squatted inboxes crash imapd?

Simon Josefsson Thu, 09 May 2002 11:51:23 -0700

syslog:

May  9 20:48:45 yxa imapd[7371]: open: user jas opened INBOX.msec
May  9 20:48:45 yxa master[13500]: process 7371 exited, signaled to death by 11


imap protocol dump:

1209 SELECT "INBOX.msec"
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]  
* 385 EXISTS
* 0 RECENT
* OK [UNSEEN 385]  
* OK [UIDVALIDITY 981853185]  
* OK [UIDNEXT 387]  
1209 OK [READ-WRITE] Completed
1210 UID SEARCH UNSEEN UNDELETED
1211 UID SEARCH SEEN

gdb:

(gdb) bt
#0  0x08075e1e in memconst (s=0x4160dffb "", len=16, v=0) at squat.c:80
#1  0x08076031 in squat_search_open (fd=15) at squat.c:133
#2  0x08075c12 in search_squat (msg_list=0x8122d20, mailbox=0x810c800, 
    searchargs=0x81223f8) at search_engines.c:257
#3  0x08075db5 in search_prefilter_messages (msg_list=0x8122d20, 
    mailbox=0x810c800, searchargs=0x81223f8) at search_engines.c:309
#4  0x0805d399 in _index_search (msgno_list=0xbfffe3a8, mailbox=0x810c800, 
    searchargs=0x81223f8) at index.c:1022
#5  0x0805d51f in index_search (mailbox=0x810c800, searchargs=0x81223f8, 
    usinguid=1) at index.c:1087
#6  0x08054c6c in cmd_search (tag=0x8120b28 "1227", usinguid=1) at imapd.c:3267
#7  0x08050bd2 in cmdloop () at imapd.c:1403
#8  0x0804e711 in service_main (argc=1, argv=0xbfffed74, envp=0xbfffed7c)
    at imapd.c:650
#9  0x0804c9f4 in main (argc=1, argv=0xbfffed74, envp=0xbfffed7c)
    at service.c:444
#10 0x40222647 in __libc_start_main (main=0x804c4c0 <main>, argc=1, 
    ubp_av=0xbfffed74, init=0x804b1dc <_init>, fini=0x8089140 <_fini>, 
    rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbfffed6c)
    at ../sysdeps/generic/libc-start.c:129
(gdb) 

patch:

Index: squat.c
===================================================================
RCS file: /cvs/src/cyrus/imap/squat.c,v
retrieving revision 1.2
diff -u -r1.2 squat.c
--- squat.c     2002/02/19 18:50:14     1.2
+++ squat.c     2002/05/09 18:54:21
@@ -74,7 +74,7 @@
 
 /* Returns true IFF the 'len' bytes starting at 's' are each equal to 'v' */
 static int memconst(char const* s, int len, char v) {
-  while (len > 0 && *s == v) {
+  while (len > 0 && *s == v && *s) {
     s++;
     len--;
   }

I'm not sure if the patch is the correct one given in the broader
context, possibly the return condition should be extended to return
non-0 if the end of s was reached as well.

squatted inboxes crash imapd?

Reply via email to