[bug] bug in html_kill_comment (version 0.10.1)
Matt Armstrong
matt at lickey.com
Thu Jan 23 19:11:25 CET 2003
Reading html_kill_comment, it makes no guarantee that it always passes
at least 2 bytes of size to buff_fill. This can cause bogofilter to
abort. I changed the exit() in fgetsl to abort() and got this
backtrace.
#0 0x4010d781 in kill () from /lib/libc.so.6
#1 0x4010d464 in raise () from /lib/libc.so.6
#2 0x4010ebe1 in abort () from /lib/libc.so.6
#3 0x080570d4 in fgetsl (buf=0x80bdb77 "", max_size=1, s=0x401f9080) at fgetsl.c:24
#4 0x0804e25c in lgetsl (buf=0x80bdb77 "", size=1) at lexer.c:49
#5 0x0804e32e in yy_get_new_line (buf=0x80bdb77 "", max_size=1) at lexer.c:69
#6 0x0804e473 in get_decoded_line (buf=0x80bdb77 "", max_size=1) at lexer.c:112
#7 0x0804e6ca in buff_fill (need=1, buf=0x80bdb77 "", used=0, size=1) at lexer.c:178
#8 0x0804e139 in kill_html_comment (
buf_start=0x80bbb78 "\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<title>Untitled Document</title>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=euc-kr\">\n<link href=\"http://"..., buf_used=0x80bdb77 "",
buf_end=0x80bdb78 "") at html.c:57
#9 0x0804e0a6 in process_html_comments (
buf=0x80bbb78 "\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<title>Untitled Document</title>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=euc-kr\">\n<link href=\"http://"..., used=17, size=8192) at html.c:42
#10 0x0804e767 in yyinput (
buf=0x80bbb78 "\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<title>Untitled Document</title>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=euc-kr\">\n<link href=\"http://"..., max_size=8192) at lexer.c:200
#11 0x0805a107 in yy_get_next_buffer () at lexer_text_html.c:997
#12 0x08059dfa in text_html_lex () at lexer_text_html.c:831
#13 0x08051295 in get_token () at token.c:107
#14 0x0804c46d in collect_words (wh=0xbffff698, word_count=0xbffff690,
cont=0xbffff687 "\001\020") at collect.c:52
#15 0x080503e4 in register_messages (_run_type=REG_SPAM) at register.c:152
#16 0x08049bf0 in main (argc=3, argv=0xbffff844) at main.c:171
More information about the bogofilter-dev
mailing list