https://bugs.exim.org/show_bug.cgi?id=1671
Bug ID: 1671
Summary: segfault after delivery
Product: Exim
Version: 4.86
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: Delivery in general
Assignee: nigel@???
Reporter: jgh146exb@???
CC: exim-dev@???
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
[...]
Reading symbols from /opt/exim/bin/exim-4.86-7...(no debugging symbols
found)...done.
(gdb) core /tmp/exim.core.1439805965.29112
warning: core file may not match specified executable file.
[New LWP 29112]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/opt/exim/bin/exim -Mc 1ZRHIo-0007ZK-V3'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000475eda in string_copy ()
(gdb) where
#0 0x0000000000475eda in string_copy ()
#1 0x0000000000421852 in deliver_make_addr ()
#2 0x000000000049134b in smtp_local_identity ()
#3 0x000000000049140a in smtp_are_same_identities ()
#4 0x000000000047dc55 in transport_check_waiting ()
#5 0x0000000000494353 in smtp_deliver ()
#6 0x000000000049567f in smtp_transport_entry ()
#7 0x000000000042520e in do_remote_deliveries ()
#8 0x00000000004289e8 in deliver_message ()
#9 0x0000000000432690 in main ()
Interestingly, all mails get delivered to the recipients, the crash
seems to occur after the DATA cmd.
=======
So it's delivered a message, and is searching the
queue for others suitable to go down the same
connection. Somehow, one of the sender-addresses is
null.
A sufficient protection against the crash would
be a null-check on sender at the head of
smtp_local_identity, returning an empty string.
This doesn't explain how that null pointer got
there, nor if it can legitimately be null.
--
You are receiving this mail because:
You are on the CC list for the bug.
