Ubuntu
courier package

sqwebmail segfaults when trying to read a message

Bug #1000583 reported by Antoine Guigan
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
courier (Gentoo Linux)
Fix Released
Medium
courier (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Each time a user tries to read a message on the web interface, he is disconnected.

I have this kind of message in /var/log/syslog

May 17 07:59:54 www kernel: sqwebmaild[22715]: segfault at 0 ip 00007fa77097cb91 sp 00007fffcf415048 error 4 in libc-2.15.so[7fa7708f4000+1b3000]

This bug appeared yesterday on Ubuntu 12.04 LTS on version 0.66.1-1ubuntu4 of sqwebmail

Tags: patch

Related branches

lp:ubuntu/precise/courier
Revision history for this message
In , Maekke-gentoo (maekke-gentoo) wrote :
Download full text (7.3 KiB)

Created attachment 283235
mail-filter:maildrop-2.5.4:20110813-112352.log

this is on arm, but also seems to happen on ia64 and is a regression compared to current stable.

make[2]: Entering directory `/var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045'
/bin/sh ./testsuite | cmp -s - ./testsuite.txt.idn
./testsuite: line 142: 24116 Segmentation fault LANG=en_US.utf-8 ./reformime -i < ./testsuite.dat
make[2]: *** [check-am] Error 1
make[2]: Leaving directory `/var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045'
make[1]: *** [check] Error 2
make[1]: Leaving directory `/var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045'
make: *** [check-recursive] Error 1
 * ERROR: mail-filter/maildrop-2.5.4 failed (test phase):
 * Make check failed. See above for details.
 *
 * Call stack:
 * ebuild.sh, line 56: Called src_test
 * environment, line 3150: Called _eapi0_src_test
 * ebuild.sh, line 638: Called die
 * The specific snippet of code:
 * hasq test $FEATURES && die "Make check failed. See above for details."

running this particular test in gdb:
# LANG=en_US.utf-8 gdb ./reformime
GNU gdb (Gentoo 7.2 p1) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv5tel-softfloat-linux-gnueabi".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime...done.
(gdb) set args -i < ./testsuite.dat
(gdb) run
Starting program: /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime -i < ./testsuite.dat

Program received signal SIGSEGV, Segmentation fault.
0x4010d988 in strspn () from /lib/libc.so.6
(gdb) bt full
#0 0x4010d988 in strspn () from /lib/libc.so.6
No symbol table info available.
#1 0x4010e29c in strtok () from /lib/libc.so.6
No symbol table info available.
#2 0x0000b3c0 in main2 (argc=2, argv=0xbeffe904) at reformime.c:1153
        mimesection = <value optimized out>
        dodecodehdr = 0
        p = 0x29840
        rwmode = 0
        dodsn = 0
        domimedigest = 0
        dodecodeaddrhdr = 0
        convtoutf8 = 0
        do_extract = <value optimized out>
        doinfo = 1
        dorewrite = 0
        optc = <value optimized out>
        dodecode = 0
        doencodemime = 0
        dovalidate = 0
        rc = <value optimized out>
        argn = 2
        doencodemimehdr = 0
        extract_filename = 0x17d4c ""
#3 main (argc=2, argv=0xbeffe904) at reformime.c:1224
        rc = <value optimized out>

Portage 2.1.10.3 (default/linux/arm/10.0/desktop, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39.3 armv5tel)
=================================================================
System uname: Linux-2.6.39.3-armv5tel-Feroceon_88FR131_rev_1_-v5l-with-gentoo-2.0.3
Timestamp of tree: Sat, 13 Aug 2011 10:00:01 +0000
app-shells/bash: ...

Read more...

Revision history for this message
In , Eras (eras) wrote :

Fixed (hopefully) without a rev bump. Can you please check and confirm? Thank you.

+ 15 Aug 2011; Eray Aslan <email address hidden> maildrop-2.5.4.ebuild,
+ +files/maildrop-2.5.4-reformime.patch:
+ Fix segfault in reformime on some arches - bug #379101
+

Revision history for this message
In , Eras (eras) wrote :

@maekke: ping

Revision history for this message
In , Maekke-gentoo (maekke-gentoo) wrote :

(In reply to comment #2)
> @maekke: ping

sorry for the delay, issue is not fixed (armin76 confirmed that on ia64):

# LANG=en_US.utf-8 gdb ./reformime
GNU gdb (Gentoo 7.2 p1) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv5tel-softfloat-linux-gnueabi".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime...done.
(gdb) set args -i <./testsuite.dat
(gdb) run
Starting program: /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime -i <./testsuite.dat

Program received signal SIGSEGV, Segmentation fault.
0x4010f988 in strspn () from /lib/libc.so.6
(gdb) bt full
#0 0x4010f988 in strspn () from /lib/libc.so.6
No symbol table info available.
#1 0x4011029c in strtok () from /lib/libc.so.6
No symbol table info available.
#2 0x0000b340 in main2 (argc=2, argv=0xbeffe904) at reformime.c:1153
        mimesection = <value optimized out>
        dodecodehdr = 0
        p = 0x29840
        rwmode = 0
        dodsn = 0
        domimedigest = 0
        dodecodeaddrhdr = 0
        convtoutf8 = 0
        do_extract = <value optimized out>
        section = 0x0
        doinfo = 1
        dorewrite = 0
        optc = <value optimized out>
        dodecode = 0
        doencodemime = 0
        dovalidate = 0
        rc = <value optimized out>
        argn = 2
        doencodemimehdr = 0
        extract_filename = 0x17ccc ""
#3 main (argc=2, argv=0xbeffe904) at reformime.c:1224
        rc = <value optimized out>

Revision history for this message
In , Raúl Porcel (armin76) wrote :

+1, fails on alpha,ia64,s390,sparc

Revision history for this message
In , Eras (eras) wrote :

+ 31 Aug 2011; Eray Aslan <email address hidden>
+ files/maildrop-2.5.4-reformime.patch:
+ Fix segfault in reformime - bug #379101. Take two
+

Patch revised without a rev bump. Please test when you can. Also, upstream prefers a traceback with a build that disables compiler optimizations if there is still a problem. Thanks.

Revision history for this message
In , Maekke-gentoo (maekke-gentoo) wrote :

(In reply to comment #5)
> + 31 Aug 2011; Eray Aslan <email address hidden>
> + files/maildrop-2.5.4-reformime.patch:
> + Fix segfault in reformime - bug #379101. Take two
> +
>
> Patch revised without a rev bump. Please test when you can. Also, upstream
> prefers a traceback with a build that disables compiler optimizations if there
> is still a problem. Thanks.

now we're at reformime.c:1160. backtrace without optimizations:

# LANG=en_US.utf-8 gdb ./reformime
GNU gdb (Gentoo 7.2 p1) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv5tel-softfloat-linux-gnueabi".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime...done.
(gdb) set args -i <./testsuite.dat
(gdb) run
Starting program: /var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4/rfc2045/reformime -i <./testsuite.dat
section: 1
content-type: text/plain
content-transfer-encoding: 8bit
charset: utf-8
content-description: H��la! test H��la! H��la! test
starting-pos: 0
starting-pos-body: 188
ending-pos: 196
line-count: 7
body-line-count: 1

Program received signal SIGSEGV, Segmentation fault.
0x4010f988 in strspn () from /lib/libc.so.6
(gdb) bt full
#0 0x4010f988 in strspn () from /lib/libc.so.6
No symbol table info available.
#1 0x4011029c in strtok () from /lib/libc.so.6
No symbol table info available.
#2 0x0000ca28 in main2 (mimecharset=0x314e4 "UTF-8", argc=2, argv=0xbeffe904) at reformime.c:1160
        argn = 2
        optc = 105 'i'
        optarg = 0x0
        mimesection = 0x0
        section = 0x0
        doinfo = 1
        dodecode = 0
        dorewrite = 0
        dodsn = 0
        domimedigest = 0
        dodecodehdr = 0
        dodecodeaddrhdr = 0
        doencodemime = 0
        doencodemimehdr = 0
        decode_header = 0x21494 ""
        p = 0x32840
        rwmode = 0
        convtoutf8 = 0
        dovalidate = 0
        do_extract = 0
        extract_filename = 0x0
        rc = 0
#3 0x0000ccc4 in main (argc=2, argv=0xbeffe904) at reformime.c:1224
        rc = 0
(gdb)

Revision history for this message
In , Eras (eras) wrote :

+ 05 Sep 2011; Eray Aslan <email address hidden>
+ files/maildrop-2.5.4-reformime.patch:
+ Revized patch for bug #379101
+

Patch revised once again hopefully this time fixing the segfault. Please test when you can. Thank you.

Revision history for this message
In , Maekke-gentoo (maekke-gentoo) wrote :

(In reply to comment #7)
> + 05 Sep 2011; Eray Aslan <email address hidden>
> + files/maildrop-2.5.4-reformime.patch:
> + Revized patch for bug #379101
> +
>
> Patch revised once again hopefully this time fixing the segfault. Please test
> when you can. Thank you.

make[2]: Leaving directory `/var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4'
make[1]: Leaving directory `/var/tmp/portage/mail-filter/maildrop-2.5.4/work/maildrop-2.5.4'
>>> Completed installing maildrop-2.5.4 into /var/tmp/portage/mail-filter/maildrop-2.5.4/image/

yes, now it seems to be fine, also confirmed by armin76 on ia64, thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in courier (Ubuntu):
status: New → Confirmed
Revision history for this message
Lowell Filak (lfilak) wrote :

sqwebmail in 12.04.1 segfaults when it should show a mail content.

Ubuntu-version:
Description: Ubuntu 12.04.1 LTS
Release: 12.04
x86_64

dmesg Output:
sqwebmaild[15168]: segfault at 8 ip 00007f9f63ccd101 sp 00007fff1ece3c48 error 4 in libc-2.15.so[7f9f63c44000+1b5000]

apt-cache policy sqwebmail
sqwebmail:
  Installed: 0.66.1-1ubuntu4
  Candidate: 0.66.1-1ubuntu4
  Version table:
 *** 0.66.1-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
        100 /var/lib/dpkg/status

When preferences are changed to "show all headers" there is no failure, and the mail content is displayed correctly.

The following thread may have resulted in a fix in new version 5.6.0:
http://blog.gmane.org/gmane.mail.imap.courier.sqwebmail/month=20110501

The following bug for php5-fpm exhibits the same libc-2.15.so error and has been fixed:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1006738

Revision history for this message
Lowell Filak (lfilak) wrote :

It appears that fix was made in 5.5.3 version:

2011-09-06 Sam Varshavchik <email address hidden>
        * rfc2045/reformime.c (main2): Fixed segfault on some arches from an
        initial null given to strtok.

change from:

mimesection = strtok(section,",")

to:

mimesection = section ? strtok(section, ","):NULL;

Bug Watch Updater (bug-watch-updater)
Changed in courier (Gentoo Linux):
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
Lowell Filak (lfilak) wrote :

Additional information, patch and origina are located at the following link:
http://comments.gmane.org/gmane.mail.maildrop/5064

Revision history for this message
Lowell Filak (lfilak) wrote :

I don't want to link the following bug because it is not the exact same error. However, the discussion on the bug resolves/nullifies compatability issues encountered when packaging the a newer upstream version. The newer version resolves the original core dump.
This is a severe error for the courier package on some architechtures. Many functions of courier depend on the reformime.c code, IE. maildrop & sqwebmail.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580682

Revision history for this message
Lowell Filak (lfilak) wrote :

reformime.patch

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "reformime.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.