From: markus schnalke <meillo@marmaro.de>
  To  : <masqmail@marmaro.de>
  Date: Wed, 16 Nov 2011 10:14:08 +0100

Re: [masqmail] problem using wrapper option for smtp.google.com

[2011-11-16 08:39] Juergen Daubert <jue@jue.li>
> On Tue, Nov 15, 2011 at 11:38:28PM +0100, markus schnalke wrote:
>>
>> Similar here. The mail is queued and when you process the queue, it
>> alters between ``is locked'' and ``segfault''. (The lock file also
>> gets created and removed in alteration.)
>>
>> The real problem is the segfault, which leaves the spool file locked
>> when the process dies. The next time, no delivery is tried, just the
>> lock file gets removed. And so on.
>>
>> The cause for the segfault is changeset 412385b57dc4. I discovered
>> this problem on October 25 and fixed it in changeset b0708fac99dd. The
>> current version on hg.marmaro.de/masqmail has the problem fixed.
>
> The big question is why version 0.3.3 works for other people like me?

True. AFAIK, it's just random.

There had been access to uninitialized memory involved:

	smtp_base *psb;
	[... nothing with psb ...]
	psb->remote_host = host;

The initial value of the local variable psb is random. As it is a
pointer, it could point anywhere. If this anywhere is inside the
address space (or mapped memory?) of the process, arbitrary value gets
overwritten but things appear to work well. If it is outside, you get
a segfault.

In our case, the assignment was useless, because afterwards psb was
malloced and pointed to a defined location then. Just somewhere in the
memory area of the process sizeof(gchar *) bytes got overwritten. (If
not a segfault occured, of course.)

This is my understanding of the topic.


meillo