imapd crashes with SIGSEGV in mboxlist.c:221

Dmitry Katsubo dma_k at mail.ru
Sun Aug 21 19:56:09 EDT 2011 

Bron, thanks for your message.

On 20.08.2011 18:56, Bron Gondwana wrote:
> On Mon, Aug 08, 2011 at 05:52:54AM +0200, Dmitry Katsubo wrote:
> 
> So... if you're going to insist on sticking with 2.2.x:

Perhaps I haven't understood you here: I've checked with 2.4: the same
story. The patch applies cleanly and afterwards Cyrus starts working for me.

> So... the real problem here is that you're reading a fixed length
> buffer and only looking for expected values rather than looking out
> for the end.

Yes, agreed. The check that we haven't reached the end of buffer should
be there in any case, right? I also feel that something is wrong with
the data, but it's problematic to learn what exactly. "Corrupted" in my
case does not mean the physical corruption from outside, but during
import / export operation (I believe).

> This works because there's always an ACL full of tabs on the end.
> Usually. Unless it's really corrupted, in which case you are
> pretty screwed.

I think, tab was delimiting the mailbox in my case. If the loop would
continue after ACL, it would also capture ACL into "partition name",
which inevitably would cause problem is following code.

> But then - if your mailboxes.db contents are corrupted then your
> life can get miserable in all sorts of ways.

I have exported my mailboxes.db into flatfile (the part of it is
attached) and imported it back. The problem is there. It also means that
cvt_cyrusdb does not do any checks and put the data into db as is so I
cannot recover this way. I can't learn what should be the "correct"
format of mailboxes.db, so it was easier for me to fix the code.

Let me know, if binary .db file will also be helpful.

> I think this is probably a saner way to patch:
> 
> while (p < (data + datalen) && *p != ' ') { /* copy out partition name */
> 
> But there are so many things wrong with that block of code, which
> is why it's been rewritten at least 3 times already since then,
> and is about to come back for a 4th attempt.
> 
> Bron ( the 4th time being a complete format change... )

Do you happen to know how the flatfile should look like? Is it better to
fix the data or to improve the code?

Thanks.

-- 
With best regards,
Dmitry
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mailboxes.db.txt
Url: http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20110822/83654d6a/attachment.txt

More information about the Cyrus-devel mailing list