0005868: SOGO Activesync crashes on initial sync if there are subfolders totalling >4GB when SOGoMaximumSyncResponseSize isn't set - SOGo | BTS

ID	Project	Category	View Status	Date Submitted	Last Update

0005868	SOGo	ActiveSync	public	2023-09-15 16:16	2023-09-15 16:16

Reporter	leecher	Assigned To
Priority	low	Severity	tweak	Reproducibility	always
Status	new	Resolution	open
Platform	[Client] Microsoft	OS	Windows	OS Version	7
Product Version	5.8.4

Summary	0005868: SOGO Activesync crashes on initial sync if there are subfolders totalling >4GB when SOGoMaximumSyncResponseSize isn't set
Description	I have a user mailbox which is around 24GB. This mailbox is sorted into various folders and subfolders and has all of its sorted mail under INBOX. (whereas the normal folders like Darafts, Trash, etc. are in the root folder). So it's something like: INBOX.FolderA.FolderA1.FolderA11 INBOX.FolderA.FolderA1.FolderA12 ... INBOX.FolderB.FolderB1.FolderB11 INBOX.FolderB.FolderB1.FolderB12 ... FolderA + FolderB are in total around 20GB with all subfolders that they contain. Due to amount of mail that needs to be synced upon initial sync of an EAS mailbox, sogo-activesync crashes on initial sync (i.e. with Outlook Mail client) when SOGoMaximumSyncResponseSize isn't set and therefore seems to be "unlimited" (my guess is that Outlook doesn't propose a value for it so it stays at 0, but I have no idea about EAS protocol): #0 memcpy_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:769 0000001 0x00007f404b9e4798 in memcpy (len=2675045, src=<optimized out>, dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29 0000002 -[GSMutableString replaceCharactersInRange:withString:] (self=0x55d6fd624560, _cmd=<optimized out>, aRange=..., aString=0x55d77e12bc90) at ./Source/GSString.m:5228 0000003 0x00007f404734c43a in -[SOGoActiveSyncDispatcher(Sync) processSyncCollection:inBuffer:changeDetected:maxSyncResponseSize:] (self=0x55d6e17fb270, _cmd=0x7f404737a130 <_OBJC_SELECTOR_TABLE+2640>, theDocumentElement=0x55d6e177bc70, theBuffer=0x55d6fd624560, changeDetected=0x7ffde5ed1abf "\001`\033\355\345\375\177", theMaxSyncResponseSize=0) at SOGoActiveSyncDispatcher+Sync.m:2438 0000004 0x00007f404734cefe in -[SOGoActiveSyncDispatcher(Sync) processSync:inResponse:] (self=0x55d6e17fb270, _cmd=0x55d6e13fd450, theDocumentElement=0x55d6e0fdfe10, theResponse=0x55d6e13e4500) at SOGoActiveSyncDispatcher+Sync.m:2662 0000005 0x00007f404733c013 in -[SOGoActiveSyncDispatcher dispatchRequest:inResponse:context:] (self=0x55d6e17fb270, _cmd=0x7f40473cfd20 <_OBJC_SELECTOR_TABLE+128>, theRequest=0x55d6e1bd40d0, theResponse=0x55d6e13e4500, theContext=0x55d6e114e270) at SOGoActiveSyncDispatcher.m:4442 0000006 0x00007f40473c5c2a in -[SOGoMicrosoftActiveSyncActions microsoftServerActiveSyncAction] (self=0x55d6e1814af0, _cmd=0x55d6e13fd470) at SOGoMicrosoftActiveSyncActions.m:59 0000007 0x00007f404c34b295 in -[WODirectAction performActionNamed:] (self=0x55d6e1814af0, _cmd=0x7f404c522ca0 <_OBJC_SELECTOR_TABLE+928>, _actionName=0x55d6e0f5b220) at WODirectAction.m:97 0000008 0x00007f404c3e51a6 in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x55d6e17ec500, _cmd=0x7f404c522cd0 <_OBJC_SELECTOR_TABLE+976>, _client=0x55d6e12968d0, _positionalArgs=0x0, _ctx=0x55d6e114e270) at SoActionInvocation.m:300 0000009 0x00007f404c3e52ef in -[SoActionInvocation callOnObject:inContext:] (self=0x55d6e17ec500, _cmd=0x7f404c51c9a0 <_OBJC_SELECTOR_TABLE+672>, _client=0x55d6e12968d0, _ctx=0x55d6e114e270) at SoActionInvocation.m:318 0000010 0x00007f404c3df069 in -[SoObjectMethodDispatcher dispatchInContext:] (self=0x55d6e180e3e0, _cmd=0x7f404c51ee40 <_OBJC_SELECTOR_TABLE+1536>, _ctx=0x55d6e114e270) at SoObjectMethodDispatcher.m:192 0000011 0x00007f404c3e1804 in -[SoObjectRequestHandler handleRequest:inContext:session:application:] (self=0x55d6e12ab850, _cmd=0x7f404c4a8c10 <_OBJC_SELECTOR_TABLE+848>, _rq=0x55d6e1bd40d0, _ctx=0x55d6e114e270, _sn=0x0, app=0x55d6e12968d0) at SoObjectRequestHandler.m:584 0000012 0x00007f404c35e716 in -[WORequestHandler handleRequest:] (self=0x55d6e12ab850, _cmd=0x7f404c471190 <_OBJC_SELECTOR_TABLE+1616>, _request=0x55d6e1bd40d0) at WORequestHandler.m:240 0000013 0x00007f404c3198d6 in -[WOCoreApplication dispatchRequest:usingHandler:] (self=0x55d6e12968d0, _cmd=0x7f404c4711e0 <_OBJC_SELECTOR_TABLE+1696>, _request=0x55d6e1bd40d0, handler=0x55d6e12ab850) at WOCoreApplication.m:712 0000014 0x00007f404c319c41 in -[WOCoreApplication dispatchRequest:] (self=0x55d6e12968d0, _cmd=0x55d6e01ea6a0 <_OBJC_SELECTOR_TABLE+1664>, _request=0x55d6e1bd40d0) at WOCoreApplication.m:752 0000015 0x000055d6e01e08fc in -[SOGo dispatchRequest:] (self=0x55d6e12968d0, _cmd=0x7f404c50ed00 <_OBJC_SELECTOR_TABLE+1760>, _request=0x55d6e1bd40d0) at SOGo.m:584 0000016 0x00007f404c3ce226 in -[WOHttpTransaction _run] (self=0x55d6e0fc2860, _cmd=0x7f404c50ed30 <_OBJC_SELECTOR_TABLE+1808>) at WOHttpTransaction.m:566 0000017 0x00007f404c3ce5ec in -[WOHttpTransaction run] (self=0x55d6e0fc2860, _cmd=0x7f404c50b250 <_OBJC_SELECTOR_TABLE+1168>) at WOHttpTransaction.m:619 0000018 0x00007f404c3c9cd3 in -[WOHttpAdaptor runConnection:] (self=0x55d6e1383270, _cmd=0x7f404c50b2f0 <_OBJC_SELECTOR_TABLE+1328>, _socket=0x55d6e118bec0) at WOHttpAdaptor.m:373 0000019 0x00007f404c3c9f2a in -[WOHttpAdaptor _handleAcceptedConnection:] (self=0x55d6e1383270, _cmd=0x7f404c50b300 <_OBJC_SELECTOR_TABLE+1344>, _connection=0x55d6e118bec0) at WOHttpAdaptor.m:407 0000020 0x00007f404c3ca3a3 in -[WOHttpAdaptor _handleConnection:] (self=0x55d6e1383270, _cmd=0x7f404c50b3a0 <_OBJC_SELECTOR_TABLE+1504>, connection=0x55d6e118bec0) at WOHttpAdaptor.m:466 0000021 0x00007f404c3ca6c1 in -[WOHttpAdaptor acceptControlMessage:] (self=0x55d6e1383270, _cmd=0x7f404c50b0f0 <_OBJC_SELECTOR_TABLE+816>, aNotification=0x55d6e167cfa0) at WOHttpAdaptor.m:505 0000022 0x00007f404bac6ccb in -[NSNotificationCenter _postAndRelease:] (self=0x55d6e0fb6c20, _cmd=<optimized out>, notification=0x55d6e167cfa0) at ./Source/NSNotificationCenter.m:1198 0000023 0x00007f404c01cc6e in -[NSObject(FileObjectWatcher) receivedEvent:type:extra:forMode:] (self=0x55d6e1386100, _cmd=0x7f404be8fa30 <_OBJC_SELECTOR_TABLE+304>, _fdData=0x2c, _type=ET_RDESC, _extra=0x2c, _mode=0x7f404be0a210 <_OBJC_INSTANCE_2>) at NSRunLoop+FileObjects.m:58 0000024 0x00007f404bbddeb6 in -[GSRunLoopCtxt pollUntil:within:] (self=<optimized out>, _cmd=0x7f404be093e0 <_OBJC_SELECTOR_TABLE+1184>, milliseconds=<optimized out>, contexts=0x55d6e1278f60) at ./Source/unix/GSRunLoopCtxt.m:600 0000025 0x00007f404bb11674 in -[NSRunLoop acceptInputForMode:beforeDate:] (self=0x55d6e118f580, _cmd=0x7f404be09410 <_OBJC_SELECTOR_TABLE+1232>, mode=0x7f404be0a210 <_OBJC_INSTANCE_2>, limit_date=0x55d6e13aa6e0) at ./Source/NSRunLoop.m:1254 0000026 0x00007f404bb11340 in -[NSRunLoop runMode:beforeDate:] (self=<optimized out>, _cmd=<optimized out>, mode=0x7f404be0a210 <_OBJC_INSTANCE_2>, date=<optimized out>) at ./Source/NSRunLoop.m:1334 0000027 0x00007f404c319045 in -[WOCoreApplication run] (self=0x55d6e12968d0, _cmd=0x55d6e01ea400 <_OBJC_SELECTOR_TABLE+992>) at WOCoreApplication.m:584 0000028 0x000055d6e01df945 in -[SOGo run] (self=0x55d6e12968d0, _cmd=0x7f404c4b1630 <_OBJC_SELECTOR_TABLE+624>) at SOGo.m:337 0000029 0x00007f404c3686bb in -[WOWatchDog _runChildWithControlSocket:] (self=0x55d6e11b40c0, _cmd=0x7f404c4b16d0 <_OBJC_SELECTOR_TABLE+784>, controlSocket=0x55d6e1386100) at WOWatchDogApplicationMain.m:523 0000030 0x00007f404c368bc4 in -[WOWatchDog _spawnChild:] (self=0x55d6e11b40c0, _cmd=0x7f404c4b17a0 <_OBJC_SELECTOR_TABLE+992>, child=0x55d6e12b3fc0) at WOWatchDogApplicationMain.m:600 0000031 0x00007f404c369377 in -[WOWatchDog _ensureChildren] (self=0x55d6e11b40c0, _cmd=0x7f404c4b1960 <_OBJC_SELECTOR_TABLE+1440>) at WOWatchDogApplicationMain.m:690 0000032 0x00007f404c36a5a0 in -[WOWatchDog run:argc:argv:] (self=0x55d6e11b40c0, _cmd=0x7f404c4b1a70 <_OBJC_SELECTOR_TABLE+1712>, newAppName=0x55d6e01e81a0 <_OBJC_INSTANCE_3.1>, newArgC=7, newArgV=0x7ffde5ed4c58) at WOWatchDogApplicationMain.m:942 0000033 0x00007f404c36adca in WOWatchDogApplicationMain (appName=0x55d6e01e81a0 <_OBJC_INSTANCE_3.1>, argc=7, argv=0x7ffde5ed4c58) at WOWatchDogApplicationMain.m:1051 0000034 0x000055d6e01de329 in main (argc=7, argv=0x7ffde5ed4c58, env=0x7ffde5ed4c98) at sogod.m:51 It turns out that this is most likely due to the fact that an NSMutableString memory buffer seems to be limited to 32bit (4GB) and appending all the stuff of the inbox seems to overflow it: (gdb) frame 2 0000002 -[GSMutableString replaceCharactersInRange:withString:] (self=0x55d6fd624560, _cmd=<optimized out>, aRange=..., aString=0x55d77e12bc90) at ./Source/GSString.m:5228 5228 in ./Source/GSString.m (gdb) print aRange $7 = {location = 4292575740, length = 0} Context: [theBuffer appendString: changeBuffer]; -> -(void)appendString:(NSString *)string { NSRange range={[self length],0}; [self replaceCharactersInRange:range withString:string]; } theBuffer contains the first mail of the INBOX on its start and changeBuffer contains the current mail. When adding size of changeBuffer to location above, it exceeds 0xFFFFFFFF, which in my opinion is the cause for the crash. So maybe it is a good idea to set a sane upper limit on the SOGoMaximumSyncResponseSize when not configured to at least prevent a crash from happening, even though it can be seen as misconfiguration by the user to not set it at all in config.
Steps To Reproduce	Create a Folder with subfolders containing mail totalling >4GB, do not set SOGoMaximumSyncResponseSize in config and let Outlook Sync, wait approx 5 Minutes until it overflows.
Tags	active sync

Date Modified	Username	Field	Change
2023-09-15 16:16	leecher	New Issue
2023-09-15 16:16	leecher	Tag Attached: active sync