Re: httpd crashes on caldav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/23/24 10:23, Andrea Venturoli wrote:

So I compiled Cyrus with debug info and here's the stack trace
An update: new stack frame with libical also compiled with debug info (thanks Mark for the suggestion):

#0  0x00000008349c492b in icalparser_string_line_generator (out=0x84080bdb0 "", buf_size=80, d=0x820ff1178) at /wrkdirs/usr/ports/devel/libical/work/libical-3.0.16/src/libical/icalparser.c:1298
#1  0x00000008349c24e1 in icalparser_get_line (parser=0x84080bda0, line_gen_func=0x8349c4890 <icalparser_string_line_generator>) at /wrkdirs/usr/ports/devel/libical/work/libical-3.0.16/src/libical/icalparser.c:536
#2  0x00000008349c273b in icalparser_parse (parser=0x84080bda0, line_gen_func=0x8349c4890 <icalparser_string_line_generator>) at /wrkdirs/usr/ports/devel/libical/work/libical-3.0.16/src/libical/icalparser.c:639
#3  0x00000008349c4acc in icalparser_parse_string (
    str=0x854ded1fc "BEGIN:VCALENDAR\r\nPRODID:-//Mozilla.org/NONSGML Mozilla Calendar V1.1//EN\r\nVERSION:2.0\r\nBEGIN:VTIMEZONE\r\nTZID:Europe/Rome\r\nX-TZINFO:Europe/Rome[2024a]\r\nBEGIN:STANDARD\r\nTZOFFSETTO:+0100\r\nTZOFFSETFROM:+\
0"...) at /wrkdirs/usr/ports/devel/libical/work/libical-3.0.16/src/libical/icalparser.c:1351
#4  0x000000000024998e in propfind_caldata (name=0x8407fe780 "calendar-data", ns=0x8407caae0, fctx=0x820ff28d8, prop=0x840815c00, resp=0x84093a800, propstat=0x820ff1470, rock=0x14) at imap/http_caldav.c:5867
#5  0x00000000002649c9 in xml_add_response (fctx=0x820ff28d8, code=0, precond=0, desc=0x0, location=0x0) at imap/http_dav.c:1581
#6  0x0000000000270802 in propfind_by_resource (rock=0x820ff28d8, data=0x82434e8b0 <caldav_lookup_resource[cdata]>) at imap/http_dav.c:5867
#7  0x00000000002741c7 in report_multiget (txn=0x820ff2b98, rparams=0x2d2000 <caldav_params>, inroot=0x840815a80, fctx=0x820ff28d8) at imap/http_dav.c:7408
#8  0x00000000002616f1 in meth_report (txn=0x820ff2b98, params=0x2d2000 <caldav_params>) at imap/http_dav.c:8266
#9  0x000000000029c801 in process_request (txn=0x820ff2b98) at imap/httpd.c:1827
#10 0x00000000002a49da in http1_input (txn=0x820ff2b98) at imap/httpd.c:1893
#11 0x000000000029a32d in cmdloop (conn=0x820ff5dd8) at imap/httpd.c:2046
#12 0x0000000000299d55 in service_main (argc=1, argv=0x840779000, envp=0x820ff70d8) at imap/httpd.c:963
#13 0x00000000002c73b6 in main (argc=1, argv=0x820ff70c8, envp=0x820ff70d8) at master/service.c:647

At frame #3 (icalparser_parse_string), it seems str is 7684 chars long, but not null-terminated.
Should it be?

Going up the stack, at frame #4 (propfind_caldata):
fctx->msg_buf.len=8192
fctx->s is full, again without a null terminator.

Should I write to development@?
Should I open a bug report?

 bye & Thanks
       av.

------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/T05b45bbac2f79f61-M5871e9e687e647fb1c9242ec
Delivery options: https://cyrus.topicbox.com/groups/info/subscription




[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]
  Powered by Linux