[exim-dev] [Bug 1403] exim crashes while lookup result for l…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Todd Lyons
Dátum:  
Címzett: exim-dev
Tárgy: [exim-dev] [Bug 1403] exim crashes while lookup result for lsearch in file with to long lines
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1403

Todd Lyons <tlyons@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tlyons@???





--- Comment #1 from Todd Lyons <tlyons@???> 2013-10-24 14:43:56 ---
The segfault is occurring in the pcre library. It does not appear to be
related to the length of the string, rather the number of entries it matches.
For my test, the sweet spot was at 10574 characters, which was 971 comma
separated entries:

$ perl -e '$count=1; print "x\@test.ex:  "; while($count < 970){print
"test$count.ex,"; $count++;}; print "test$count.ex\n";' | wc
      1       2   10574


If I used one less entry on the line, for a total of 970 entries, it doesn't
segfault:

$ perl -e '$count=1; print "x\@test.ex:  "; while($count < 969){print
"test$count.ex,"; $count++;}; print "test$count.ex\n";' | wc
      1       2   10563


Can you confirm that your 6716 character line has 971 or more entries, and that
your 6687 character line had 970 or less entries?

Here's the tail end of the backtrace from my long line. That's not a typo,
that's 21,117 frames of pcre library.

#21106 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21107 0x0058c70a in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21108 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21109 0x0058c70a in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21110 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21111 0x0058c70a in ?? () from /lib/i386-linux-gnu/libpcre.so.3
---Type <return> to continue, or q <return> to quit---
#21112 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21113 0x0058c70a in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21114 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21115 0x0058c70a in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21116 0x00581519 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21117 0x00580dd8 in ?? () from /lib/i386-linux-gnu/libpcre.so.3
#21118 0x00591875 in pcre_exec () from /lib/i386-linux-gnu/libpcre.so.3

#21119 0x080673f9 in regex_match_and_setup (re=0x993d248, 
    subject=0x99447c0
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
options=0, setup=-1) at exim.c:130
#21120 0x080742e8 in eval_condition (s=0x992b4b1 " {true}{false}}",
yield=0xbf83544c)
    at expand.c:2412
#21121 0x080777c1 in expand_string_internal (
    string=0x992b428 "${if match{${lookup{$local_part@$domain}
lsearch*@{/work/home/exim-build/projects/exim/test/aux-fixed/0004.forwardtable}}}
{^(.)*@(.)*\\$} {true}{false}}", 
    ket_ends=0, left=0x0, skipping=0, honour_dollar=1) at expand.c:3860
#21122 0x0807e3a4 in expand_string (
    string=0x992b428 "${if match{${lookup{$local_part@$domain}
lsearch*@{/work/home/exim-build/projects/exim/test/aux-fixed/0004.forwardtable}}}
{^(.)*@(.)*\\$} {true}{false}}")
    at expand.c:6459



I installed the libpcre-dbg package to get an in-depth view into what pcre was
doing, this is what the first few frames look like stepping into the lib:

#21113 0x00d8070a in match (
    eptr=0x96197ca
"st1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex,t"...,
ecode=0x961227b "V", 
    mstart=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
markptr=0x0, offset_top=4, 
    md=0xbffb8c80, ims=0, eptrb=0x0, flags=<optimized out>, rdepth=4) at
pcre_exec.c:1656


#21114 0x00d75519 in match (
    eptr=0x96197c9
"est1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex---Type
<return> to continue, or q <return> to quit---
,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex,"...,
ecode=0x9612275 "_", 
    mstart=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
markptr=0x0, offset_top=4, 
    md=0xbffb8c80, ims=0, eptrb=0x0, flags=0, rdepth=3) at pcre_exec.c:824


#21115 0x00d8070a in match (
    eptr=0x96197c9
"est1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex,"...,
ecode=0x961227b "V", 
    mstart=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
markptr=0x0, offset_top=4, 
    md=0xbffb8c80, ims=0, eptrb=0x0, flags=<optimized out>, rdepth=2) at
pcre_exec.c:1656


#21116 0x00d75519 in match (
    eptr=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
ecode=0x9612275 "_", 
    mstart=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
markptr=0x0, offset_top=2, 
    md=0xbffb8c80, ims=0, eptrb=0x0, flags=0, rdepth=1) at pcre_exec.c:824


#21117 0x00d74dd8 in match (
    eptr=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
ecode=0x9612274 "i_", 
    mstart=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
markptr=0x0, offset_top=2, 
    md=0xbffb8c80, ims=0, eptrb=0x0, flags=0, rdepth=0) at pcre_exec.c:1517


#21118 0x00d85875 in pcre_exec (argument_re=0x9612248, extra_data=0x0, 
    subject=0x96197c8
"test1.ex,test2.ex,test3.ex,test4.ex,test5.ex,test6.ex,test7.ex,test8.ex,test9.ex,test10.ex,test11.ex,test12.ex,test13.ex,test14.ex,test15.ex,test16.ex,test17.ex,test18.ex,test19.ex,test20.ex,test21.ex"...,
length=10572, start_offset=0, 
    options=0, offsets=0xbffb8da8, offsetcount=63) at pcre_exec.c:6100



--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email