[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

router segfault



This Sunday pager woke me at 4 am saying that mail is not working.
I found all router processes dead.  This is what I found from the
core files:

Program terminated with signal 11, Segmentation fault.
procfs (find_procinfo):  Couldn't locate pid 0
#0  0x5c564 in _unfold (len=2, start=0x96cba "", cpp=0xefffb8f0, t=0x0)
    at rfc822scan.c:262
262                               *start == '\n' || *start == '\r'))
(gdb) p cpe
$1 = 0x96cb9 ")"
(gdb) p start
$2 = 0x96cba ""
(gdb) p *cpp
$3 = 0x96cb9 ")"
(gdb) 

Apparently unfold was called with 'start' pointing one byte beyond the
'*cpp' ('end').  I did a simple change but it may be not very "kosher".

--- lib/rfc822scan.c.orig	Thu Jul  8 12:06:14 1999
+++ lib/rfc822scan.c	Sun Aug  1 05:32:06 1999
@@ -249,7 +249,7 @@
 	/* Start and End may be at different tmalloc()ed objects! */
 
 	s = cp = (char *)tmalloc(len +1);
-	while (len > 0 && start != cpe) {
+	while (len > 0 && start < cpe) {
 		if (*start == 0) {
 		  t = t->t_next;
 		  start = t->t_pname;
@@ -257,7 +257,7 @@
 		  *s++ = '\n';
 #else
 		  /* Skip all folding white-space */
-		  while (len > 0 && start != cpe &&
+		  while (len > 0 && start < cpe &&
 			 (*start == ' '  || *start == '\t' ||
 			  *start == '\n' || *start == '\r'))
 		    ++start;

I can send the offending message headers on request.
BTW, the last core (of the parent process, apparently)
is not renamed and stays in $MAILSPOOL/router.

Eugene