[Exim] Re: [SA-exim] local_scan is crashing (log_write crash…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc MERLIN
Dátum:  
Címzett: Brian Kendig
CC: Exim-users, Philip Hazel
Tárgy: [Exim] Re: [SA-exim] local_scan is crashing (log_write crash)
[Cc Philip and exim-users list, maybe someone can help with the exim side,
or pick up with my C skills are lacking]

On Wed, May 19, 2004 at 12:47:09PM -0400, Brian Kendig wrote:
> Your debugging statements helped pinpoint what's causing the crash!


Philip, can you offer suggestions getting debugging info on log_write since
exim crashes on a call to log_write
Obviously, if sa-exim is corrupting memory somehow, it's not exim's fault,
but being able to track the SIGV down in exim might help
That said, out of a 100+ users, you are the only one to experience this, but
that may also be because you're using MacOS X, and that's triggering a bug
that doesn't show up on IA32

Brian is using Exim 4.32

> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: Not Dead 0
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: Not Dead 1
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: size: 0
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: mesgid: HXYZFW-000D4C-H6
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: mailinfo: From
> <brian@???> (host=calypso.enchanter.net [10.0.1.14]) for
> brian@???
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 SA: Not Dead 2
> 2004-05-19 12:36:03 HXYZFW-000D4C-H6 local_scan() function crashed with
> signal 11 - message temporarily rejected (size 7545810)


Philip see, ---> crash here <--- below

The entire code is here if you need to see more than what's below:
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/sa-exim.c

> So the line that's crashing is:
>
> log_write(0, LOG_MAIN, "SA: Action: check skipped due to message size
> (%d bytes) and SATruncBodyCond expanded to false (Message-Id: %s). %s",
> fdsize-18, safemesgid, mailinfo);


Right.

> Maybe log_write doesn't like negative numbers? (zero minus 18)


No, 18 minus 18 is 0
But this entire code is within this if:
if (fdsize > SAmaxbody)
and if fdsize is 18, it can't be bigger than SAmabody which is 256KB

That just doesn't make sense.

Philip, is it computed as such (fd comes from local_scan)

    /* This is used later if we need to rewind and save the body elsewhere */
    fdstart=lseek(fd, 0, SEEK_CUR);
    CHECKERR(fdstart,"lseek SEEK_CUR",__LINE__);


    ret=fstat(fd, &stbuf);
    CHECKERR(ret,"fstat fd",__LINE__);
    /* this is the body size plus a few bytes (exim msg ID) */
    /* it should be 18 bytes, but I'll assume it could be more or less */
    fdsize=stbuf.st_size;


> For reference, here's the part of the code I'm using, with the
> modifications you sent me so you can verify I put them in the right
> places:
>
>         if (SATruncBodyCond[0] != '1' || SATruncBodyCond[1] != 0)
>         {
>             expand=expand_string(SATruncBodyCond);
>             if (expand == NULL)
>             {
>                 PANIC(string_sprintf("SATruncBodyCond expansion failure
> on %s", SATruncBodyCond));
>             }

>
>             if (SAEximDebug)
>             {
>                 log_write(0, LOG_MAIN, "SA: Debug: SATruncBodyCond
> expand returned: '%s'", expand);
>             }

>
> log_write(0, LOG_MAIN, "SA: Not Dead 0");
>
>             if (expand[0] == 0 || (expand[0] == '0' && expand[1] == 0))
>             {

>
> log_write(0, LOG_MAIN, "SA: Not Dead 1");
> log_write(0, LOG_MAIN, "SA: size: %d", fdsize-18);


Mmmh, this returns zero -> fdsize is 18 which means the message body on disk
would be empty (18 is just the message-ID plus newline)
This doesn't make a lot of sense, but you can always check the body on disk in exim's
spool, mmmh, but no, exim doesn't actually crash, so that may not work

> log_write(0, LOG_MAIN, "SA: mesgid: %s", safemesgid);
> log_write(0, LOG_MAIN, "SA: mailinfo: %s", mailinfo);
> log_write(0, LOG_MAIN, "SA: Not Dead 2");
>
>                 log_write(0, LOG_MAIN, "SA: Action: check skipped due
> to message size (%d bytes) and SATruncBodyCond expanded to false
> (Message-Id: %s). %s", fdsize-18, safemesgid, mailinfo);


---> crash here <---

I just don't understan why log_write would crash here.

> log_write(0, LOG_MAIN, "SA: Not Dead 3");
>
>                 header_add(' ', "X-SA-Exim-Scanned: No (on %s); Message
> bigger than SAmaxbody (%d)\n", primary_hostname, SAmaxbody);

>
> log_write(0, LOG_MAIN, "SA: Not Dead 4");
>
>                 return LOCAL_SCAN_ACCEPT;
>             }
>         }


Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key