From ce36265c5ac674c233d3c59d05c2dc81a58ca5aa Mon Sep 17 00:00:00 2001 From: David Bremner Date: Fri, 10 Jun 2016 15:06:58 +2100 Subject: [PATCH] [Lars Luthman] Bug#826843: Calls to notmuch_database_add_message() after notmuch_database_close() crash --- d5/a235a6415f39953a9c4e808b55a7c0752a1fb0 | 328 ++++++++++++++++++++++ 1 file changed, 328 insertions(+) create mode 100644 d5/a235a6415f39953a9c4e808b55a7c0752a1fb0 diff --git a/d5/a235a6415f39953a9c4e808b55a7c0752a1fb0 b/d5/a235a6415f39953a9c4e808b55a7c0752a1fb0 new file mode 100644 index 000000000..5cba61fa3 --- /dev/null +++ b/d5/a235a6415f39953a9c4e808b55a7c0752a1fb0 @@ -0,0 +1,328 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 1AE446DE0222 + for ; Thu, 9 Jun 2016 11:07:10 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.011 +X-Spam-Level: +X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 + tests=[AWL=-0.000, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] + autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id Eob_sFdZ8LxG for ; + Thu, 9 Jun 2016 11:07:02 -0700 (PDT) +Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) + by arlo.cworth.org (Postfix) with ESMTPS id 6E07A6DE01BE + for ; Thu, 9 Jun 2016 11:07:02 -0700 (PDT) +Received: from remotemail by fethera.tethera.net with local (Exim 4.84) + (envelope-from ) + id 1bB4Lw-0005be-GO; Thu, 09 Jun 2016 14:06:48 -0400 +Received: (nullmailer pid 6896 invoked by uid 1000); + Thu, 09 Jun 2016 18:06:58 -0000 +From: David Bremner +To: notmuch@notmuchmail.org +Subject: [Lars Luthman] Bug#826843: Calls to notmuch_database_add_message() + after notmuch_database_close() crash +User-Agent: Notmuch/0.22+28~gb9bf3f4 (http://notmuchmail.org) Emacs/24.5.1 + (x86_64-pc-linux-gnu) +Date: Thu, 09 Jun 2016 15:06:58 -0300 +Message-ID: <87porqxmm5.fsf@tesseract.cs.unb.ca> +MIME-Version: 1.0 +Content-Type: message/rfc822 +Content-Disposition: inline +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Thu, 09 Jun 2016 18:07:10 -0000 + +Return-path: +Envelope-to: david@tethera.net +Delivery-date: Thu, 09 Jun 2016 12:51:04 -0400 +Received: from arlo.cworth.org ([50.126.95.6]) + by fethera.tethera.net with esmtp (Exim 4.84) + (envelope-from ) + id 1bB3Ae-0004dq-L2 + for david@tethera.net; Thu, 09 Jun 2016 12:51:04 -0400 +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 3A8906DE0314; + Thu, 9 Jun 2016 09:51:10 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id JlCNsTTh5kz0; Thu, 9 Jun 2016 09:51:02 -0700 (PDT) +Received: from arlo.cworth.org (localhost [IPv6:::1]) + by arlo.cworth.org (Postfix) with ESMTP id 9F0766DE01C2; + Thu, 9 Jun 2016 09:50:54 -0700 (PDT) +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 1FD286DE01C2 + for ; Thu, 9 Jun 2016 08:44:36 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id 8_30yotZM4k9 for ; + Thu, 9 Jun 2016 08:44:27 -0700 (PDT) +Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) + by arlo.cworth.org (Postfix) with ESMTPS id A6EEC6DE01BE + for ; Thu, 9 Jun 2016 08:44:27 -0700 (PDT) +Received: from remotemail by fethera.tethera.net with local (Exim 4.84) + (envelope-from ) + id 1bB27w-0003ly-4r + for notmuch@notmuchmail.org; Thu, 09 Jun 2016 11:44:12 -0400 +Received: (nullmailer pid 558 invoked by uid 1000); + Thu, 09 Jun 2016 15:44:21 -0000 +Resent-To: notmuch@notmuchmail.org +Resent-From: David Bremner +Resent-Date: Thu, 09 Jun 2016 12:44:21 -0300 +Resent-Message-ID: <87wplyxt7u.fsf@tesseract.cs.unb.ca> +Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]) + by fethera.tethera.net with esmtp (Exim 4.84) + (envelope-from ) + id 1bAxjp-0008T2-FK + for david@tethera.net; Thu, 09 Jun 2016 07:03:01 -0400 +Received: from ticharich.debian.org ([2001:41c8:1000:21::21:23]) + from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, + CN=ticharich.debian.org, EMAIL=hostmaster@ticharich.debian.org (verified) + by mailly.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) + (Exim 4.84_2) + (envelope-from ) + id 1bAxk0-0004GV-Nd + for david@tethera.net; Thu, 09 Jun 2016 11:03:12 +0000 +Received: from localhost ([::1] helo=ticharich.debian.org) + by ticharich.debian.org with esmtp (Exim 4.84_2) + (envelope-from ) + id 1bAxk0-00069c-DW + for david@tethera.net; Thu, 09 Jun 2016 11:03:12 +0000 +Received: from muffat.debian.org ([2607:f8f0:610:4000:6564:a62:ce0c:1392]) + from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, + CN=muffat.debian.org, EMAIL=hostmaster@muffat.debian.org (verified) + by ticharich.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) + (Exim 4.84_2) (envelope-from ) + id 1bAxk0-00069V-4O + for dispatch+notmuch@tracker.debian.org; Thu, 09 Jun 2016 11:03:12 +0000 +Received: from quantz.debian.org ([2001:41c8:1000:21::21:28]) + from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, + CN=quantz.debian.org, EMAIL=hostmaster@quantz.debian.org (verified) + by muffat.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) + (Exim 4.84_2) (envelope-from ) + id 1bAxjx-0005AY-PW + for dispatch+notmuch@tracker.debian.org; Thu, 09 Jun 2016 11:03:10 +0000 +Received: from qa by quantz.debian.org with local (Exim 4.84_2) + (envelope-from ) id 1bAxjw-0006ua-BG + for dispatch+notmuch@tracker.debian.org; Thu, 09 Jun 2016 11:03:08 +0000 +Received: from buxtehude.debian.org ([2607:f8f0:610:4000:2015:12:0:147]) + from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, + CN=buxtehude.debian.org, EMAIL=hostmaster@buxtehude.debian.org (verified) + by quantz.debian.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) + (Exim 4.84_2) (envelope-from ) + id 1bAxjw-0006tk-4N + for notmuch@packages.qa.debian.org; Thu, 09 Jun 2016 11:03:08 +0000 +Received: from debbugs by buxtehude.debian.org with local (Exim 4.84_2) + (envelope-from ) + id 1bAxjt-0005Bk-Ec; Thu, 09 Jun 2016 11:03:05 +0000 +X-Loop: owner@bugs.debian.org +Subject: Bug#826843: Calls to notmuch_database_add_message() after + notmuch_database_close() crash +Also-Resent-From: Lars Luthman +Also-Resent-To: debian-bugs-dist@lists.debian.org +Also-Resent-CC: Carl Worth +X-Loop: owner@bugs.debian.org +Also-Resent-Date: Thu, 09 Jun 2016 11:03:01 +0000 +Also-Resent-Message-ID: +X-Debian-PR-Message: report 826843 +X-Debian-PR-Package: libnotmuch-dev +X-Debian-PR-Keywords: +X-Debian-PR-Source: notmuch +Received: via spool by submit@bugs.debian.org id=B.146547014919804 + (code B); Thu, 09 Jun 2016 11:03:01 +0000 +Received: (at submit) by bugs.debian.org; 9 Jun 2016 11:02:29 +0000 +X-Spam-Bayes: score:0.0000 Tokens: new, 47; hammy, 150; neutral, 161; spammy, + 0. spammytokens: hammytokens:0.000-+--systemd, 0.000-+--deb8u1, + 0.000-+--H*UA:3.12.9-1, 0.000-+--H*x:3.12.9-1, 0.000-+--en_GButf8 +Received: from v-smtpgw2.han.skanova.net ([81.236.60.205]) + by buxtehude.debian.org with esmtp (Exim 4.84_2) + (envelope-from ) id 1bAxjJ-00058n-Da + for submit@bugs.debian.org; Thu, 09 Jun 2016 11:02:29 +0000 +Received: from miskatonic.local ([78.69.244.232]) by cmsmtp with SMTP + id Axj9bO3cdctqUAxjAb5kXm; Thu, 09 Jun 2016 13:02:21 +0200 +Message-ID: <1465470142.3501.10.camel@larsluthman.net> +From: Lars Luthman +To: submit@bugs.debian.org +Date: Thu, 09 Jun 2016 13:02:22 +0200 +X-Mailer: Evolution 3.12.9-1+b1 +X-CMAE-Envelope: MS4wfMMdDsIM1l3Qa1f8AMdqkBLsZulSFkVnPILa/7bnKy7vEm4kePEgzC6NTWfUzgizPIZAc6sUB2evyOmtpQUgDjqXQ6LEQxTtw+vIUvUyHA7aLhnK00Hl + FQksKsJl/A76jQ8iymRFjr2C22qm20As/LrAUsbskpt9lKP8xDC8VLW511/i88tLX5zSWk/3fOrzaA== +X-Loop: dispatch@tracker.debian.org +X-Distro-Tracker-Package: notmuch +X-Distro-Tracker-Keyword: bts +X-Debian-Package: notmuch +X-Debian: tracker.debian.org +X-PTS-Package: notmuch +X-PTS-Keyword: bts +Precedence: list +X-Mailman-Approved-At: Thu, 09 Jun 2016 09:50:52 -0700 +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Reply-To: Lars Luthman , 826843@bugs.debian.org +Errors-To: notmuch-bounces@notmuchmail.org +Sender: "notmuch" +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="==-=-=" + +--==-=-= +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline + +Package: libnotmuch-dev +Version: 0.18.2-1 +Severity: important + +In the API documentation for notmuch_database_close() it says: + + * After notmuch_database_close has been called, calls to other + * functions on objects derived from this database may either behave + * as if the database had not been closed (e.g., if the required data + * has been cached) or may fail with a + * NOTMUCH_STATUS_XAPIAN_EXCEPTION. + +However, if you call notmuch_database_close() on a database and then +call notmuch_database_add_message(), it doesn't fail nicely with a +NOTMUCH_STATUS_XAPIAN_EXCEPTION, it segfaults. + +This should either be fixed so it doesn't crash, as documented, or the +documentation should be changed to describe which functions are unsafe +to call after notmuch_database_close(). + +I'm attaching a small C program to reproduce the bug. It crashes with +the following backtrace: + +(gdb) bt +#0 0xb71f3f27 in Xapian::WritableDatabase::begin_transaction(bool) () + from /usr/lib/sse2/libxapian.so.22 +#1 0xb779480d in notmuch_database_begin_atomic () + from /usr/lib/i386-linux-gnu/libnotmuch.so.3 +#2 0xb7794fa0 in notmuch_database_add_message () + from /usr/lib/i386-linux-gnu/libnotmuch.so.3 +#3 0x080488d3 in add_new_email (db=0x82b5610, + filename=0x8048b51 "/new-mail-2@example.net:2,", content=0x8048b30 +"hello") + at notmuchcrash.c:27 +#4 0x080489d7 in main () at notmuchcrash.c:52 + + +Installed version of libxapian22: 1.2.19-1+deb8u1 + + +-- System Information: +Debian Release: 8.5 + APT prefers stable-updates + APT policy: (500, 'stable-updates'), (500, 'stable') +Architecture: i386 (i686) + +Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) +Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) +Shell: /bin/sh linked to /bin/dash +Init: systemd (via /run/systemd/system) + +Versions of packages libnotmuch-dev depends on: +ii libnotmuch3 0.18.2-1 + +libnotmuch-dev recommends no packages. + +libnotmuch-dev suggests no packages. + +-- no debconf information + +--==-=-= +Content-Type: text/x-csrc; charset=utf-8; name=notmuchcrash.c +Content-Disposition: attachment; filename=notmuchcrash.c + +/* Compile with: + gcc -g -std=c99 -Wall -Werror -o notmuchcrash -lnotmuch notmuchcrash.c +*/ + +#define _POSIX_C_SOURCE 200809L + +#include +#include +#include + +#include + + +#define DIE(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0) + + +void add_new_email(notmuch_database_t* db, + char const* filename, char const* content) { + char mail_path[64]; + strcpy(mail_path, notmuch_database_get_path(db)); + strcat(mail_path, filename); + FILE* mf = fopen(mail_path, "w+"); + if (!mf) DIE("Failed to open mail file"); + if (fwrite(content, strlen(content), 1, mf) != 1) + DIE("Failed to write mail"); + if (fclose(mf)) DIE("Failed to close file"); + if (notmuch_database_add_message(db, mail_path, NULL) != + NOTMUCH_STATUS_FILE_NOT_EMAIL) + DIE("Something went wrong when adding the email"); +} + + +int main() { + + /* Create new database. */ + char db_path[32]; + strcpy(db_path, "/tmp/notmuchcrash-XXXXXX"); + if (!mkdtemp(db_path)) DIE("Failed to create unique directory"); + notmuch_database_t* db; + if (notmuch_database_create(db_path, &db)) DIE("Failed to create database"); + + /* This doesn't have to be a valid email, it will crash either way. */ + char const* mail_data = "hello"; + + /* First, try to add a file before closing. */ + add_new_email(db, "/new-mail-1@example.net:2,", mail_data); + + /* Close the database. */ + notmuch_database_close(db); + + /* Now try again. This will crash. */ + add_new_email(db, "/new-mail-2@example.net:2,", mail_data); + + return 0; +} + +--==-=-= +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline + +_______________________________________________ +notmuch mailing list +notmuch@notmuchmail.org +https://notmuchmail.org/mailman/listinfo/notmuch + +--==-=-=-- -- 2.26.2