Re: can not download IMAP messages with isync/mbsync

[RVP <rvp%SDF.ORG@localhost>]

On Sun, 6 Nov 2022, Marko Bauhardt wrote:

> This give me the following error while `configure`
>
> ```
> configure: error: compiler does not support required C11 features
>
> ```

This shouldn't happen. Do you any custom CC, CPPFLAGS, CFLAGS, LDFLAGS
set?

> I‘m getting
>
> ´´´
> Loading far side box...
> F: [ 5] Enter load_box, [1,inf] (find >= 0, paired <= 4294967295, new > 0)
> =================================================================
> ==20988==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62a8a979 at pc 0x650d7c30 bp 0x7fe47f64 sp 0x7fe47b28
> WRITE of size 10 at 0x62a8a979 thread T0
> ASAN:DEADLYSIGNAL
> AddressSanitizer: nested bug in the same thread, aborting.
> ´´´

ASAN:DEADLYSIGNAL indicates some kind of severe issue. The sanitizer
should've produced a call-trace instead of that.

I've not been able to reproduce this at all even with 3 servers (2
providers and 1 local [dovecot +COMPRESS]) on 9.3_STABLE/amd64.

Can you try with the patch below. Compile isync-1.4.4 like this:

```
unset CC
export CFLAGS="-O0 -g -fsanitize=address"
export CPPFLAGS=-I/usr/pkg/include
export LDFLAGS="-L/usr/pkg/lib -Wl,-rpath=/usr/pkg/lib"
tar -xf /tmp/isync-1.4.4.tar.gz
mkdir build-isync-1.4.4
cd build-isync-1.4.4
../isync-1.4.4/configure --prefix=/tmp/I
make
make install
```
This create a non-PIE debug executable which you can run/debug after
setting ASLR off: `sysctl -w security.pax.aslr.enabled=0'

See if the sanitizer error goes away and you get a proper call-trace.
As it is now, I doubt we can use that PC address (0x650d7c30) in GDB
and get a correct code (l)isting: it will most likely be in ASAN itself.

---START---
diff -urN isync-1.4.4.orig/src/drv_imap.c isync-1.4.4/src/drv_imap.c
--- isync-1.4.4.orig/src/drv_imap.c	2021-12-03 10:56:16.000000000 +0000
+++ isync-1.4.4/src/drv_imap.c	2022-11-07 21:57:49.646386142 +0000
@@ -2469,7 +2469,10 @@

 		cmd = new_imap_cmd( sizeof(*cmd) );
 		cmd->param.cont = do_sasl_auth;
-		imap_exec( ctx, cmd, done_sasl_auth, enc ? "AUTHENTICATE %s %s" : "AUTHENTICATE %s", gotmech, enc );
+		if (enc)
+			imap_exec( ctx, cmd, done_sasl_auth, "AUTHENTICATE %s %s", gotmech, enc );
+		else
+			imap_exec( ctx, cmd, done_sasl_auth, "AUTHENTICATE %s", gotmech );
 		free( enc );
 		return;
 	  notsasl:
diff -urN isync-1.4.4.orig/src/util.c isync-1.4.4/src/util.c
--- isync-1.4.4.orig/src/util.c	2021-12-03 10:56:16.000000000 +0000
+++ isync-1.4.4/src/util.c	2022-11-07 22:08:45.526920483 +0000
@@ -353,6 +353,7 @@
 	if (blen <= 0 || (uint)(ret = vsnprintf( buf, (size_t)blen, fmt, va )) >= (uint)blen)
 		oob();
 	va_end( va );
+	assert(ret >= 0);	/* XXX: paranoia */
 	return ret;
 }

@@ -368,6 +369,8 @@
 {
 	void *ret;

+	if (sz == 0)
+		return NULL;	/* XXX: avoid undefined behaviour */
 	if (!(ret = malloc( sz )))
 		oom();
 	return ret;
@@ -378,6 +381,8 @@
 {
 	void *ret;

+	if (sz == 0)
+		return NULL;	/* XXX: avoid undefined behaviour */
 	if (!(ret = calloc( sz, 1 )))
 		oom();
 	return ret;
@@ -388,6 +393,11 @@
 {
 	char *ret;

+	if (sz == 0) {		/* XXX: ape glibc behaviour */
+		if (mem)
+			free(mem);
+		return NULL;
+	}
 	if (!(ret = realloc( mem, sz )) && sz)
 		oom();
 	return ret;
---END---

-RVP