[exim-dev] [Bug 2215] New: SIGSEGV in dns_basic_lookup()

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2215] New: SIGSEGV in dns_basic_lookup()
https://bugs.exim.org/show_bug.cgi?id=2215

            Bug ID: 2215
           Summary: SIGSEGV in dns_basic_lookup()
           Product: Exim
           Version: 4.90
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
          Assignee: nigel@???
          Reporter: wbreyha@???
                CC: exim-dev@???


After I deployed 4.90 to all my hosts two of them started to segfault heavily.
Checking the others I recognized that same of them occasionally segfaulted as
well. At this point I roled back to 4.89 before xmas.

Now I put 4.90 back on two hosts and after I activated coredumps I promptly got
some again and they all have frames #0-#2 in common:
#0  0x0000003ed2d2868a in __strcmp_sse42 () from /lib64/libc.so.6
#1  0x00000000004b22c3 in tree_search (p=0xa20656e6f6e, 
    name=0x7ffd5675f000 "_adsp._domainkey.newsletter-hub.com-TXT-80041") at
tree.c:335
#2  0x000000000043ce74 in dns_basic_lookup (dnsa=0x7ffd567628b0, name=0x1a4b960
"_adsp._domainkey.newsletter-hub.com", 
    type=16) at dns.c:668


dns_basic_lookup()->tree_search()->strcmp()

In fact the tree "tree_dns_fails" used in
(gdb) frame 2
#2  0x000000000043ce74 in dns_basic_lookup (dnsa=0x7ffd567628b0, name=0x1a4b960
"_adsp._domainkey.newsletter-hub.com", 
    type=16) at dns.c:668
668    if ((previous = tree_search(tree_dns_fails, node_name)))


has an invalid entry:
(gdb) print *tree_dns_fails
$2 = {left = 0x1a16628, right = 0x1a16478, data = {ptr = 0x2, val = 2}, balance
= 0 '\000', name = "m"}
(gdb) print *(tree_dns_fails->right)
$3 = {left = 0x0, right = 0x1a15ed8, data = {ptr = 0x2, val = 2}, balance = 2
'\002', name = "p"}
(gdb) print *(tree_dns_fails->right->right)
$4 = {left = 0x0, right = 0x0, data = {ptr = 0x2, val = 2}, balance = 0 '\000',
name = "s"}
(gdb) print *(tree_dns_fails->left)
$5 = {left = 0x1a167d8, right = 0x1a76188, data = {ptr = 0x1, val = 1}, balance
= 0 '\000', name = "1"}
(gdb) print *(tree_dns_fails->left->right)
$6 = {left = 0xa20656e6f6e, right = 0x656976696e552d58, data = {ptr =
0x68432d4d494b442d, val = 1229669421},
balance = 101 'e', name = "c"}
(gdb) print *(tree_dns_fails->left->left)
$7 = {left = 0x0, right = 0x0, data = {ptr = 0x1, val = 1}, balance = 0 '\000',
name = "1"}

note $6 which left and right pointers are invalid, but used later in tree
search
(gdb) frame 1
#1  0x00000000004b22c3 in tree_search (p=0xa20656e6f6e, 
    name=0x7ffd5675f000 "_adsp._domainkey.newsletter-hub.com-TXT-80041") at
tree.c:335
335      int c = Ustrcmp(name, p->name);
(gdb) print p
$8 = (tree_node *) 0xa20656e6f6e


I've not found the reason why this happens mostly on two of my hosts yet. They
are the last hosts where I do the legacy _adsp.... lookups. Maybe this triggers
problems with tree_dns_fails best, because of many failed lookups?

--
You are receiving this mail because:
You are on the CC list for the bug.