php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47696 php segmentation fault on imap_open for a few mailboxes in cyrus-imapd
Submitted: 2009-03-17 20:14 UTC Modified: 2009-05-08 01:00 UTC
From: emerson dot virti at gmail dot com Assigned:
Status: No Feedback Package: IMAP related
PHP Version: 5.2.9 OS: debian etch
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-03-17 20:14 UTC] emerson dot virti at gmail dot com
Description:
------------
Hello,
My company have almost 10k mailboxes on Cyrus Imap.
We use Thunderbird for IMAP client and PHP for webmail.
We have a problem in a very few mailboxes. This boxes don't have any visible problem with Thunderbird access, but in PHP the (webmail) access provide a "segmentation failed".
If I modify the cyrus.header file the "segmentation failed" problem is resolved.

This (below) is a problematic cyrus.header. The problem is in the number of line fields. Each 'xnn' represents a imap labels.

?^B<8b>^MCyrus mailbox header
"The best thing about this system was that it had lots of goals."
        --Jim Morris on Andrew
user.02401690778        5bc4b7c0488731c8
02401690778 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x10 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31


If I modify cyrus.header, droping one field (x31), the "segmentation failed" is resolved, but this generate a Thunderbird labels messages problem.

Modified cyrus.header:
?^B<8b>^MCyrus mailbox header
"The best thing about this system was that it had lots of goals."
        --Jim Morris on Andrew
user.02401690778        5bc4b7c0488731c8
02401690778 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x10 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30


PHP version: 5.2.9
Thunderbird version: 2.0.0.14;
Cyrus Impad version: cyrus-imapd-2.2
linux-kernel: 2.6.18-6-686


Thanks.



Reproduce code:
---------------
<?php
$mbox = imap_open("{myserver:143/notls}INBOX", "0240169xxxx", "password") or die("can't connect: " . imap_last_error());
imap_close($mbox);
?>

Expected result:
----------------
none

Actual result:
--------------
# gdb /usr/local/bin/php
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run /root/imap_list.php
Starting program: /usr/local/bin/php /root/imap_list.php
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1215412000 (LWP 2644)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215412000 (LWP 2644)]
0xb7e19dba in mail_free_elt () from /usr/lib/libc-client.so.2002edebian
(gdb) bt
#0  0xb7e19dba in mail_free_elt () from /usr/lib/libc-client.so.2002edebian
#1  0xb7e1bf33 in mm_cache () from /usr/lib/libc-client.so.2002edebian
#2  0xb7e1bf68 in mm_cache () from /usr/lib/libc-client.so.2002edebian
#3  0xb7e1a1b3 in mail_free_cache () from /usr/lib/libc-client.so.2002edebian
#4  0xb7e1a275 in mail_close_full () from /usr/lib/libc-client.so.2002edebian
#5  0x08115f55 in mail_close_it (rsrc=0xb78affcc) at /root/php-5.2.9/ext/imap/php_imap.c:224
#6  0x0832bae8 in list_entry_destructor (ptr=0xb78affcc) at /root/php-5.2.9/Zend/zend_list.c:184
#7  0x083292e2 in zend_hash_del_key_or_index (ht=0x848d608, arKey=0x0, nKeyLength=0, h=4, flag=1) at /root/php-5.2.9/Zend/zend_hash.c:497
#8  0x0832b7a3 in _zend_list_delete (id=4) at /root/php-5.2.9/Zend/zend_list.c:58
#9  0x08119531 in zif_imap_close (ht=1, return_value=0xb78aeff8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /root/php-5.2.9/ext/imap/php_imap.c:1158
#10 0x08342977 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9db294) at /root/php-5.2.9/Zend/zend_vm_execute.h:200
#11 0x083484c3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9db294) at /root/php-5.2.9/Zend/zend_vm_execute.h:1729
#12 0x083424da in execute (op_array=0xb78af738) at /root/php-5.2.9/Zend/zend_vm_execute.h:92
#13 0x0831d5ef in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php-5.2.9/Zend/zend.c:1134
#14 0x082cb7ea in php_execute_script (primary_file=0xbf9dd62c) at /root/php-5.2.9/main/main.c:2023
#15 0x0839a467 in main (argc=2, argv=0xbf9dd764) at /root/php-5.2.9/sapi/cli/php_cli.c:1133
(gdb) 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-17 21:13 UTC] jani@php.net
Looks more like a bug in c-client. Please try with the latest c-
client version first.
 [2009-03-25 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-04-30 20:24 UTC] pajoye@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-05-08 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Mar 01 07:01:23 2021 UTC