[bogofilter-dev] [bugreports@nn7.de: Bug#247434: bogofilter segfaults with Invalid buffer size, exiting.]
Matthias Andree
matthias.andree at gmx.de
Wed May 5 17:16:06 EDT 2004
Clint Adams schrieb am 2004-05-05:
> #2 0x4011c838 in abort () from /lib/libc.so.6
> #3 0x0804ddbe in xfgetsl (buf=0x832a1bf "\n", max_size=0, in=0x807cae0, no_nul_terminate=1) at fgetsl.c:32
Ah, one of my abort()-sentinels triggered. max_size=0 looks evil.
fgetsl.c:
21 int xfgetsl(char *buf, int max_size, FILE *in, int no_nul_terminate)
22 {
23 int c = 0;
24 char *cp = buf;
25 char *end = buf + max_size; /* Physical end of buffer */
26 char *fin = end - (no_nul_terminate ? 0 : 1); /* Last available byte */
27
28 if (cp >= fin) {
29 fprintf(stderr, "Invalid buffer size, exiting.\n");
30 abort();
31 }
> a patch that checks for this zero read condition fixes the
> "Invalid buffer size, exiting."
I think there is something wrong if that function tries a zero read, and
I wonder if covering the problem with such a patch as you suggest will
bring us another problem, of a potentially unterminated loop.
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95
More information about the Bogofilter-dev
mailing list