imap/mailbox.c
--- imap/mailbox.c.orig Wed Oct 8 16:47:08 2008
+++ imap/mailbox.c Tue Oct 14 17:49:05 2008
@@ -2919,7 +2919,9 @@
r = mboxlist_lookup(nbuf, NULL, NULL);
} while(r == IMAP_MAILBOX_NONEXISTENT);
-*ntail = '\0';
+if (ntail != NULL) {
+*ntail = '\0';
+}
if (updatenotifier) updatenotifier(nbuf);
--
Stephen Grier
Systems Developer
Computing Services
Queen Mary, University of London
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
