segfault on rfc2047-like subject
Matthias Andree
matthias.andree at gmx.de
Fri Oct 8 23:07:25 CEST 2004
Clint Adams <schizo at debian.org> writes:
> The following message causes 0.92.7 to segfault. I'd try with current
> CVS, but it won't compile.
Confirmed for CVS (which has just passed "make distcheck" - what is your
difficulty with compiling from CVS? Have you run "autoreconf -i -s -f"
as mentioned in README.cvs? If so, please add a bug report, if possible,
with config.log attached as text/plain attachment.
David, I'm on the bug.
FYI:
valgrind reports an invalid write of size 1, and GDB output concurs,
showing bogus data in n.leng, not yet sure about its provenience.
(gdb) run <nukeme
[...]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1074928288 (LWP 11033)]
text_decode (w=0x0) at ../../src/lexer.c:307
307 n.text[n.leng] = (byte) '\0';
(gdb) info locals
n = {leng = 4160070587,
text = 0x80a5c45 "=5BBroken=5DBlah=20Foo=E4=20Bar=20Blah"}
tmp = (byte *) 0x80a5c45 "=5BBroken=5DBlah=20Foo=E4=20Bar=20Blah"
len = 4160070587
copy = 66
beg = (
byte *) 0x80a5c36 "=?ISO-8859-1?Q?=5BBroken=5DBlah=20Foo=E4=20Bar=20Blah"
fin = (byte *) 0x80a5c7b ""
txt = (byte *) 0x80a5c45 "=5BBroken=5DBlah=20Foo=E4=20Bar=20Blah"
size = 0
(gdb) l
302 uint len = end - tmp;
303 bool copy;
304
305 n.text = tmp; /* Start of encoded word */
306 n.leng = len; /* Length of encoded word */
307 n.text[n.leng] = (byte) '\0';
308
309 if (DEBUG_LEXER(2)) {
310 fputs("*** ", dbgout);
311 word_puts(&n, 0, dbgout);
I'm on it.
--
Matthias Andree
NOTE YOU WILL NOT RECEIVE MY MAIL IF YOU'RE USING SPF!
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
More information about the bogofilter-dev
mailing list