bogofilter crashes on token ' id '

[David Relson]

On Mon, 6 Nov 2006 22:47:17 +0100
Torsten Veller wrote:

> * David Relson <relson at osagesoftware.com>:
> > David Relson wrote:
> > > Torsten Veller wrote:
> > > > can you please have a look at http://bugs.gentoo.org/153939 ?
> > > > Do you need more infomation?
> > > 
> > > I've looked at the gentoo bug report and your patch.  The patch
> > > seems reasonable, but I want to better understand the problem....
> > > 
> > > You seem to be reporting a token with embedded spaces which is
> > > very odd.  Can you send me (off-line) a message that causes a
> > > crash, the command line used to invoke bogofilter, a copy of your
> > > bogofilter.cf, and info on your environment (notably your locale
> > > and cpu type).  Given the location of your bug report, I can
> > > deduce the distro you're running.
> 
> I don't see the segfault on my x86. But if i try it on an AMD64
> (x86_64) bogofilter segfaults.
> 
> Four mails in a mbox are attached to the bugreport above.
> The id in the test messages looks like "id (7:R)0-B*1K(,-=Z".
> So ID ("<?[[:alnum:]\-\.]*>?") is empty?
> 
> > I've reproduced the problem by splitting "id <identification>"
> > across two lines.  The parser expects a single space in the middle
> > of the QUEUE_ID. My fix is to allow spaces and newlines.
> 
> It still segfaults.

Hi Torsten,

Interesting!  With your msg, the QUEUE_ID is " id " which results in
leng==0 and an invalid array reference in token[len-1].  It seems to be
that the AMD64 notices this mistake while 32 bit processors (such as my
AMD XP) don't.

I had considered including the "+" in the definition of the ID but it
didn't seem necessary.  As it _does_ seem appropriate, I'll put that in.

The next step is further research regarding valid characters for queue
ids.  Do you, perchance, have any good links on the subject?

Regards,

David

P.S. Your patch has been included in lexer_v3.l and has been committed
to CVS.