[Kolab-devel] [issue4381] Imap cache corruption giving crash (SIGFPE) on each sync for email without length.

Bernhard Reiter issues at kolab.org
Wed May 12 17:54:13 CEST 2010 

New submission from Bernhard Reiter <bernhard at intevation.de>:

KMails is not robust against an email with zero size:
<1273678303<10 UID FETCH 1:* (FLAGS RFC822.SIZE)^M
>1273678303>* 1 FETCH (FLAGS (\Recent) UID 123792 RFC822.SIZE 0)^M
10 OK Completed (0.000 sec)^M
<1273678303<11 UID FETCH 123792 (UID RFC822.SIZE FLAGS BODY.PEEK[])^M
>1273678303>* 1 FETCH (FLAGS (\Recent) UID 123792 RFC822.SIZE 0 BODY[] NIL)^M
11 OK Completed (0.000 sec)^M
<1273678303<12 LOGOUT^M

It will sync the list the first time, but the second time it will crash
and then for each following sync. This makes the defect critical
as the user usually cannot recover by their own from it, nor use
a freshly configured Kontact client.

RFC3501 does not state that "RFC822.SIZE 0" would be illegal. However
under normal conditions Cyrus IMAPD will not serve such a file. The attached
crash-20100512-imap.tar shows a real world example for an Cyrus imapd internal
file that will will make it serve this. It got created during normal operations
with Kontact.

rpm -qi imapd
Name:     imapd                     Source RPM:   
imapd-2.3.13-20081020_kolab4.src.rpm
i386 Kolab Server/OpenPKG

Architecture: i386
Source: kdepim
Version: 4:3.5.10.enterprise.0.20100507.1125036-kk2

If you have a matching Cyrus IMAPd server, e.g. in your Kolab Server/OpenPKG,
you can reproduce the condition like this:

a) Create a new folder for emails, e.g. with Kontact. Close Kontact afterwards.
b) Replace the contents of this folder completely with the contents
of the folder "crash-20100512" from crash-20100512-imap.tar. Edit cyrus.header
to match your user. Do _not_ run cyrreconstruct.
c) Now start up Kontact and sync. (Works.) Sync again.
Crashes with SIGFPE (so probably it is a division by zero.)

Here is the start of the insignifcant backtrace.
[KCrash handler]
#5  0xb4d9345d in KMFolderCachedImap::slotProgress (this=0x83d7970, done=0, 
    total=0) at kmfoldercachedimap.cpp:1969
#6  0xb4da2915 in KMFolderCachedImap::qt_invoke (this=0x83d7970, _id=13, 
    _o=0xbff66990) at kmfoldercachedimap.moc:392
#7  0xb6f9a1aa in QObject::activate_signal (this=0x858e6b0, clist=0x83df2f0, 
    o=0xbff66990) at kernel/qobject.cpp:2359
#8  0xb4e74cdd in KMail::FolderJob::progress (this=0x858e6b0, t0=0, t1=0)
    at folderjob.moc:215
#9  0xb4e78ed3 in KMail::CachedImapJob::slotGetNextMessage (this=0x858e6b0, 
    job=0x85ae9e8) at cachedimapjob.cpp:325
#10 0xb4e79a1b in KMail::CachedImapJob::qt_invoke (this=0x858e6b0, _id=3, 
    _o=0xbff66ba4) at cachedimapjob.moc:179
#11 0xb6f9a1aa in QObject::activate_signal (this=0x85ae9e8, clist=0x85aeb08, 
    o=0xbff66ba4) at kernel/qobject.cpp:2359
#12 0xb6abb3be in KIO::Job::result (this=0x85ae9e8, t0=0x85ae9e8)
    at ./jobclasses.moc:162
#13 0xb6b0bc44 in KIO::Job::emitResult (this=0x85ae9e8)
    
at /build/buildd-kdelibs_3.5.10.dfsg.1-0lenny4-i386-1SpWhk/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:235
#14 0xb6b0cb0e in KIO::SimpleJob::slotFinished (this=0x85ae9e8)
    
at /build/buildd-kdelibs_3.5.10.dfsg.1-0lenny4-i386-1SpWhk/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:601
#15 0xb6b0d15c in KIO::TransferJob::slotFinished (this=0x85ae9e8)
    
at /build/buildd-kdelibs_3.5.10.dfsg.1-0lenny4-i386-1SpWhk/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:971
#16 0xb6b011e0 in KIO::TransferJob::qt_invoke (this=0x85ae9e8, _id=17, 
    _o=0xbff66ea4) at ./jobclasses.moc:1071
#17 0xb6f9a1aa in QObject::activate_signal

----------
assignedto: allen
files: crash-20100512-imap.tar
keyword: enterprise35, kde client, kkc
messages: 25101
nosy: allen, bernhard, ludwig, till
priority: critical
status: unread
title: Imap cache corruption giving crash (SIGFPE) on each sync for email without length.

______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4381>
______________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash-20100512-imap.tar
Type: application/x-tar
Size: 10240 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20100512/39e7288b/attachment.tar>

More information about the devel mailing list