Bug#626418: All cyrus-imapd tools crash on exit

Petr Vandrovec petr at vmware.com
Wed May 11 19:39:09 UTC 2011

Package: cyrus-imapd-2.4
Version: 2.4.8-2

I've upgraded yesterday from imapd 2.3 to 2.4, and since then all my 
logs are full of SIGSEGVs from cyrus, and even simple tools like 
cvt_cyrusdb crash left & right.

Initially I've suspected that problem is that libsasl2 is linked against 
libdb4.8 while imapd against libdb5.1, causing confusion in closing 
database, but that's not root cause.

Root cause is 
debian/patches/101-berkeley-db_remove-unused-environment.patch:  this 
patch adds calls to dbenv->get_home & dbenv->remove *AFTER* call to 
dbenv->close.  So we have nice use-after-free, which reliably crashes 
with my glibc, because contents of dbenv is set to 0xDBDBDBDB on 
dbenv->close, and so dbenv->get_home jumps to 0xDBDBDBDBDBDBDBDBDBDB 
killing process.

And even if it would not kill process, dbenv->remove documentation says 
that you cannot use dbenv handle which was already used to open 
something to call remove: you must create new fresh dbenv handle, and 
use that one to call dbenv->remove.

Please revert 101-berkeley-db patch, or rework it to not crash...  For 
now I've removed it from my local systems, and crashes are gone, and I 
can read my emails again.

					Petr Vandrovec

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list