<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Good morning,<br>
<br>
<br>
I have been checking the Cyrus IMAP 2.3.19 and 2.3.18 code because
I have observed some issues in UID SORT commands in the IMAP
protocol. When performing a command<br>
<br>
like ". UID SORT (SIZE) US-ASCII ALL TEXT avanzada" in a mailbox
where matches were found caused you to obtain in a debug (or non
debug I think) log the following entry :<br>
<br>
Oct 31 09:17:21 hostname master[78064]: process 78268 exited,
signaled to death by 11<br>
<br>
Lines like this are seen when a process has been signaled by the
kernel with signal 11. Have been reading this signal is sent to a
proccess when it performs an unauthorized memory<br>
<br>
access attemp (an out of the own variable, pointer... etc, storage
room). After debugging the code with GDB and doing several checks,
have seen the issue came from the byte2search()<br>
<br>
function when a piece of the string s->substr was trying to be
stored in b. Concretely the third if in the loop :<br>
<br>
<br>
for (i = 0, cur = 0; i < s->max_start; i++) {<br>
/* no more active offsets */<br>
if (s->starts[i] == -1)<br>
break;<br>
<br>
/* if we've passed one that's not ongoing, copy back */<br>
if (cur < i) {<br>
s->starts[cur] = s->starts[i];<br>
}<br>
/* check that the substring is still maching */<br>
if (b == s->substr[s->offset - s->starts[i]]) {<br>
<br>
<br>
The issue was caused there because s->starts[i] in this place,
was not being able to be accesed because it was pointing to to
data outside s->starts. After searching where this array was
being initialized<br>
<br>
and it's memory allocated (which was in search_init function), I
tried to allocate 10 bytes more for that pointer. After doing it,
there were no more issues. So I tried allocating just one byte
more which it seemed<br>
<br>
to be enough too (at least for the patterns I have searched for).
At this moment I understood this pointer (s->starts which was a
search_state->substr pointer inside the search_state structure)
was not having<br>
<br>
enough room for all the content needed to be stored, or at least
accesed when calling it. I checked then the code of Cyrus 2.3.18
and 2.3.19 but didn't see any kind of differences in the part of
the memory<br>
<br>
allocation (in search_init()) or usage (in bytesearch) for
s->starts. I deciced to check Cyrus 2.4 code and I saw it's
room was being allocated the following way :<br>
<br>
<br>
s->starts = xmalloc(s->max_start * sizeof(size_t));<br>
<br>
<br>
instead of that in 2.3 was done :<br>
<br>
<br>
s->starts = xmalloc(s->max_start * sizeof(int));<br>
<br>
<br>
So I understood s->starts should be allocated to the size of a
size_t type defined variable size, instead to the size of an
integer variable n times. After replacing it, has seen
definitively all seemed to be<br>
<br>
working. So wouldn't Cyrus 2.3 sources have this allocation in
search_init done with sizeof(size_t) instead of the sizeof(int)?.
I think this is important because else, when the first character
of a<br>
<br>
pattern is repeated more than one time, the pattern has a would
say patlen of 8-9 bytes and matches exist in the mailbox, that
search would end up with a proccess died due to a signal 11.<br>
<br>
<br>
My env is FreeBSD RELENG_9_0 OS with a Cyrus 2.3.18_1 port. Am I
wrong, shouldn't that allocation be changed?.<br>
<br>
<br>
Thanks a lot for your time,<br>
<br>
Best regards,<br>
</p>
<br>
<div class="moz-signature">-- <br>
<style>
body {
font-family:Helvetica, Arial, sans-serif;
font-size:12px;
color:#333;
}
.moz-signature { color:#333!important; }
.firmasarenet {
font-family:Helvetica, Arial, sans-serif;
text-align:left;
color:#333333;
}
.titulosarenet {
font-family:Helvetica, Arial, sans-serif;
font-weight:bold;
font-size:12px;
color:#333333;
}
.textosarenet {
font-family:Helvetica, Arial, sans-serif;
font-weight:bold;
font-size:12px;
color:#333333;
}
.dptosarenet { }
.imgsarenet { margin:0px 0px 10px 0px }
.imgsarenet img { }
.lnksarenet {
color:#007AC4!important;
font-size:12px;
line-height:1.2;
text-decoration:underline;
}
.firmasarenet a { color:#007ac4!important }
.imprimirsarenet {
font-family:Helvetica, Arial, sans-serif;
font-weight:normal;
font-size:10px;
line-height:1.2;
color:#006600
}
</style><br>
<br>
<div style="clear:both; text-align:left;" class="firmasarenet">
<div style="margin:0 0 10px 0" class="imgsarenet"><img
src="cid:part1.D55D3DE3.477FED3C@sarenet.es" alt="sarenet"></div>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:bold; font-size:14px; color:#333333"
class="titulosarenet"><strong>Egoitz Aurrekoetxea</strong></div>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:normal; font-size:12px; color:#333333"
class="dptosarenet">Departamento de sistemas</div>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:normal; font-size:12px; color:#333333"
class="textosarenet">944 209 470<br>
Parque Tecnológico. Edificio 103<br>
48170 Zamudio (Bizkaia)</div>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:normal; font-size:12px; color:#007AC4;
line-height:1.2" class="lnksarenet"><a
href="mailto:egoitz@sarenet.es" id="mailto" style="
font-size:12px; color:#007AC4; text-decoration:underline;"><label
id="label_email">egoitz@sarenet.es</label></a></div>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:normal; font-size:12px; color:#007AC4;
line-height:1.2" class="lnksarenet"><a
href="http://www.sarenet.es" style=" font-size:12px;
color:#007AC4; text-decoration:underline;">www.sarenet.es</a></div>
<br>
<div style="font-family:Helvetica, Arial, sans-serif;
font-weight:normal; font-size:10px; color:#A0C361"
class="imprimirsarenet">Antes de imprimir este correo
electrónico piense si es necesario hacerlo.</div>
</div>
</div>
</body>
</html>