Bug#626418: All cyrus-imapd tools crash on exit
Petr Vandrovec
petr at vmware.com
Wed May 11 19:39:09 UTC 2011
Package: cyrus-imapd-2.4
Version: 2.4.8-2
I've upgraded yesterday from imapd 2.3 to 2.4, and since then all my
logs are full of SIGSEGVs from cyrus, and even simple tools like
cvt_cyrusdb crash left & right.
Initially I've suspected that problem is that libsasl2 is linked against
libdb4.8 while imapd against libdb5.1, causing confusion in closing
database, but that's not root cause.
Root cause is
debian/patches/101-berkeley-db_remove-unused-environment.patch: this
patch adds calls to dbenv->get_home & dbenv->remove *AFTER* call to
dbenv->close. So we have nice use-after-free, which reliably crashes
with my glibc, because contents of dbenv is set to 0xDBDBDBDB on
dbenv->close, and so dbenv->get_home jumps to 0xDBDBDBDBDBDBDBDBDBDB
killing process.
And even if it would not kill process, dbenv->remove documentation says
that you cannot use dbenv handle which was already used to open
something to call remove: you must create new fresh dbenv handle, and
use that one to call dbenv->remove.
Please revert 101-berkeley-db patch, or rework it to not crash... For
now I've removed it from my local systems, and crashes are gone, and I
can read my emails again.
Thanks,
Petr Vandrovec
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list