v2.3.6 message delete causes signal 10

Ken Murchison murch at andrew.cmu.edu
Fri Jun 30 15:01:03 EDT 2006 

Andrew Findlay wrote:
> On Fri, May 26, 2006 at 12:11:05PM -0400, Ken Murchison wrote:
> 
>>> Cyrus IMAP v2.3.3 (with sasl v2.1.21) ran fine.  Any ideas?
>> Can you get a backtrace from a core dump?
> 
> I have a similar problem using 2.3.6 murder on CentOS 4.3 (very like
> RHEL 4) on 32-bit x86.
> 
> In my case it is the front-end imap proxyd that crashes and the
> signal is 11 (SIGSEGV) but the case seems very similar: it happens
> when deleting messages and the traceback shows prot_printf() as the
> active function.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1208183104 (LWP 22222)]
> 0x0809462c in prot_printf (s=0x8312250, fmt=0x80aa579 " %s ") at prot.c:960
> 960     prot.c: No such file or directory.
>         in prot.c
> (gdb) where
> #0  0x0809462c in prot_printf (s=0x8312250, fmt=0x80aa579 " %s ") at prot.c:960
> #1  0x0805124b in cmd_store (tag=0x83126a8 "a0008", sequence=0x8312788 "8", usinguid=1)
>     at imapd.c:4169
> #2  0x0805f53b in cmdloop () at imapd.c:1640
> #3  0x08060687 in service_main (argc=1, argv=0x8308008, envp=0xbff0b8ac) at imapd.c:789
> #4  0x0804c545 in main (argc=1, argv=0xbff0b8a4, envp=0xbff0b8ac) at service.c:532
> (gdb) up
> #1  0x0805124b in cmd_store (tag=0x83126a8 "a0008", sequence=0x8312788 "8", usinguid=1)
>     at imapd.c:4169
> 4169    imapd.c: No such file or directory.
>         in imapd.c
> (gdb) print tag
> $1 = 0x83126a8 "a0008"
> (gdb) print operation
> $2 = {s = 0x0, len = 0, alloc = 0}
> (gdb) print &operation
> $3 = (struct buf *) 0x8135d20
> (gdb) print tag
> $4 = 0x83126a8 "a0008"
> (gdb) print cmd
> $5 = 0x80aa558 "UID Store"
> (gdb) print sequence
> $6 = 0x8312788 "8"
> (gdb) print operation
> $7 = {s = 0x0, len = 0, alloc = 0}
> 
> I think the problem is the last parameter to the prot_printf call:
> in cmd_store() the call looks like this:
> 
>     if (backend_current) {
>         /* remote mailbox */
>         prot_printf(backend_current->out, "%s %s %s %s ",
>                     tag, cmd, sequence, operation);
>         pipe_command(backend_current, 65536);
>         return;
>     }
> 
> 'operation' is declared as:
> 
> 	static struct buf operation, flagname;
> 
> but it is not assigned a value before prot_printf() is called so
> when prot_printf() tries to do strlen() it gets SEGV.

OK.  I see the problem, I just need to come up with a fix.


> I am not sure what is intended here, nor am I sure why we are doing
> a STORE operation in the first place!

Remember that IMAP uses a DELETE+EXPUNGE model.  So, first the message 
is marked as deleted (by STOREing the \Deleted flag), and then 
eventually \Deleted messages are EXPUNGEd.

-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University

More information about the Info-cyrus mailing list