SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001023SOGoSOPEpublic2010-12-01 14:062011-06-16 11:41
Reporterbuzzdee 
Assigned Toludovic 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.3.4 
Target Version1.3.8Fixed in Version 
Summary0001023: a specific mail always aborts the sogo instance
Descriptionentering a folder with attached mail, stops sogo with an abort, assuming a double free.

(gdb) r -WOUseWatchDog NO -WONoDetach YES
Starting program: /usr/local/sbin/sogod -WOUseWatchDog NO -WONoDetach YES

Program received signal SIGABRT, Aborted.
[Switching to process 30039, thread 0x8403d800]
0x0a61d5ed in kill () from /usr/lib/libc.so.58.0
(gdb) bt
#0 0x0a61d5ed in kill () from /usr/lib/libc.so.58.0
0000001 0x0a679735 in abort () at /usr/src/lib/libc/stdlib/abort.c:68
0000002 0x0a6772bd in wrterror (msg=Variable "msg" is not available.
) at /usr/src/lib/libc/stdlib/malloc.c:387
0000003 0x0a678709 in free (ptr=0xffffffff) at /usr/src/lib/libc/stdlib/malloc.c:1328
0000004 0x0f71467d in libiconv_close (icd=0xffffffff) at /home/ports/pobj/libiconv-1.13/libiconv-1.13/lib/iconv.c:258
0000005 0x01326aa9 in iconv_wrapper (self=0x2f4f43a0, _src=0x865bd840 "San Telmo ComputaciĆ³n - Servicio", _srcLen=32, _fromEncode=0x865bd688,
    _toEncode=0x212fe5dc, outLen_=0xcfbefca8) at NSString+Encoding.m:260
0000006 0x01326e87 in +[NSString(Encoding) stringWithData:usingEncodingNamed:] (self=0x2f4f43a0, _cmd=0x25d96fd0, _data=0x86f326c8,
    _encoding=0x86f32068) at NSString+Encoding.m:283
0000007 0x05dc9890 in -[NSData(MimeQPHeaderFieldDecoding) decodeQuotedPrintableValueOfMIMEHeaderField:] (self=0x86f324a8, _cmd=0x25da4b28,
    _name=0x25da4f1c) at NSData+MimeQP.m:167
0000008 0x05dca0a7 in -[NGImap4ResponseParser _decodeQP:headerField:] (self=0x865bed68, _cmd=0x25da4b50, _string=0x7d368e28, _field=0x25da4f1c)
    at NGImap4ResponseParser.m:1403
0000009 0x05dcd915 in -[NGImap4ResponseParser _parseEnvelope] (self=0x865bed68, _cmd=0x25da4bb0) at NGImap4ResponseParser.m:1552
0000010 0x05dd71ff in -[NGImap4ResponseParser _parseNumberUntaggedResponse:] (self=0x865bed68, _cmd=0x25da4a00, result_=0x7f66d048)
    at NGImap4ResponseParser.m:1697
0000011 0x05dd5d71 in -[NGImap4ResponseParser parseResponseForTagId:exception:] (self=0x865bed68, _cmd=0x25da5c98, _tag=7, ex_=0xcfbf0004)
    at NGImap4ResponseParser.m:685
0000012 0x05ddf837 in -[NGImap4Client processCommand:withTag:withNotification:logText:] (self=0x8a2a7c88, _cmd=0x25da60b0, _command=0x800c7d88,
    _tag=Variable "_tag" is not available.
) at NGImap4Client.m:1508
0000013 0x05dd8a26 in -[NGImap4Client processCommand:] (self=0x8a2a7c88, _cmd=0x25da5cb8, _command=0x800c7d88) at NGImap4Client.m:1579
0000014 0x05ddabce in -[NGImap4Client fetchUids:parts:] (self=0x8a2a7c88, _cmd=0x25daf8c8, _uids=0x7d368008, _parts=0x865bdec8)
    at NGImap4Client.m:865
0000015 0x05e0778f in -[NGImap4Connection fetchUIDs:inURL:parts:] (self=0x871a5e88, _cmd=0x2326a9c0, _uids=0x7d368008, _url=0x83be6b88,
    _parts=0x865bdec8) at NGImap4Connection.m:541
0000016 0x0327cda0 in -[SOGoMailFolder fetchUIDs:parts:] (self=0x865bdd48, _cmd=0x2746a038, _uids=0x7d368008, _parts=0x865bdec8)
    at SOGoMailFolder.m:555
0000017 0x074736f5 in -[UIxMailListActions getHeadersForUIDs:inFolder:] (self=0x865bd408, _cmd=0x27469fe8, uids=0x7d368008, mailFolder=0x865bdd48)
    at UIxMailListActions.m:597
0000018 0x074734ea in -[UIxMailListActions getHeadersAction] (self=0x865bd408, _cmd=0x8ab3b360) at UIxMailListActions.m:722
0000019 0x0f5f6195 in -[NSObject performSelector:] (self=0x865bd408, _cmd=0x2fe8b2f0, aSelector=0x8ab3b360) at NSObject.m:1831
0000020 0x0fef3020 in -[WODirectAction performActionNamed:] (self=0x865bd408, _cmd=0x2fee41a0, _actionName=0x865bd348) at WODirectAction.m:101
0000021 0x0ff889ab in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x8479fa68, _cmd=0x2fee41b8,
    _client=0x865bdd48, _positionalArgs=0x0, _ctx=0x7dd9e408) at SoActionInvocation.m:300
0000022 0x0ff887ce in -[SoActionInvocation callOnObject:inContext:] (self=0x8479fa68, _cmd=0x2fee4148, _client=0x865bdd48, _ctx=0x7dd9e408)
    at SoActionInvocation.m:316
0000023 0x0ff88853 in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x83920148, _cmd=0x2fee41b8,
    _client=0x865bdd48, _positionalArgs=0x0, _ctx=0x7dd9e408) at SoActionInvocation.m:259
0000024 0x0ff887ce in -[SoActionInvocation callOnObject:inContext:] (self=0x83920148, _cmd=0x2fee21a8, _client=0x865bdd48, _ctx=0x7dd9e408)
    at SoActionInvocation.m:316
0000025 0x0ff823d9 in -[SoObjectMethodDispatcher dispatchInContext:] (self=0x7f66d018, _cmd=0x2fee29b8, _ctx=0x7dd9e408)
    at SoObjectMethodDispatcher.m:191
0000026 0x0ff8465a in -[SoObjectRequestHandler handleRequest:inContext:session:application:] (self=0x89241188, _cmd=0x2fe94f38, _rq=0x85084608,
    _ctx=0x7dd9e408, _sn=0x0, app=0x7e411788) at SoObjectRequestHandler.m:591
0000027 0x0ff05697 in -[WORequestHandler handleRequest:] (self=0x89241188, _cmd=0x2fe72948, _request=0x85084608) at WORequestHandler.m:241
0000028 0x0fec237d in -[WOCoreApplication dispatchRequest:usingHandler:] (self=0x7e411788, _cmd=0x2fe72978, _request=0x85084608, handler=0x89241188)
    at WOCoreApplication.m:704
0000029 0x0fec225e in -[WOCoreApplication dispatchRequest:] (self=0x7e411788, _cmd=0x3c0029b8, _request=0x85084608) at WOCoreApplication.m:744
0000030 0x1c0036a3 in -[SOGo dispatchRequest:] (self=0x7e411788, _cmd=0x2fed23b0, _request=0x85084608) at SOGo.m:436
0000031 0x0ff715bb in -[WOHttpTransaction _run] (self=0x85084488, _cmd=0x2fed23c8) at WOHttpTransaction.m:546
0000032 0x0ff7466a in -[WOHttpTransaction run] (self=0x85084488, _cmd=0x2fed16a8) at WOHttpTransaction.m:599
0000033 0x0ff6dfe5 in -[WOHttpAdaptor runConnection:] (self=0x8159b588, _cmd=0x2fed16f8, _socket=0x7dcf7c08) at WOHttpAdaptor.m:398
0000034 0x0ff6fce6 in -[WOHttpAdaptor _handleAcceptedConnection:] (self=0x8159b588, _cmd=0x2fed1700, _connection=0x7dcf7c08) at WOHttpAdaptor.m:432
0000035 0x0ff6f9f2 in -[WOHttpAdaptor _handleConnection:] (self=0x8159b588, _cmd=0x2fed1780, connection=0x7dcf7c08) at WOHttpAdaptor.m:543
0000036 0x0ff6feaf in -[WOHttpAdaptor acceptConnection:] (self=0x8159b588, _cmd=0x2fed1688, _notification=0x7ed69028) at WOHttpAdaptor.m:607
0000037 0x0f5e671e in -[NSNotificationCenter _postAndRelease:] (self=0x7c03b718, _cmd=0x2f4d71d0, notification=0x7ed69028)
    at NSNotificationCenter.m:1161
0000038 0x0f5e5948 in -[NSNotificationCenter postNotificationName:object:userInfo:] (self=0x7c03b718, _cmd=0x2f4d71d8, name=0x212fe09c,
    object=0x8159bc48, info=0x0) at NSNotificationCenter.m:1220
0000039 0x0f5e57be in -[NSNotificationCenter postNotificationName:object:] (self=0x7c03b718, _cmd=0x212fe028, name=0x212fe09c, object=0x8159bc48)
    at NSNotificationCenter.m:1200
0000040 0x013258f2 in -[NSObject(FileObjectWatcher) receivedEvent:type:extra:forMode:] (self=0x8159bc48, _cmd=0x2f52bb40, _fdData=0xb,
    _type=ET_RDESC, _extra=0xb, _mode=0x2f4eb0c0) at NSRunLoop+FileObjects.m:57
0000041 0x0f6fa3de in -[GSRunLoopCtxt pollUntil:within:] (self=0x7e411808, _cmd=0x2f4eb050, milliseconds=29990, contexts=0x7cbebc08)
    at GSRunLoopCtxt.m:636
0000042 0x0f635b62 in -[NSRunLoop acceptInputForMode:beforeDate:] (self=0x7cbebae8, _cmd=0x2f4eb078, mode=0x2f4eb0c0, limit_date=0x7ed693a8)
    at NSRunLoop.m:1197
0000043 0x0f633c83 in -[NSRunLoop runMode:beforeDate:] (self=0x7cbebae8, _cmd=0x2fe728b8, mode=0x2f4eb0c0, date=0x7cbebb08) at NSRunLoop.m:1265
0000044 0x0fec2d31 in -[WOCoreApplication run] (self=0x7e411788, _cmd=0x3c0028c8) at WOCoreApplication.m:576
0000045 0x1c001b22 in -[SOGo run] () at SOGo.m:260
0000046 0x0feee97e in WOApplicationMain (_appClassName=0x3c00196c, argc=5, argv=0xcfbf1034) at WOApplicationMain.m:42
0000047 0x0ff106bd in WOWatchDogApplicationMain (appName=0x3c00196c, argc=5, argv=0xcfbf1034) at WOWatchDogApplicationMain.m:969
0000048 0x1c001697 in gnustep_base_user_main (argc=5, argv=0xcfbf1034, env=0xcfbf104c) at sogod.m:53
0000049 0x0f624c9e in main (argc=5, argv=Cannot access memory at address 0x4
) at NSProcessInfo.m:933
0000050 0x1c001397 in ___start ()
0000051 0x1c001317 in _start ()
0000052 0x00000000 in ?? ()
Additional Informationthis happens always. In case there are many mails in hte folder, someone needs to scroll to the evil mail.

Happens on OpenBSD i386, libiconv-1.13p2, sope/sogo 1.3.4, gnustep-base-1.20.1p0,

I also tried with libiconv-1.13.1, but its still aborting.

uncommenting the free(cd); in iconv_close() in libiconv, then the error doesn't happen, but I think the problem is somewhere in sope and not in libiconv.

in sogod.log I see:
127.0.0.1 - - [01/Dec/2010:19:58:48 GMT] "POST /SOGo/so/sebastia/Mail//0/folderINBOX/folderTEST/uids HTTP/1.1" 200 6/43 1.367 - - -
2010-12-01 19:58:49.002 sogod[30039] Note: using 'UCS-2-INTERNAL' on Linux.
Dec 01 19:58:49 sogod [30039]: <0x0x2f4f43a0[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:WINDOWS-1252HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2-INTERNAL
sogod in free(): error: bogus pointer (double free?) 0xffffffff

TagsNo tags attached.
Attached Filestxt file icon evil-mail.txt [^] (2,097 bytes) 2010-12-01 16:13 [Show Content]
png file icon Screen shot 2010-12-01 at 4.16.52 PM.png [^] (114,766 bytes) 2010-12-01 16:17


txt file icon evil-mail2.txt [^] (3,075 bytes) 2010-12-02 02:57 [Show Content]
? file icon patch-sope-core_NGExtensions_FdExt_subproj_NSString+Encoding_m [^] (487 bytes) 2010-12-10 17:40 [Show Content]
png file icon Bild 3.png [^] (38,517 bytes) 2010-12-13 17:00

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0001902)
ludovic (administrator)
2010-12-01 15:46

Can you attach the culprit mail?
(0001903)
buzzdee (reporter)
2010-12-01 16:12

sure, I actually thought I did with the initial report.
User avatar (0001904)
ludovic (administrator)
2010-12-01 16:16

Works for me.
(0001908)
buzzdee (reporter)
2010-12-02 02:28

I'll see whether I can find more of those evil e-mails, since I can reproduce the problem all the time here.
(0001909)
buzzdee (reporter)
2010-12-02 02:56

Here another backtrace from another evil mail, also ending in an abort:
$ gdb /usr/local/sbin/sogod
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd4.8"...
(gdb) r -WOUseWatchDog NO -WONoDetach YES
Starting program: /usr/local/sbin/sogod -WOUseWatchDog NO -WONoDetach YES

Program received signal SIGABRT, Aborted.
[Switching to process 8056, thread 0x7d81b800]
0x00f935ed in kill () from /usr/lib/libc.so.58.0
(gdb) bt
#0 0x00f935ed in kill () from /usr/lib/libc.so.58.0
0000001 0x00fef735 in abort () at /usr/src/lib/libc/stdlib/abort.c:68
0000002 0x00fed2bd in wrterror (msg=Variable "msg" is not available.
) at /usr/src/lib/libc/stdlib/malloc.c:387
0000003 0x00fee709 in free (ptr=0xffffffff) at /usr/src/lib/libc/stdlib/malloc.c:1328
0000004 0x048d267d in libiconv_close (icd=0xffffffff) at /home/ports/pobj/libiconv-1.13/libiconv-1.13/lib/iconv.c:258
0000005 0x04badaa9 in iconv_wrapper (self=0x2aaaf3a0, _src=0x894fdf70 "PERD?N", _srcLen=6, _fromEncode=0x7ccf7988, _toEncode=0x24b855dc, outLen_=0xcfbec7b8)
    at NSString+Encoding.m:260
0000006 0x04bade87 in +[NSString(Encoding) stringWithData:usingEncodingNamed:] (self=0x2aaaf3a0, _cmd=0x29e19fd0, _data=0x885ff908, _encoding=0x885ff968)
    at NSString+Encoding.m:283
0000007 0x09e4c890 in -[NSData(MimeQPHeaderFieldDecoding) decodeQuotedPrintableValueOfMIMEHeaderField:] (self=0x885ff328, _cmd=0x29e27b28, _name=0x29e27f1c)
    at NSData+MimeQP.m:167
0000008 0x09e4d0a7 in -[NGImap4ResponseParser _decodeQP:headerField:] (self=0x7f9fd228, _cmd=0x29e27b50, _string=0x885ff8e8, _field=0x29e27f1c)
    at NGImap4ResponseParser.m:1403
0000009 0x09e50915 in -[NGImap4ResponseParser _parseEnvelope] (self=0x7f9fd228, _cmd=0x29e27bb0) at NGImap4ResponseParser.m:1552
0000010 0x09e5a1ff in -[NGImap4ResponseParser _parseNumberUntaggedResponse:] (self=0x7f9fd228, _cmd=0x29e27a00, result_=0x7db79188) at NGImap4ResponseParser.m:1697
0000011 0x09e58d71 in -[NGImap4ResponseParser parseResponseForTagId:exception:] (self=0x7f9fd228, _cmd=0x29e28c98, _tag=47, ex_=0xcfbecb14) at NGImap4ResponseParser.m:685
0000012 0x09e62837 in -[NGImap4Client processCommand:withTag:withNotification:logText:] (self=0x88172b08, _cmd=0x29e290b0, _command=0x823e4e08, _tag=Variable "_tag" is not available.
)
    at NGImap4Client.m:1508
0000013 0x09e5ba26 in -[NGImap4Client processCommand:] (self=0x88172b08, _cmd=0x29e28cb8, _command=0x823e4e08) at NGImap4Client.m:1579
0000014 0x09e5dbce in -[NGImap4Client fetchUids:parts:] (self=0x88172b08, _cmd=0x29e328c8, _uids=0x8b2b2688, _parts=0x7f9fb348) at NGImap4Client.m:865
0000015 0x09e8a78f in -[NGImap4Connection fetchUIDs:inURL:parts:] (self=0x7f9fbd88, _cmd=0x2a66c9c0, _uids=0x8b2b2688, _url=0x7f9f8a08, _parts=0x7f9fb348)
    at NGImap4Connection.m:541
0000016 0x0a67eda0 in -[SOGoMailFolder fetchUIDs:parts:] (self=0x829fb388, _cmd=0x2187a038, _uids=0x8b2b2688, _parts=0x7f9fb348) at SOGoMailFolder.m:555
0000017 0x018836f5 in -[UIxMailListActions getHeadersForUIDs:inFolder:] (self=0x7d262d48, _cmd=0x21879fe8, uids=0x8b2b2688, mailFolder=0x829fb388)
    at UIxMailListActions.m:597
0000018 0x018834ea in -[UIxMailListActions getHeadersAction] (self=0x7d262d48, _cmd=0x7dcc9358) at UIxMailListActions.m:722
0000019 0x0abb1195 in -[NSObject performSelector:] (self=0x7d262d48, _cmd=0x227c42f0, aSelector=0x7dcc9358) at NSObject.m:1831
0000020 0x0282c020 in -[WODirectAction performActionNamed:] (self=0x7d262d48, _cmd=0x2281d1a0, _actionName=0x7d262ec8) at WODirectAction.m:101
0000021 0x028c19ab in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x8b2b2208, _cmd=0x2281d1b8, _client=0x829fb388,
    _positionalArgs=0x0, _ctx=0x891bcc08) at SoActionInvocation.m:300
0000022 0x028c17ce in -[SoActionInvocation callOnObject:inContext:] (self=0x8b2b2208, _cmd=0x2281d148, _client=0x829fb388, _ctx=0x891bcc08) at SoActionInvocation.m:316
0000023 0x028c1853 in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x8b784a28, _cmd=0x2281d1b8, _client=0x829fb388,
    _positionalArgs=0x0, _ctx=0x891bcc08) at SoActionInvocation.m:259
0000024 0x028c17ce in -[SoActionInvocation callOnObject:inContext:] (self=0x8b784a28, _cmd=0x2281b1a8, _client=0x829fb388, _ctx=0x891bcc08) at SoActionInvocation.m:316
0000025 0x028bb3d9 in -[SoObjectMethodDispatcher dispatchInContext:] (self=0x7db79178, _cmd=0x2281b9b8, _ctx=0x891bcc08) at SoObjectMethodDispatcher.m:191
0000026 0x028bd65a in -[SoObjectRequestHandler handleRequest:inContext:session:application:] (self=0x80f4bf88, _cmd=0x227cdf38, _rq=0x82128108, _ctx=0x891bcc08, _sn=0x0,
    app=0x7e1fcb88) at SoObjectRequestHandler.m:591
0000027 0x0283e697 in -[WORequestHandler handleRequest:] (self=0x80f4bf88, _cmd=0x227ab948, _request=0x82128108) at WORequestHandler.m:241
0000028 0x027fb37d in -[WOCoreApplication dispatchRequest:usingHandler:] (self=0x7e1fcb88, _cmd=0x227ab978, _request=0x82128108, handler=0x80f4bf88)
    at WOCoreApplication.m:704
0000029 0x027fb25e in -[WOCoreApplication dispatchRequest:] (self=0x7e1fcb88, _cmd=0x3c0029b8, _request=0x82128108) at WOCoreApplication.m:744
0000030 0x1c0036a3 in -[SOGo dispatchRequest:] (self=0x7e1fcb88, _cmd=0x2280b3b0, _request=0x82128108) at SOGo.m:436
0000031 0x028aa5bb in -[WOHttpTransaction _run] (self=0x82128c08, _cmd=0x2280b3c8) at WOHttpTransaction.m:546
0000032 0x028ad66a in -[WOHttpTransaction run] (self=0x82128c08, _cmd=0x2280a6a8) at WOHttpTransaction.m:599
---Type <return> to continue, or q <return> to quit---
0000033 0x028a6fe5 in -[WOHttpAdaptor runConnection:] (self=0x842c8088, _cmd=0x2280a6f8, _socket=0x842c8808) at WOHttpAdaptor.m:398
0000034 0x028a8ce6 in -[WOHttpAdaptor _handleAcceptedConnection:] (self=0x842c8088, _cmd=0x2280a700, _connection=0x842c8808) at WOHttpAdaptor.m:432
0000035 0x028a89f2 in -[WOHttpAdaptor _handleConnection:] (self=0x842c8088, _cmd=0x2280a780, connection=0x842c8808) at WOHttpAdaptor.m:543
0000036 0x028a8eaf in -[WOHttpAdaptor acceptConnection:] (self=0x842c8088, _cmd=0x2280a688, _notification=0x8a991708) at WOHttpAdaptor.m:607
0000037 0x0aba171e in -[NSNotificationCenter _postAndRelease:] (self=0x8adac6d8, _cmd=0x2aa921d0, notification=0x8a991708) at NSNotificationCenter.m:1161
0000038 0x0aba0948 in -[NSNotificationCenter postNotificationName:object:userInfo:] (self=0x8adac6d8, _cmd=0x2aa921d8, name=0x24b8509c, object=0x842c8b48, info=0x0)
    at NSNotificationCenter.m:1220
0000039 0x0aba07be in -[NSNotificationCenter postNotificationName:object:] (self=0x8adac6d8, _cmd=0x24b85028, name=0x24b8509c, object=0x842c8b48)
    at NSNotificationCenter.m:1200
0000040 0x04bac8f2 in -[NSObject(FileObjectWatcher) receivedEvent:type:extra:forMode:] (self=0x842c8b48, _cmd=0x2aae6b40, _fdData=0xb, _type=ET_RDESC, _extra=0xb,
    _mode=0x2aaa60c0) at NSRunLoop+FileObjects.m:57
0000041 0x0acb53de in -[GSRunLoopCtxt pollUntil:within:] (self=0x7e1fc408, _cmd=0x2aaa6050, milliseconds=25692, contexts=0x813d9588) at GSRunLoopCtxt.m:636
0000042 0x0abf0b62 in -[NSRunLoop acceptInputForMode:beforeDate:] (self=0x813d9c08, _cmd=0x2aaa6078, mode=0x2aaa60c0, limit_date=0x813d97c8) at NSRunLoop.m:1197
0000043 0x0abeec83 in -[NSRunLoop runMode:beforeDate:] (self=0x813d9c08, _cmd=0x227ab8b8, mode=0x2aaa60c0, date=0x813d97c8) at NSRunLoop.m:1265
0000044 0x027fbd31 in -[WOCoreApplication run] (self=0x7e1fcb88, _cmd=0x3c0028c8) at WOCoreApplication.m:576
0000045 0x1c001b22 in -[SOGo run] () at SOGo.m:260
0000046 0x0282797e in WOApplicationMain (_appClassName=0x3c00196c, argc=5, argv=0xcfbedb40) at WOApplicationMain.m:42
0000047 0x028496bd in WOWatchDogApplicationMain (appName=0x3c00196c, argc=5, argv=0xcfbedb40) at WOWatchDogApplicationMain.m:969
0000048 0x1c001697 in gnustep_base_user_main (argc=5, argv=0xcfbedb40, env=0xcfbedb58) at sogod.m:53
0000049 0x0abdfc9e in main (argc=5, argv=Cannot access memory at address 0x4
) at NSProcessInfo.m:933
0000050 0x1c001397 in ___start ()
0000051 0x1c001317 in _start ()
0000052 0x00000000 in ?? ()



And the log output from sogod.log:
Dec 02 08:52:14 sogod [11081]: <0x0x21f423a0[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:ISO-8859-1HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2-INTERNAL
sogod in free(): error: bogus pointer (double free?) 0xffffffff
User avatar (0001915)
ludovic (administrator)
2010-12-02 10:41

That mail also works just fine.
(0001923)
buzzdee (reporter)
2010-12-02 13:22

also with the two defaults added that you recommended in bug report 0001022, the abort still happens reproducible.

Are there any other defaults I could try to set which might affect the abort?
(0001944)
buzzdee (reporter)
2010-12-10 17:37

after more debugging with gdb, and looking at the logs again, I found that the FromEncoding here is the problem: Both subjects use "strange" encodings.

The iconv_wrapper method in NSString+Encoding.m, gets an error back, when calling type = iconv_open(From, To). Then "type" is checked for errors
type == (iconv_t)-1), in case this happens, the code path is going to CLEAR_AND_RETURN, where it clears/frees the used memory, and returns the function. However, when type ==(iconv_t)-1) then it should not call iconv_close(type).

I added a check in the patch, to only call iconv_close when it is not (iconv_t)-1
(0001945)
gienger (reporter)
2010-12-13 16:59

I can't reproduce this. I copied evil-mail.txt 1:1 in my IMAP-folder and this is the result:

188.105.130.106 - - [13/Dec/2010:22:58:08 GMT] "POST /SOGo/so/pop05579/Mail//0/folderINBOX/117864/view?noframe=1 HTTP/1.1" 200 937/0 0.352 2601 63% 0
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f6423c60[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:WINDOWS-1252HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2LE
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f4d5fac0[NGMimeType]> +[NGMimeType stringEncodingForCharset:]: unknown charset 'windows-1252http-equivContent-Type'
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f6423c60[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:WINDOWS-1252HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2LE
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f4d5fac0[NGMimeType]> +[NGMimeType stringEncodingForCharset:]: unknown charset 'windows-1252http-equivContent-Type'
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f6423c60[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:WINDOWS-1252HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2LE
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f4d5fac0[NGMimeType]> +[NGMimeType stringEncodingForCharset:]: unknown charset 'windows-1252http-equivContent-Type'
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f6423c60[NSString]> iconv_wrapper: Could not handle iconv encoding. FromEncoding:WINDOWS-1252HTTP-EQUIVCONTENT-TYPE to encoding:UCS-2LE
Dec 13 22:58:11 sogod [29488]: <0x0x2ba2f4d5fac0[NGMimeType]> +[NGMimeType stringEncodingForCharset:]: unknown charset 'windows-1252http-equivContent-Type'
(0001946)
gienger (reporter)
2010-12-13 17:01

Bild 3.png show the result in my SOGo installation.

Version 1.3.4, running on CentOS 5.5 with latest patches installed.
Latest rpmforge packets. Latest SOGo update.
x86_64 architecture.
(0001947)
buzzdee (reporter)
2010-12-14 03:33

I don't know why it is not aborting on Linux. However, the OpenBSD malloc is different to others, not tolerating programming errors that stay uncovered on other systems. I think the A option (enabled by default) to OpenBSD malloc.conf causes the abort().
http://www.openbsd.org/cgi-bin/man.cgi?query=malloc.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html [^]
     A ``Abort''. malloc() will coredump the process, rather than
             tolerate internal inconsistencies or incorrect usage. This is
             the default and a very handy debugging aid, since the core file
             represents the time of failure, rather than when the bogus
             pointer was used.

As far as I can see, my patch seems to be right. Not freeing sth. that was not allocated seems reasonable for me. Please let me know if I am wrong.
(0002375)
buzzdee (reporter)
2011-04-13 07:37

could this be reviewed and commented, or even included if its fine? Shortly after a release is a good time to add new stuff, since the plenty of time for testing till the next release ;)
(0002430)
buzzdee (reporter)
2011-05-05 18:29
edited on: 2011-05-05 18:30

asking again, is there anything wrong with this patch?
patch still applies to 1.3.7 sources.

User avatar (0002580)
ludovic (administrator)
2011-06-15 16:54

Nothing wrong with the patch - will be included for 1.3.8.
User avatar (0002591)
ludovic (administrator)
2011-06-16 11:41

Patch pushed: http://mtn.inverse.ca/revision/diff/856965845eee02997e104f46f22a199238f9ed24/with/c209a0a647b14e436b77bc38e0b7b04cc2213d0d [^]

- Issue History
Date Modified Username Field Change
2010-12-01 14:06 buzzdee New Issue
2010-12-01 15:46 ludovic Note Added: 0001902
2010-12-01 16:12 buzzdee Note Added: 0001903
2010-12-01 16:13 buzzdee File Added: evil-mail.txt
2010-12-01 16:16 ludovic Note Added: 0001904
2010-12-01 16:17 ludovic File Added: Screen shot 2010-12-01 at 4.16.52 PM.png
2010-12-02 02:28 buzzdee Note Added: 0001908
2010-12-02 02:56 buzzdee Note Added: 0001909
2010-12-02 02:57 buzzdee File Added: evil-mail2.txt
2010-12-02 10:41 ludovic Note Added: 0001915
2010-12-02 13:22 buzzdee Note Added: 0001923
2010-12-10 17:37 buzzdee Note Added: 0001944
2010-12-10 17:40 buzzdee File Added: patch-sope-core_NGExtensions_FdExt_subproj_NSString+Encoding_m
2010-12-13 16:59 gienger Note Added: 0001945
2010-12-13 17:00 gienger File Added: Bild 3.png
2010-12-13 17:01 gienger Note Added: 0001946
2010-12-14 03:33 buzzdee Note Added: 0001947
2011-02-17 21:13 ludovic Status new => assigned
2011-02-17 21:13 ludovic Assigned To => ludovic
2011-04-13 07:37 buzzdee Note Added: 0002375
2011-05-05 18:29 buzzdee Note Added: 0002430
2011-05-05 18:30 buzzdee Note Edited: 0002430
2011-06-15 16:54 ludovic Note Added: 0002580
2011-06-15 16:54 ludovic Target Version => 1.3.8
2011-06-16 11:41 ludovic Note Added: 0002591
2011-06-16 11:41 ludovic Status assigned => resolved
2011-06-16 11:41 ludovic Resolution open => fixed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker