Bug 361461

Summary: often when searching in adressbook LDAP sylpheed segfaults
Product: [Fedora] Fedora Reporter: Jan Hutař <jhutar>
Component: sylpheedAssignee: Michael Schwendt <bugs.michael>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: bugs.michael, jsafrane
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 2.4.8-1.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-27 07:14:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
back trace
none
backtrace with openldap-debuginfo installed
none
Stability seems better to me
none
Stability seems better to me
none
With LDAP from Baylor University none

Description Jan Hutař 2007-11-01 11:14:39 UTC 
Description of problem:
Often when I'm searching in address-book LDAP, Sylpheed segfaults


Version-Release number of selected component (if applicable):
sylpheed-2.4.7-1.x86_64


How reproducible:
40%


Steps to Reproduce:
1. search in LDAP


Actual results:
Segmentation fault


Expected results:
Find expected results
Comment 1 Jan Hutař 2007-11-01 11:14:39 UTC 
Created attachment 245471 [details]
back trace
Comment 2 Michael Schwendt 2007-11-01 11:30:25 UTC 
It segfaults in libldap, which is the "openldap" package.
Please reproduce with an installed openldap-debuginfo package
to complete the missing details in the backtrace.
Comment 3 Jan Hutař 2007-11-01 13:56:29 UTC 
Created attachment 245551 [details]
backtrace with openldap-debuginfo installed

Now this was my test-case:

1. start Sylpheed (gdb `which sylpheed`; run --disable-crash-dialog), go to
address-book, select LDAP source
2. search for "Chris"
   # I got expected results
3. search for "Chris" again
   # crash
Comment 4 Michael Schwendt 2007-11-01 16:02:18 UTC 
That's a completely different backtrace, which really ends in
Sylpheed's code. I'm reassigning the ticket once more.

The other segfault that happens in libldap is worth examining, too,
however, since a library ought to protect itself from crashing.
Comment 5 Michael Schwendt 2007-11-01 23:57:43 UTC 
That place in the code where the backtrace from comment 3 points at
has only few reasons to crash (e.g. memory corruption or junk
returned by libldap). It retrieves entry attributes from OpenLDAP
and stores them, properly checking for NULL pointers.

Upstream has been notified. I've tried to reproduce it on i686/athlon
with lots of ldap lookups, but cannot reproduce it.

[...]

However, I've found a memory leak and the cause of the GLib
critical warning. A fix for that can be found here:
http://koji.fedoraproject.org/koji/buildinfo?buildID=23184
Comment 6 Michael Schwendt 2008-01-10 08:41:38 UTC 
There is sylpheed-2.4.7-1.3 in updates-testing. Are you still
able to reproduce these LDAP related problems?
Comment 7 Jan Hutař 2008-01-22 12:40:14 UTC 
Created attachment 292500 [details]
Stability seems better to me

Stability seems better to me, but I just got this crash (generated by
bug-buddy).
Comment 8 Jan Hutař 2008-01-22 12:57:25 UTC 
Created attachment 292501 [details]
Stability seems better to me

Err, sorry, now with correct -debuginfo installed (from
http://koji.fedoraproject.org/koji/buildinfo?buildID=28328)
Comment 9 Michael Schwendt 2008-01-22 13:31:00 UTC 
Where's the segmentation fault or fatal error condition?

With the word "crash" do you mean something different again?
For example, do you mean that you see network I/O time-outs as
you also did with IMAP before? That is something entirely different
from the initial comment in this ticket.

In both cases you traced into a running Sylpheed. That Sylpheed's
network access is imperfect is no secret. You can configure the
LDAP access timeout in Sylpheed's addressbook settings for your
LDAP Server.
Comment 10 Jan Hutař 2008-01-22 14:37:20 UTC 
Traceback in Comment #8 was generated by bug-buddy - I was searching through 
LDAP and bug-buddy suddenly appeared, so I think this is because Sylpheed core-
dumped.

To be sure it is not a problem with some specific LDAP settings, I have created 
new LDAP connection in address-book:

http://www.emailman.com/ldap/public.html
Baylor University
LDAP server = ldap.baylor.edu
LDAP base = ou=People,o=Baylor University,c=US

BTW: "--disable-crash-dialog" had no effect and bug-buddy appeared again.



$ sylpheed --disable-crash-dialog

(sylpheed:9351): LibSylph-WARNING **: pobox-2.corp.redhat.com: SSL certificate 
verify failed (20: unable to get local issuer certificate)


warning: Missing the separate debug info file: /usr/lib/debug/.build-id/1f/
c12f77d41b9459cc0e771ed23a04a20938445f.debug

...

warning: Missing the separate debug info file: /usr/lib/debug/.build-id/f5/
f3b510af236cf3bc203da03affc9fdf05bbb58.debug

warning: Missing the separate debug info file: /usr/lib/debug/.build-
id/37/7603ca19da31ceaf621233f0c4d86e0c9d8d69.debug
Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve 
property `GtkTreeView::odd-row-color' of type `GdkColor' from rc file value 
"((GString*) 0x8398c0)" of type `GString'



Thank you for all your effort you are putting into this.
Comment 11 Jan Hutař 2008-01-22 14:43:03 UTC 
Created attachment 292516 [details]
With LDAP from Baylor University
Comment 12 Michael Schwendt 2008-01-22 15:00:36 UTC 
#4  <signal handler called>
#5  ldap_search_ext (ld=0xffffffffb0000960, 
#6  0x00000030b140f5b2 in ldap_search_ext_s (ld=0xffffffffb0000960, 

That is in OpenLDAP again, not in Sylpheed.
Comment 13 Jan Safranek 2008-01-23 13:46:21 UTC 
When syldap_add_list_values calls ldap_get_values, ldap_get_values returns
correct char** pointer [1], but gchar** vals in syldap_add_list_values is
sometimes not valid [2]- the value is mangled somewhere between libldap and
sylpheed. 

[1]: if I set breakpoint at 'return' statement in ldap_get_values, I can see
valid pointer being returned (with some data inside)

[2]: if I set breakpoint at syldap.c:422 (just after the ldap_get_values call),
I *sometimes* can see in the debugger that the value of 'vals' is different to
value seen at breakpoint [1]

I tried to recompile everything with -O0, with the same result, I'll investigate
it further.
Comment 14 Jan Safranek 2008-01-23 14:56:38 UTC 
The sylpheed is wrongly compiled. If you compile it with -Wall, you can see:

syldap.c: In function 'syldap_add_list_values':
syldap.c:421: warning: implicit declaration of function 'ldap_get_values'
syldap.c:421: warning: assignment makes pointer from integer without a cast
syldap.c:427: warning: implicit declaration of function 'ldap_value_free'
syldap.c: In function 'syldap_add_single_value':
syldap.c:438: warning: assignment makes pointer from integer without a cast
syldap.c: In function 'syldap_search':
syldap.c:521: warning: implicit declaration of function 'ldap_init'
syldap.c:521: warning: assignment makes pointer from integer without a cast
syldap.c:532: warning: implicit declaration of function 'ldap_simple_bind_s'
syldap.c:536: warning: implicit declaration of function 'ldap_unbind'
syldap.c: In function 'syldap_read_basedn_s':
syldap.c:785: warning: assignment makes pointer from integer without a cast
syldap.c:815: warning: assignment makes pointer from integer without a cast
syldap.c:850: warning: assignment makes pointer from integer without a cast
syldap.c: In function 'syldap_read_basedn':
syldap.c:910: warning: assignment makes pointer from integer without a cast
syldap.c:944: warning: assignment makes pointer from integer without a cast
syldap.c:981: warning: assignment makes pointer from integer without a cast
syldap.c: In function 'syldap_test_connect_s':
syldap.c:1027: warning: implicit declaration of function 'ldap_open'
syldap.c:1027: warning: assignment makes pointer from integer without a cast
syldap.c: In function 'syldap_test_connect':

These undefined functions return some kind of pointer, but gcc uses default
prototype (=returning int). Int has 32 bites, pointer 64 -> additional warnings
+ crash.

Note: all these missing functions are deprecated by ldap, you can define
LDAP_DEPRECATED for quick&dirty fix or start using new functions (see ldap.h).
Comment 15 Michael Schwendt 2008-01-23 16:31:59 UTC 
Thanks! That explains why it cannot be reproduced at run-time
on 32-bit. However, it's obvious when seeing the warnings and
the broken return values in the debugger.
-Wall is Fedora default (see "rpm --eval %optflags"), and these
warnings are in the official build logs, too. I can see them
when using rpmbuild directly.

Going to fix this with LDAP_DEPRECATED for now. Whether to port
to the current OpenLDAP API or wait for upstream, I don't know
yet.
Comment 16 Fedora Update System 2008-01-24 22:01:01 UTC 
sylpheed-2.3.1-6 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sylpheed'
Comment 17 Fedora Update System 2008-01-24 22:01:06 UTC 
sylpheed-2.4.8-1.1 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update sylpheed'
Comment 18 Jan Hutař 2008-01-25 06:48:11 UTC 
Thank you very much for such a quick response and fix!
Comment 19 Fedora Update System 2008-01-27 07:14:16 UTC 
sylpheed-2.4.8-1.1 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2008-01-27 07:18:59 UTC 
sylpheed-2.3.1-6 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.