Hi,
Because I was getting segfaults in libc in calloc calls by the indexer
process of Dovecot 2.3.16, I ran indexer with valgrind to look for
possible memory corruption. It did indeed find that indexer was
accessing memory that had already been freed, I've attached the log file.
I've then tried running Dovecot with the fix in commit
97367ef61784a364ccf615cb816be6492329050d, but that didn't make any
difference. Reverting (just the code in src/indexer) to the last
revision before the recent rewrite to use connection.c
(d76761698a06bab60a741c6794252fddec4292ef) did: valgrind doesn't log any
errors anymore, and indexer has stopped crashing.
Onno
==15425== Memcheck, a memory error detector
==15425== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15425== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==15425== Command: /usr/lib/dovecot/indexer.orig
==15425== Parent PID: 15410
==15425==
==15425== Invalid write of size 8
==15425== at 0x405D27: worker_connection_call_callback
(worker-connection.c:44)
==15425== by 0x405D27: worker_connection_input_args (worker-connection.c:109)
==15425== by 0xFFFCE8756: connection_input_default (connection.c:95)
==15425== by 0xFFFD0FB83: io_loop_call_io (ioloop.c:727)
==15425== by 0xFFFD11DF2: io_loop_handler_run_internal (ioloop-poll.c:213)
==15425== by 0xFFFD0FC22: io_loop_handler_run (ioloop.c:779)
==15425== by 0xFFFD0FDF7: io_loop_run (ioloop.c:752)
==15425== by 0xFFFC67F0A: master_service_run (master-service.c:865)
==15425== by 0x4049F4: main (indexer.c:145)
==15425== Address 0xfff6bf0e0 is 368 bytes inside a block of size 384 free'd
==15425== at 0xFFFF65981: free (vg_replace_malloc.c:766)
==15425== by 0x406494: worker_pool_release_connection (worker-pool.c:105)
==15425== by 0x4046C1: worker_status_callback (indexer.c:112)
==15425== by 0x405D1B: worker_connection_call_callback
(worker-connection.c:42)
==15425== by 0x405D1B: worker_connection_input_args (worker-connection.c:109)
==15425== by 0xFFFCE8756: connection_input_default (connection.c:95)
==15425== by 0xFFFD0FB83: io_loop_call_io (ioloop.c:727)
==15425== by 0xFFFD11DF2: io_loop_handler_run_internal (ioloop-poll.c:213)
==15425== by 0xFFFD0FC22: io_loop_handler_run (ioloop.c:779)
==15425== by 0xFFFD0FDF7: io_loop_run (ioloop.c:752)
==15425== by 0xFFFC67F0A: master_service_run (master-service.c:865)
==15425== by 0x4049F4: main (indexer.c:145)
==15425== Block was alloc'd at
==15425== at 0xFFFF66B88: calloc (vg_replace_malloc.c:1128)
==15425== by 0xFFFD1C329: pool_system_malloc (mempool-system.c:105)
==15425== by 0x406128: p_malloc (mempool.h:107)
==15425== by 0x406128: worker_connection_create (worker-connection.c:222)
==15425== by 0x40642A: worker_pool_add_connection (worker-pool.c:60)
==15425== by 0x40642A: worker_pool_get_connection (worker-pool.c:96)
==15425== by 0x40486E: queue_try_send_more (indexer.c:85)
==15425== by 0x4052B6: indexer_queue_append_finish (indexer-queue.c:129)
==15425== by 0x4052B6: indexer_queue_append (indexer-queue.c:144)
==15425== by 0x404B01: indexer_client_request_queue (indexer-client.c:68)
==15425== by 0x404D53: indexer_client_request (indexer-client.c:112)
==15425== by 0x404D53: indexer_client_input_args (indexer-client.c:130)
==15425== by 0xFFFCE8756: connection_input_default (connection.c:95)
==15425== by 0xFFFD0FB83: io_loop_call_io (ioloop.c:727)
==15425== by 0xFFFD11DF2: io_loop_handler_run_internal (ioloop-poll.c:213)
==15425== by 0xFFFD0FC22: io_loop_handler_run (ioloop.c:779)
