Skip to content

SIGSEGV in imap_recv_command (version 1.2)

Submitted by Silas Parker

Assigned to Florian Rivoal

Link to original bug (#12939)

Description

The mailwatch plugin will occasionally crash in the imap_recv_command. The IMAP sever is DavMail.

This is for Redhat Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1387171

(gdb) bt
#0  0x00007ff34e957523 in imap_recv_command (imailbox=0x5561897cd7f0, net_conn=<optimized out>, buf=<optimized out>, len=<optimized out>)
    at mailwatch-mailbox-imap.c:258
#1  0x0a007ff34e957567 in  ()
#2  0x346e69616d6f6400 in  ()
#3  0x6f686c61636f6c00 in  ()
#4  0x6774683264007473 in  ()
#5  0x6774683264003236 in  ()
#6  0x2e656361702e3236 in  ()
#7  0x6c616e7265746e69 in  ()
#8  0x6f686c61636f6c00 in  ()
#9  0x6c61636f6c2e7473 in  ()
#10 0x6c006e69616d6f64 in  ()
#11 0x74736f686c61636f in  ()
#12 0x686c61636f6c0036 in  ()
#13 0x636f6c2e3674736f in  ()
#14 0x6e69616d6f646c61 in  ()
#15 0x686c61636f6c0036 in  ()
#16 0x746832640074736f in  ()
#17 0x7468326400323667 in  ()
#18 0x656361702e323667 in  ()
#19 0x616e7265746e692e in  ()
#20 0x00007ff33f7f006c in  ()
#21 0x00007ff33f7fbd50 in  ()
#22 0x00007ff34e963884 in  () at /usr/lib64/xfce4/panel/plugins/libmailwatch.so
#23 0x00007ff33f7fbed0 in  ()
#24 0x0000000000000000 in  ()
(gdb) info frame
Stack level 0, frame at 0x7ff33f7fb750:
 rip = 0x7ff34e957523 in imap_recv_command (mailwatch-mailbox-imap.c:258); saved rip = 0xa007ff34e957567
 called by frame at 0x7ff33f7fb758
 source language c.
 Arglist at 0x7ff33f7fb740, args: imailbox=0x5561897cd7f0, net_conn=<optimized out>, buf=<optimized out>, len=<optimized out>
 Locals at 0x7ff33f7fb740, Previous frame's sp is 0x7ff33f7fb750
 Saved registers:
  rbx at 0x7ff33f7fb718, rbp at 0x7ff33f7fb720, r12 at 0x7ff33f7fb728, r13 at 0x7ff33f7fb730, r14 at 0x7ff33f7fb738, r15 at 0x7ff33f7fb740,
  rip at 0x7ff33f7fb748
(gdb) info locals
bin = <optimized out>
tot = <optimized out>
p = <optimized out>
(gdb) info registers
rax            0xffffffffffffffff       -1
rbx            0x7ff3300010e0   140682459091168
rcx            0xa0     160
rdx            0x0      0
rsi            0x0      0
rdi            0x0      0
rbp            0x5561897cd7f0   0x5561897cd7f0
rsp            0x7ff33f7fb748   0x7ff33f7fb748
r8             0x7ff330000cc0   140682459090112
r9             0x0      0
r10            0x10     16
r11            0x0      0
r12            0x7ff33f7fc3c0   140682719118272
r13            0x7ff33f7fc7c0   140682719119296
r14            0x7ff33f7fc3c0   140682719118272
r15            0x7ff33f7fc7c0   140682719119296
rip            0x7ff34e957523   0x7ff34e957523 <imap_recv_command+307>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

This was with the following RPM versions: xfce4-mailwatch-plugin-1.2.0-8.fc24.x86_64 xfce4-panel-4.12.0-5.fc24.x86_64

From the source (https://git.xfce.org/panel-plugins/xfce4-mailwatch-plugin/tree/libmailwatch-core/mailwatch-mailbox-imap.c?id=3ed2f006ff16b0412f00beb3a8b05d25090c9055) it looks like it might be returning after a "buffer full" error.