Ubuntu
spamprobe package

spamprobe crashes on email containing images

Bug #1882418 reported by Scott Pakin on 2020-06-07

26

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	spamprobe (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Since upgrading from eoan to focal, spamprobe crashes when performing any processing on a mail file containing images. Try running "spamprobe spam bad-email" using the attached bad-email file, which has an embedded PNG image. I observe the following:

    $ spamprobe spam bad-email
    caught signal 11: quitting
    Aborted (core dumped)

Here's the backtrace I get from gdb:

#0 0x00007ffff79a2553 in _Unwind_Resume () from /lib/x86_64-linux-gnu/libgcc_s.so.1
#1 0x0000555555562751 in PngParser::parseImage (this=0x55555565a8e0) at PngParser.cc:77
#2 0x000055555558e51f in TraditionalMailMessageParser::parseBodyText (this=0x7fffffffd400, source=<optimized out>) at TraditionalMailMessageParser.cc:208
#3 0x000055555558ebc3 in TraditionalMailMessageParser::parseBody (this=0x7fffffffd400, source=0x555555653b10) at TraditionalMailMessageParser.cc:291
#4 0x000055555558ea2b in TraditionalMailMessageParser::parseBody (this=0x7fffffffd400, source=0x5555555dea50) at ../../src/includes/Ref.h:262
#5 0x000055555558db91 in TraditionalMailMessageParser::parseMailMessage (this=this@entry=0x7fffffffd400, source=source@entry=0x5555555dea50) at TraditionalMailMessageParser.cc:86
#6 0x000055555556a695 in AbstractMessageCommand::processMailReader (this=0x5555555dcea0, config=..., filter=..., purger=..., stream_file=0x7fffffffd7c0, mail_reader=...) at AbstractMessageCommand.cc:87
#7 0x000055555556ae41 in AbstractMessageCommand::processFile (this=0x5555555dcea0, config=..., filter=..., stream_file=0x7fffffffd7c0) at AbstractMessageCommand.cc:170
#8 0x000055555556a34d in AbstractFileCommand::execute (this=0x5555555dcea0, config=..., filter=...) at AbstractFileCommand.cc:74
#9 0x0000555555566e76 in main (argc=3, argv=<optimized out>) at ../../src/includes/Ref.h:252

Interestingly, when passing in a message with an embedded JPEG image, spamprobe crashes at the comparable location in JpegParser.cc (line 65).

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: spamprobe 1.4d-14build2
ProcVersionSignature: Ubuntu 5.4.0-33.37-generic 5.4.34
Uname: Linux 5.4.0-33-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.2
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: MATE
Date: Sun Jun 7 01:50:31 2020
InstallationDate: Installed on 2013-01-14 (2701 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
SourcePackage: spamprobe
UpgradeStatus: Upgraded to focal on 2020-06-07 (0 days ago)

Tags:

Revision history for this message

Scott Pakin (pakin) wrote on 2020-06-07:

#1

Spam message containing an image Edit (149.8 KiB, text/plain)
Dependencies.txt Edit (1.5 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (136 bytes, text/plain; charset="utf-8")

Revision history for this message

Scott Pakin (pakin) wrote on 2020-06-07:

#2

Workaround for images crashing spamprobe Edit (958 bytes, text/plain)

Here's a patch that at least catches and discards the segfaults. Image processing shouldn't fault to begin with, but this patch at least makes spamprobe usable again.

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2020-06-08:

#3

The attachment "Workaround for images crashing spamprobe" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-10-12:

#4

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in spamprobe (Ubuntu):
status:	New → Confirmed

Revision history for this message

Joseph Ishac (jishac) wrote on 2021-01-10:

#5

I have not had a chance to dig into it too deeply, but it seems that disabling optimization fixes the issue.

I tried this and it worked for the current code without Scott's workaround.

$ ./configure
$ make
$ cat bad-email | src/spamprobe/spamprobe score
caught signal 11: quitting
Aborted (core dumped)

$ ./configure CFLAGS="-g -O0" CXXFLAGS="-g -O0"
$ make
$ cat bad-email | src/spamprobe/spamprobe score
SPAM 0.9998084 cfcec7da0b41bbc85bb2f4816c09dd21

Revision history for this message

Brian Burton (btburton) wrote on 2021-01-11:

#6

LibPNG uses setjmp/longjmp for error handling. The optimizer could be making changes that affect those macros. Building without them might be the best workaround.

Revision history for this message

Scott Pakin (pakin) wrote on 2021-01-11:

#7

How about LibJPEG? JPEG images lead to crashes, too.

Revision history for this message

Joseph Ishac (jishac) wrote on 2021-01-11:

#8

Minor patch which cleans up some types and return values and seems to make the optimizer (-O2) happy and prevent segfaults when processing emails with images. Edit (3.4 KiB, text/plain)

I believe I have corrected the issue. I would propose that this minor patch be tested by others impacted. It seems to clean up the issue by simply adding some missing return codes (and I happened to fix a few types that compiler was complaining about as well).

The changes seem to make the compiler and optimizer happy.

Revision history for this message

Joseph Ishac (jishac) wrote on 2021-01-11:

#9

FWIW, I just realized that the deb package runs configure with some parameters, --enable-default-8bit and --enable-cdb

If you were like me and didn't enable "--enable-cdb" in the past you may run into the following error 'BDB0075 DB_PAGE_NOTFOUND: Requested page not found (-30986)'. I recompiled without CDB, exported my keys, recompiled with CDB, imported to a fresh DB and all seems happy.

Revision history for this message

Scott Pakin (pakin) wrote on 2021-01-12:

#10

Joseph: Your patch works for me! I applied it to the Ubuntu package and rebuilt it (i.e., retaining the existing configure options, compiler/linker flags, all the other patches, etc.), and it appears that the crashes I was seeing have gone away.

Before:
$ cat /tmp/junk.mbox | ./debian/spamprobe/usr/bin/spamprobe spam
caught signal 11: quitting
Aborted (core dumped)

After:
$ cat /tmp/junk.mbox | ./debian/spamprobe/usr/bin/spamprobe spam

Thanks for creating the patch. I hope the spamprobe package maintainers are willing to apply it to the spamprobe package.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.