[exim-dev] [Bug 1671] New: segfault after delivery

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 1671] segfault after delivery, [exim-dev] [Bug 1671] segfault after delivery, [exim-dev] [Bug 1671] segfault after delivery, [exim-dev] [Bug 1671] segfault after delivery, [exim-dev] [Bug 1671] segfault after delivery, [exim-dev] [Bug 1671] segfault after delivery
Subject: [exim-dev] [Bug 1671] New: segfault after delivery
https://bugs.exim.org/show_bug.cgi?id=1671

            Bug ID: 1671
           Summary: segfault after delivery
           Product: Exim
           Version: 4.86
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Delivery in general
          Assignee: nigel@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
[...]
Reading symbols from /opt/exim/bin/exim-4.86-7...(no debugging symbols
found)...done.
(gdb) core /tmp/exim.core.1439805965.29112
warning: core file may not match specified executable file.
[New LWP 29112]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/opt/exim/bin/exim -Mc 1ZRHIo-0007ZK-V3'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000475eda in string_copy ()
(gdb) where
#0 0x0000000000475eda in string_copy ()
#1 0x0000000000421852 in deliver_make_addr ()
#2 0x000000000049134b in smtp_local_identity ()
#3 0x000000000049140a in smtp_are_same_identities ()
#4 0x000000000047dc55 in transport_check_waiting ()
#5 0x0000000000494353 in smtp_deliver ()
#6 0x000000000049567f in smtp_transport_entry ()
#7 0x000000000042520e in do_remote_deliveries ()
#8 0x00000000004289e8 in deliver_message ()
#9 0x0000000000432690 in main ()

Interestingly, all mails get delivered to the recipients, the crash
seems to occur after the DATA cmd.

=======

So it's delivered a message, and is searching the
queue for others suitable to go down the same
connection. Somehow, one of the sender-addresses is
null.

A sufficient protection against the crash would
be a null-check on sender at the head of
smtp_local_identity, returning an empty string.

This doesn't explain how that null pointer got
there, nor if it can legitimately be null.

--
You are receiving this mail because:
You are on the CC list for the bug.