Closed
Bug 336619
Opened 20 years ago
Closed 17 years ago
Crash if IMAP literal contains data after chunk boundary
Categories
(MailNews Core :: Networking: IMAP, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: phrank, Assigned: Bienvenu)
Details
(Keywords: crash, Whiteboard: closeme 2008-06-19)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/Debian-1.5.dfsg+1.5.0.2-3 Firefox/1.5.0.2
Build Identifier: 1.0.7 (20051017)
While testing an IMAP daemon I was just hacking, I noticed Thunderbird would crash when it fetched a certain message. This was due to a bug in my daemon because it sent an additional line feed character (LF) in the fetch response if the last charachter should have been a carriage return (CR). I could reproduce the crashes by inserting an arbitrary character, for example an 'x'.
1 UID FETCH (BODY[]<0.10240>)
* UID FETCH (BODY[]<0> {10240}
<10239 octets>^Mx)
Here is the output from the debug log:
-1245955152[8b33d38]: 89d3720:imap.xxx.org:S-XXXXXXXX:CreateNewLineFromSocket: ngnWppK9tupQIguhqPFnn3255m9U3N/Ej1QPbnmb+OTfxKfVEjQK7m9X5LwyiyDs/L30lxil^Mx)^M
-1245955152[8b33d38]: PARSER: CR/LF fell on chunk boundary.
-1245955152[8b33d38]: 89d3720:imap.xxx.org:S-XXXXXXXX:PARSER:Internal Syntax Error: %s: ngnWppK9tupQIguhqPFnn3255m9U3N/Ej1QPbnmb+OTfxKfVEjQK7m9X5LwyiyDs/L30lxil^Mx)^M
-1245955152[8b33d38]: 89d3720:imap.xxx.org:S-XXXXXXXX:STREAM:CLOSE: Abort Message Download Stream
-1245955152[8b33d38]: BODYSHELL: Adding shell to cache.
Note the 'x' before the closing brace at ...il^Mx)^M
^M stands for carriage return.
Reproducible: Always
Steps to Reproduce:
1. Forge any IMAP daemon to send an extra byte.
2. Find or prepare a large message where offset 10240 points between CR and LF.
3. Fetch that message
Actual Results:
Thunderbird exits (crashes) without error message.
Expected Results:
Thunderbird should handle this gracefully or even better show an error message.
Instead of crashing, Thunderbird 1.5.0.2 just did not respond any more and consumed a lot of CPU cycles, maybe an endless loop.
you have two competing actual results, one is under expected results, did you recycle part of your bug filing?
Assignee: mscott → bienvenu
Component: General → Networking: IMAP
Keywords: crash
Product: Thunderbird → Core
QA Contact: general → grylchan
Version: unspecified → 1.8 Branch
|
Reporter | |
Comment 2•20 years ago
|
||
Beg your pardon of this was confusing. I used the guided web-form and typed the 1.5.0.2 stuff into the "Additional Information" text box.
|
||
Comment 3•20 years ago
|
||
Frank, you said:
Thunderbird exits (crashes) without error message.
and then
Thunderbird 1.5.0.2 just did not respond any more
Which one happened?
|
|
Reporter | |
Comment 4•20 years ago
|
||
Both versions behave differently:
1.0.7 crashes (means: process terminates unexpectedly.)
1.5.0.2 hangs (means: does not accept input, consumes CPU cycles.)
|
|
||
Comment 5•17 years ago
|
||
Reporters, does this issue still occur in the latest supported 2.0.0.14 / trunk nightlies?
Whiteboard: closeme 2008-06-19
|
|
Reporter | |
Comment 6•17 years ago
|
||
I do not have access to the original source code, so I tried to reproduce the behaviour (using inetd and a quick and dirty hack spitting out IMAP responses). 2.0.0.14 seems to work fine.
|
|
||
Comment 7•17 years ago
|
||
resolving WORKSFORME based on comment #6.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•