Open bremner opened 4 weeks ago
There are new findings in the Debian bug report which lead to the crash happens when an error message should be printed.
Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
76 in ../sysdeps/x86_64/multiarch/strlen-avx2.S
1: x/i $pc
=> 0x7f0527973dd9 <__strlen_avx2+25>: vpcmpeqb (%rdi),%ymm0,%ymm1
(rr) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:76
#1 0x00005639bd91306e in fdobuf::operator<< (str=0x6c69616d6c6c756e <error: Cannot access memory at address 0x6c69616d6c6c756e>, this=<optimized out>) at ./fdbuf/fdobuf.h:59
#2 fork_exec::wait (this=this@entry=0x7ffc4099cd00) at ./lib/forkexec.cc:125
#3 0x00005639bd91201f in DATA (param=...) at ./src/smtpd.cc:159
#4 DATA (param=...) at ./src/smtpd.cc:127
#5 0x00005639bd91144f in dispatch () at ./src/smtpd.cc:252
#6 main () at ./src/smtpd.cc:263
A git bisect showed 5850a49a as the first commit causing this crash.
Following diff would avoid the crash:
--- src/smtpd.cc.orig 2023-04-22 19:06:36.000000000 +0200
+++ src/smtpd.cc 2024-06-21 10:45:25.982395298 +0200
@@ -53,5 +53,5 @@ static mystring sender;
static mystring recipients;
-extern const char cli_program[] = "nullmailer-smtpd";
+const char* cli_program = "nullmailer-smtpd";
static int readline()
In 1 Axel observes that
reliably segfaults nullmailer.
I duplicated this also with
I ran nullmailer-smtpd under gdb and valgrind and it succeeded in both cases. I tried rebuilding with ASAN, and the test "Testing protocol success with smtp (stdin)" finds one memory leak.
Looking at the code there is indeed a leak, but it's hard to see how it would lead to a crash.