Menu
▾
▴
[Fetchmail-users] bug in pop3.c of 6.4.0.beta4?
|
From: Dr P. K. <p.k...@im...> - 2018-11-15 14:44:32
|
In pop3.c lines 1373-1374 (routine pop3_delete()) from fetchmail-6.4.0.beta4
we have the lines:
rec = find_uid_by_num(dofastuidl ? &ctl->oldsaved : &ctl->newsaved, number);
rec->status = UID_DELETED;
If find_uid_by_num() returns a 0 (NULL), the "rec->status = UID_DELETED"
line then can trigger a segmentation fault.
Other calls to find_uid_by_num() in pop3.c (i.e. at lines 1207,
1352, 1358) use an if statement that avoids subsequently assigning
something to rec->status when rec is NULL.
Presumably this is a bug, and lines 1373-4 should instead be
something like those other invocations, e.g.
if (rec = find_uid_by_num(dofastuidl ? &ctl->oldsaved : &ctl->newsaved, number)){
rec->status = UID_DELETED;
}
However, I don't fully understand how this is intended to
work, so my suggestion may well be lacking (it *does* stop
the segmentation faults, and everything then seemed fine,
but for all I know may [sometimes] get something else wrong).
NB: I installed fetchmail-6.4.0.beta4 on my Slackware64-14.2 system,
got fetchmail crashes on some emails, after connecting to two different
POP servers. Gdb told me where the crash was, and then adding a write
statement and recompiling told me that line 1373 indeed set rec=0 for
those emails. Here is the gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
pop3_delete (sock=<optimized out>, ctl=<optimized out>, number=1) at pop3.c:1374
1374 rec->status = UID_DELETED;
(gdb) bt
#0 pop3_delete (sock=<optimized out>, ctl=<optimized out>, number=1) at pop3.c:1374
#1 0x000000000040f8ba in fetch_messages (msgsizes=0x640b60 <msgsizes>, transient_errors=<synthetic pointer>,
deletions=<synthetic pointer>, dispatches=<synthetic pointer>, fetches=<synthetic pointer>, maxfetch=0,
count=<optimized out>, ctl=0x654670, mailserver_socket=3) at driver.c:812
#2 do_session (ctl=0x654670, proto=proto@entry=0x436820 <pop3>, maxfetch=0) at driver.c:1435
#3 0x0000000000410fa2 in do_protocol (ctl=<optimized out>, proto=proto@entry=0x436820 <pop3>) at driver.c:1660
#4 0x00000000004216ea in doPOP3 (ctl=ctl@entry=0x654670) at pop3.c:1449
#5 0x000000000040b380 in query_host (ctl=ctl@entry=0x654670) at fetchmail.c:1546
#6 0x0000000000406cab in main (argc=<optimized out>, argv=0x7fffffffe2f8) at fetchmail.c:793
(gdb)
--
---------------------------------+---------------------------------
Dr. Paul Kinsler Dr....@ph...
|
