segfault in ctl_cyrusdb/cyr_expire/lmtpd
Dmitry Katsubo
dmitry.katsubo at gmail.com
Tue Nov 13 13:00:22 EST 2012
On 13.11.2012 10:02, Bron Gondwana wrote:
> On Tue, Nov 13, 2012, at 01:43 AM, Dmitry Katsubo wrote:
>> On 27.10.2012 1:50, Dmitry Katsubo wrote:
>>> Dear Cyrus developers,
>>>
>>> I am experiencing segfaults for cyrus-imapd v2.4.16 in my environment:
>>>
>>> Aug 29 11:51:35 ctl_cyrusdb[3713]: segfault at 0 ip b7255d76 sp bfdff308 error 6 in libc-2.13.so[b71de000+156000]
>>> Aug 29 11:51:35 cyr_expire[3728]: segfault at 0 ip b727dd76 sp bf8876e8 error 6 in libc-2.13.so[b7206000+156000]
>>> Aug 29 12:03:04 lmtpd[6190]: segfault at 0 ip b7063d76 sp bfcdde18 error 6 in libc-2.13.so[b6fec000+156000]
>>> Aug 29 12:03:04 lmtpd[6196]: segfault at 0 ip b71f4d76 sp bfdc4d48 error 6 in libc-2.13.so[b717d000+156000]
>>> Aug 29 12:03:04 lmtpd[6197]: segfault at 0 ip b70d4d76 sp bfcf8f48 error 6 in libc-2.13.so[b705d000+156000]
>>> Aug 29 12:03:37 lmtpd[7628]: segfault at 0 ip b70f8d76 sp bff07348 error 6 in libc-2.13.so[b7081000+156000]
>
> You have bogus data in your mailboxes.db - you need to make sure every line ends with a tab. If your dump and restore didn't add the tab, then it is broken.
Hi Bron,
Thanks for help. Indeed the problem is rooted in how mailboxes.db is
handled. The problem which I was trying to tackle here
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604468
was that partition name was ending with a tab, while the code expected
the space. Here does the dump of header of my mailboxes.db:
> 00000000 a1 02 8b 0d 73 6b 69 70 6c 69 73 74 20 66 69 6c |....skiplist fil|
> 00000010 65 00 00 00 00 00 00 01 00 00 00 02 00 00 00 14 |e...............|
> 00000020 00 00 00 07 00 00 00 46 00 00 15 f0 50 a1 8d b0 |.......F....P...|
> 00000030 00 00 01 01 00 00 00 00 00 00 00 00 00 00 00 90 |................|
> 00000040 00 00 00 90 00 00 01 14 00 00 01 14 00 00 01 14 |................|
> 00000050 00 00 06 6c 00 00 06 6c 00 00 00 00 00 00 00 00 |...l...l........|
> 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00000080 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff |................|
> 00000090 00 00 00 01 00 00 00 0b 75 73 65 72 2e 64 6d 69 |........user.dmi|
> 000000a0 74 72 79 00 00 00 00 1b 30 20 64 65 66 61 75 6c |try.....0 defaul|
> 000000b0 74 09 64 6d 69 74 72 79 09 6c 72 73 77 69 70 63 |t.dmitry.lrswipc|
> 000000c0 64 61 09 00 00 00 00 d0 00 00 01 14 ff ff ff ff |da..............|
> 000000d0 00 00 00 01 00 00 00 14 75 73 65 72 2e 64 6d 69 |........user.dmi|
> 000000e0 74 72 79 2e 41 72 63 68 69 76 65 73 00 00 00 1b |try.Archives....|
> 000000f0 30 20 64 65 66 61 75 6c 74 09 64 6d 69 74 72 79 |0 default.dmitry|
> 00000100 09 6c 72 73 77 69 70 63 64 61 09 00 00 00 01 14 |.lrswipcda......|
> 00000110 ff ff ff ff 00 00 00 01 00 00 00 19 75 73 65 72 |............user|
> 00000120 2e 64 6d 69 74 72 79 2e 41 72 63 68 69 76 65 73 |.dmitry.Archives|
> 00000130 2e 32 30 31 30 00 00 00 00 00 00 1b 30 20 64 65 |.2010.......0 de|
> 00000140 66 61 75 6c 74 20 64 6d 69 74 72 79 09 6c 72 73 |fault dmitry.lrs|
> 00000150 77 69 70 63 64 61 09 00 00 00 01 70 00 00 01 70 |wipcda.....p...p|
> 00000160 00 00 02 98 00 00 06 6c 00 00 06 6c ff ff ff ff |.......l...l....|
...
If you tell me, how correctly should I export and import back
mailboxes.db (perhaps with db_dump / db_load). Perhaps I was trapped by
this issue:
> http://www.mail-archive.com/cyrus-devel@lists.andrew.cmu.edu/msg00305.html
as I would have dumped/restored the mailbox one day.
BTW ctl_mboxlist aborts now in my environment:
# ctl_mboxlist -d
Aborted
> That said, it shouldn't be crashing in 2.4.16!
Well, there is a check for data length:
while (*p != ' ' && (p - data) < datalen) {
*q++ = *p++;
}
but still the pointer goes far beyond the expected point, perhaps
causing the trouble in another place.
--
With best regards,
Dmitry
More information about the Info-cyrus
mailing list