dovecot - Jul 2008 - Dovecot-1.1.1 with quota and antispam plugin - segmentation fault

Hello! 

I have port-built dovecot-1.1.1 on freebsd 6.3 i386 box.

There is signal 11 on imap child occurs every time when i'm trying to send
email.
In fact, email is sending to MTA correctly, but when message moving to Sent
folder segmentation error appears.

I built dovecot and antispam plugin with -g3 -O0 -pipe

With GDB I recieve next:

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging
symbols
found)...
Attaching to program: /usr/local/libexec/dovecot/imap, process 10427
Reading symbols from /usr/local/lib/libiconv.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from
/usr/local/lib/dovecot/imap/lib10_quota_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib10_quota_plugin.so
Reading symbols from /usr/lib/librpcsvc.so.3...done.
Loaded symbols for /usr/lib/librpcsvc.so.3
Reading symbols from
/usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so
Reading symbols from
/usr/local/lib/dovecot/imap/lib90_antispam_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib90_antispam_plugin.so
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
0x182b7eeb in kevent () from /lib/libc.so.6
(gdb) Signal        Stop        Print   Pass to program Description
SIGPIPE       No        Yes     Yes             Broken pipe
(gdb) Signal        Stop        Print   Pass to program Description
SIGALRM       No        No      Yes             Alarm clock
(gdb) Signal        Stop        Print   Pass to program Description
SIG32         No        Yes     Yes             Real-time event 32
(gdb) Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x080a968c in mail_get_physical_size ()
(gdb) #0  0x080a968c in mail_get_physical_size ()
No symbol table info available.
#1  0x1831d07a in quota_try_alloc (ctx=0x8128700, mail=0x0,
    too_large_r=0xbfbfe74b) at quota.c:797
        size = 4
        ret = 0
#2  0x183213ce in quota_check (t=0x812e580, mail=0x0) at
quota-storage.c:148
        qt = (struct quota_transaction_context *) 0x8128700
        ret = 134728787
        too_large = 191
#3  0x18321740 in quota_save_finish (ctx=0x8152028) at quota-storage.c:251
        qt = (struct quota_transaction_context *) 0x8128700
        qbox = (struct quota_mailbox *) 0x81381e8
#4  0x1833212f in antispam_save_finish (ctx=0x8152028)
    at antispam-storage-1.1.c:178
        asbox = (struct antispam_mailbox *) 0x8138280
        ast = (struct antispam_internal_context *) 0x812b270
        dest_mail = (struct mail *) 0x4
        ret = 0
#5  0x080ac4ed in mailbox_save_finish ()
No symbol table info available.
#6  0x08059caa in _start ()
No symbol table info available.
#7  0x080590f3 in _start ()
No symbol table info available.
#8  0x080ee05d in io_loop_handler_run ()
No symbol table info available.
#9  0x080ed385 in io_loop_run ()
No symbol table info available.
#10 0x0806a6ff in main ()
No symbol table info available.
(gdb) Detaching from program: /usr/local/libexec/dovecot/imap, process
10427

Hi again!


I've make some investigation and found next in 

dovecot-1.1.1/src/plugins/quota/quota-storage.c
  242 static int quota_save_finish(struct mail_save_context *ctx)
  243 {
  244 	struct quota_transaction_context *qt QUOTA_CONTEXT(ctx->transaction);
  245 	struct quota_mailbox *qbox = QUOTA_CONTEXT(ctx->transaction->box);
  246 
  247 	if (qbox->module_ctx.super.save_finish(ctx) < 0)
  248 		return -1;
  249 
  250 	qbox->save_hack = TRUE;
  251 	return quota_check(ctx->transaction, ctx->dest_mail != NULL ?
  252 			   ctx->dest_mail : qt->tmp_mail);
  253 }


and in src/dovecot-antispam/antispam-storage-1.1.c

    169 static int antispam_save_finish(struct mail_save_context *ctx)
    170 {
    171         struct antispam_mailbox *asbox     172                
ANTISPAM_CONTEXT(ctx->transaction->box);
    173         struct antispam_internal_context *ast     174                
ANTISPAM_CONTEXT(ctx->transaction);
    175         struct mail *dest_mail;
    176         int ret;
    177
    178         if (asbox->module_ctx.super.save_finish(ctx) < 0)
    179                 return -1;
    180
    181         dest_mail = ctx->dest_mail ? : ast->mail;
    182
    183         asbox->save_hack = TRUE;
    184
    185         ret = 0;
    186
    187         switch (asbox->movetype) {
    188         case MMT_UNINTERESTING:
    189                 break;
    190         case MMT_APPEND:



PS: I've tried to recompile dovecot and plugin with gcc43 instead of
gcc2.95 and with -O0 optimizations - same error in a same place.
As I understood segfault appears when sent message moving in sent folder or
when draft message appears in draft. I think it occurs when both plugins
trying to save same message

WBR, Mike


On Fri, 11 Jul 2008 10:48:13 +0300, <mike at mrgfd.org.ua>
wrote:
> 
> Hello! 
> 
> I have port-built dovecot-1.1.1 on freebsd 6.3 i386 box.
> 
> There is signal 11 on imap child occurs every time when i'm trying to
send
> email.
> In fact, email is sending to MTA correctly, but when message moving to
> Sent
> folder segmentation error appears.
> 
> I built dovecot and antispam plugin with -g3 -O0 -pipe
> 
> With GDB I recieve next:
> 
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty"
for
> details.
> This GDB was configured as "i386-marcel-freebsd"...(no debugging
symbols
> found)...
> Attaching to program: /usr/local/libexec/dovecot/imap, process 10427
> Reading symbols from /usr/local/lib/libiconv.so.3...(no debugging symbols
> found)...done.
> Loaded symbols for /usr/local/lib/libiconv.so.3
> Reading symbols from /lib/libc.so.6...(no debugging symbols
found)...done.
> Loaded symbols for /lib/libc.so.6
> Reading symbols from
> /usr/local/lib/dovecot/imap/lib10_quota_plugin.so...done.
> Loaded symbols for /usr/local/lib/dovecot/imap/lib10_quota_plugin.so
> Reading symbols from /usr/lib/librpcsvc.so.3...done.
> Loaded symbols for /usr/lib/librpcsvc.so.3
> Reading symbols from
> /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so...done.
> Loaded symbols for /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so
> Reading symbols from
> /usr/local/lib/dovecot/imap/lib90_antispam_plugin.so...done.
> Loaded symbols for /usr/local/lib/dovecot/imap/lib90_antispam_plugin.so
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> 0x182b7eeb in kevent () from /lib/libc.so.6
> (gdb) Signal        Stop        Print   Pass to program Description
> SIGPIPE       No        Yes     Yes             Broken pipe
> (gdb) Signal        Stop        Print   Pass to program Description
> SIGALRM       No        No      Yes             Alarm clock
> (gdb) Signal        Stop        Print   Pass to program Description
> SIG32         No        Yes     Yes             Real-time event 32
> (gdb) Continuing.
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x080a968c in mail_get_physical_size ()
> (gdb) #0  0x080a968c in mail_get_physical_size ()
> No symbol table info available.
> #1  0x1831d07a in quota_try_alloc (ctx=0x8128700, mail=0x0,
>     too_large_r=0xbfbfe74b) at quota.c:797
>         size = 4
>         ret = 0
> #2  0x183213ce in quota_check (t=0x812e580, mail=0x0) at
> quota-storage.c:148
>         qt = (struct quota_transaction_context *) 0x8128700
>         ret = 134728787
>         too_large = 191
> #3  0x18321740 in quota_save_finish (ctx=0x8152028) at
quota-storage.c:251
>         qt = (struct quota_transaction_context *) 0x8128700
>         qbox = (struct quota_mailbox *) 0x81381e8
> #4  0x1833212f in antispam_save_finish (ctx=0x8152028)
>     at antispam-storage-1.1.c:178
>         asbox = (struct antispam_mailbox *) 0x8138280
>         ast = (struct antispam_internal_context *) 0x812b270
>         dest_mail = (struct mail *) 0x4
>         ret = 0
> #5  0x080ac4ed in mailbox_save_finish ()
> No symbol table info available.
> #6  0x08059caa in _start ()
> No symbol table info available.
> #7  0x080590f3 in _start ()
> No symbol table info available.
> #8  0x080ee05d in io_loop_handler_run ()
> No symbol table info available.
> #9  0x080ed385 in io_loop_run ()
> No symbol table info available.
> #10 0x0806a6ff in main ()
> No symbol table info available.
> (gdb) Detaching from program: /usr/local/libexec/dovecot/imap, process
> 10427