search for: t_pop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, antispam plugin version downloaded HEAD snapshot today. Leaked a t_pop() call in I/O handler 0x805b350 Raw backtrace: imap [0x80ad741] -> imap [0x80ad65c] -> imap(io_loop_handler _run+0x1ce) [0x80b35ce] -> imap(io_loop_run+0x28) [0x80b29a8] -> imap(main+0x5a0) [0x8063590] -> /lib/tls/i686/cmov/libc.so.6(__lib c_start_main+0xc8) [0xb7e37ea8] -> im...

Hello, I've just installed another postfix+dovecot based mail service (I love dovecot! :-), and I found this message "dict: Leaked a t_pop() call in I/O handler (nil)" being logged each time I authenticate against it via POP3 or IMAP. Searching through the code, I've found this (this is Dovecot v1.0.8): ---- src/dict/dict-cache.c ---- void dict_cache_unref(struct dict_cache *cache, const char *uri, co...

...01947 in raise () from /lib/tls/libc.so.6 #1 0xb7d030c9 in abort () from /lib/tls/libc.so.6 #2 0xb7e5126d in default_fatal_finish (type=<value optimized out>, status=0) at failures.c:164 #3 0xb7e512b5 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, fmt=0xb7e76391 "Leaked t_pop() call", args=0xbf82ac94 "\n") at failures.c:600 #4 0xb7e508d6 in i_panic (format=0xb7e76391 "Leaked t_pop() call") at failures.c:230 #5 0xb7e4ecb1 in t_pop_check (id=0xbf82acc8) at data-stack.c:267 #6 0x0804be7e in client_handle_input (client=0x8080f38) at pop3-clien...

...running dovecot 1.0.7 on CentOS 5.5, and I've configured it to work with PostfixAdmin (http://sourceforge.net/projects/postfixadmin/). Everything seems to work great, except for one problem. Any time a user logs in, I get errors like the following Jun 19 02:21:59 ve dovecot: dict: Leaked a t_pop() call in I/O handler (nil) Jun 19 02:21:59 ve dovecot: dict: Raw backtrace: dict [0x40e85e] -> dict [0x40e5cc] -> dict(io_loop_handler_run+0x1c9) [0x411279] -> dict(io_loop_run+0x18) [0x4106b8] -> dict(main+0x139) [0x408509] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x2ab19ec1...

...l () No symbol table info available. #1 0x00790fa0 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x007928b1 in abort () from /lib/libc.so.6 No symbol table info available. #3 0x080ca029 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, fmt=0x80ebb5c "Leaked a t_pop() call in timeout handler %p", args=0xbf8538b4 "\005\b\226\225~") at failures.c:424 backtrace = 0xa0e1168 "imap [0x80ca020] -> imap [0x80c9f2c] -> imap(io_loop_handle_timeouts+0x1b7) [0x80d0bc7] -> imap(io_loop_handler_run+0x69) [0x80d1309] -> imap(io_...

...ize_t)ret <= ctx->evbuf_size); + + /* loop through all received events */ + for (i = 0; i < ret; ++i) + { + struct io *io = ctx->evbuf[i].udata; + + t_id = t_push(); + io->callback(io->context); + if (t_pop() != t_id) + i_panic("Leaked a t_pop() call in I/O handler %p", + (void *)io->callback); + } +} + + +#endif // IOLOOP_KQUEUE + +/* +Local Variables: +eval: (c-set-style "linux") +whitespace-auto-cleanup: t +End: +*/

Here's another patch. This one isn't much different from the last patch, except it tries a little harder to make sure that the required fields are returned by the query (like the pgsql module does). One question about how t_strdup works. How and who should memory returned by t_strdup be freed? My patch has a function my_get_str() which returns the value of t_strdup, and then I do

...> > 291 ret = handlers[ctx->cur_handler]. > > 292 handler(ctx, ctx->cur_mail, > > 293 handlers[ctx->cur_handler].context); > > 294 t_pop(); > > 295 > > 296 if (ret == 0) > > 297 return 0; > > 298 > > 299 if (ret < 0) { > > 300 if (ctx->cur_mail->expunge...

...access" to do this.... *** src/lib-storage/index/mbox/mbox-storage.c.orig Tue Apr 15 14:04:02 2003 --- src/lib-storage/index/mbox/mbox-storage.c Wed May 14 16:04:39 2003 *************** *** 38,44 **** p++; } ! if (mkdir(dir, CREATE_MODE) < 0 && errno != EEXIST) { t_pop(); return -1; } --- 38,44 ---- p++; } ! if ( (access(dir,F_OK) != 0) && mkdir(dir, CREATE_MODE) < 0 && errno != EEXIST) { t_pop(); return -1; } - - - (Could also remove the && errno == EEXIST part - it's redundant when access(dir...

...; using > the unsafe datastack ("t_strdup_noconst") while the string is actually > returned in an async callback. > > Before it is handled by "client_dict_lookup", "client_dict_wait" > actually fires some IO loops that are more than likely to call "t_pop" > and free/flush the result string (I checked, it does call "t_pop" a > couple times indeed). Maybe it would be safer to use a standard > datastack pool when unescaping a string in that context. > > I could work on a patch that would: > > - add an optional &q...

...2) == 0); + for (i = 0; i < count; i += 2) { + if (args[i+1] == NULL) + value = NULL; + else { + str_truncate(str, 0); + var_expand(str, args[i+1], table); + value = str_c(str); + } + auth_stream_reply_add(reply, args[i], value); + } callback(reply, auth_request); + t_pop(); + } + + static struct userdb_module * + passwd_preinit(struct auth_userdb *auth_userdb, const char *args) + { + struct passwd_userdb_module *module; + const char *const *tmp, *key, *value; + + module = p_new(auth_userdb->auth->pool, struct passwd_userdb_module, 1); + + tmp = t_strsp...

...} else if ((io->condition & IO_READ) != 0) { + call = event->filter & EVFILT_READ; + } else if ((io->condition & IO_WRITE) != 0) { + call = event->filter & EVFILT_WRITE; + } + + if (call) { + t_id = t_push(); + io->callback(io->context); + if (t_pop() != t_id) + i_panic("Leaked a t_pop() call!"); + } + } + } +} + +#endif /* IOLOOP_KQUEUE */ diff -urpNX /usr/share/dontdiff dovecot-1.0-test51.vanilla/src/lib/Makefile.am dovecot-1.0-test51/src/lib/Makefile.am --- dovecot-1.0-test51.vanilla/src/lib/Makefile.am 2004-10-25 14:09:22....

..."t_strdup_noconst") while the string is actually > >> returned in an async callback. > >> > >> Before it is handled by "client_dict_lookup", "client_dict_wait" > >> actually fires some IO loops that are more than likely to call "t_pop" > >> and free/flush the result string (I checked, it does call "t_pop" a > >> couple times indeed). Maybe it would be safer to use a standard > >> datastack pool when unescaping a string in that context. > >> > >> I could work on a patch...

...+ call = TRUE; + } else if (io->condition & IO_READ) { + call = event->events & EPOLLIN; + } else if (io->condition & IO_WRITE) { + call = event->events & EPOLLOUT; + } + + if (call) { + t_id = t_push(); + io->callback(io->context); + if (t_pop() != t_id) + i_panic("Leaked a t_pop() call!"); + } + } + event++; + } +} + +#endif /* IOLOOP_EPOLL */ diff -urpNX /usr/share/dontdiff dovecot-cvs.vanilla/src/lib/Makefile.am dovecot-cvs/src/lib/Makefile.am --- dovecot-cvs.vanilla/src/lib/Makefile.am 2004-08-25 11:11:12.000000000...

...r & EVFILT_READ)) continue; } if (io->condition & IO_WRITE) { if (!(kev->filter & EVFILT_WRITE)) continue; } mark = 1; } } if (mark == 0) continue; /* no condition was satisfied */ t_id = t_push(); io->callback(io->context); if (t_pop() != t_id) i_panic("Leaked a t_pop() call!"); if (io->destroyed) io_destroy(ioloop, io); ret --; } } #endif

...eing recently in rc15 on Solaris 10. (gdb) bt full #0 0xff1c12a4 in ?? () No symbol table info available. #1 0xff140040 in ?? () No symbol table info available. #2 0x000786a8 in t_buffer_alloc (size=688976) at data-stack.c:346 __PRETTY_FUNCTION__ = "file %s: line %" #3 0x00078190 in t_pop () at data-stack.c:149 frame_block = (struct stack_frame_block *) 0x7fffffff #4 0x00042a90 in mbox_sync_update_status (ctx=0x8f7e0) at mbox-sync-update.c:267 No locals. #5 0x00041730 in mbox_sync_rewrite (sync_ctx=0xffbff548, mail_ctx=0x39d5, end_offset=14098141, move_diff=27645, extra_...

...c Sun Sep 30 18:03:17 2007 +0300 +++ b/src/lib-storage/index/maildir/maildir-storage.c Mon Oct 01 20:13:27 2007 +0100 @@ -937,6 +937,10 @@ static int rename_subfolders(struct inde t_push(); old_listname = t_strconcat(oldname, names[i], NULL); + if (strcmp(old_listname, newname) == 0) { + t_pop(); + continue; + } new_listname = t_strconcat(newname, names[i], NULL); oldpath = maildir_get_path(storage, old_listname); newpath = maildir_get_path(storage, new_listname);

...;fd) < 0) { mail_storage_set_critical(STORAGE(ctx->mbox->storage), "close(%s) failed: %m", path); @@ -297,6 +302,8 @@ if (mail_set_seq(dest_mail, ctx->seq) < 0) return -1; + + ((struct index_mail *)dest_mail)->data.physical_size = st.st_size; } t_pop(); /k -- Josh "Koshua" Goodall "as modern as tomorrow afternoon" joshua at roughtrade.net - FW109

..."read(%s) failed: %m", path); } size += ret; } if (ret < 0 || size == sizeof(buf)-1) { /* error / recalculation needed. */ (void)close(fd); t_pop(); return ret < 0 ? -1 : 0; } /* file is smaller than 5120 bytes, which means we can use it */ root->total_bytes = root->total_count = 0; /* skip the last line if there's no LF at the end */ while (size > 0 && buf[siz...

While trying to isolate properly and reproduce, I was able to trigger the same bug with the following code: struct dict *dict; char* dict_uri = "proxy::sieve"; char* key = "priv/key"; char* username = "admin at domain.tld"; char* value, error; dict_drivers_register_builtin(); dict_init(dict_uri, DICT_DATA_TYPE_STRING, username,