Bogofilter-0.92.0 segfaults on freebsd with `%I' in "header_format"

Clemens Fischer ino-qc at spotteswoode.dnsalias.org
Mon Jun 28 15:09:40 CEST 2004 

problem:  in bogofilter.cf use "header_format = %h: %c, tests=bogofilter,
spamicity=%p, IP=%I, version=%v" and watch bogofilter segfault.  the last
syscall completed is `sysctl([hw.floatingpoint], ...)':

'uname -rms'
FreeBSD 4.10-STABLE i386

'bogofilter -V'
bogofilter version 0.92.0
    Database: BerkeleyDB (4.2.52)
Copyright (C) 2002-2004 Eric S. Raymond,
David Relson, Matthias Andree, Greg Louis

(btw:  matthias, the ports you maintain are of exceptional quality and
thoroughness!)

,----
| /ports/mail/bogofilter
| 139 p1 # strace bogofilter -d /var/lib/bogofilter -c /var/lib/bogofilter/bogofilter.cf -v < Makefile
| execve("/usr/local/bin/bogofilter", ["bogofilter", "-d", "/var/lib/bogofilter", "-c", "/var/lib/bogofilter/bogofilter.c"..., "-v"], [/* 108 vars */]) = 0
| 
| ...
| 
| read(0, "", 8192)                       = 0
| break(0x80e9000)                        = 0
| break(0x80ea000)                        = 0
| break(0x80eb000)                        = 0
| __sysctl([hw.floatingpoint], 2, "\1\0\0\0", [4], NULL, 0) = 0
| --- SIGSEGV (Segmentation fault) ---
| --- SIGSEGV (Segmentation fault) ---
`----

valgrind has this to say:

SYSCALL[16225,1](  3) blocking:read ( 0, 0x3C344CF0, 8192 )
--16225-- sys_wait_results: got PX_RunSyscall for TID 1: syscall 3 result 0
SYSCALL[16225,1](202) blocking:__sysctl( 0x4FFFD9E0, 2, 0x3C1B5B40, 0x4FFFD9DC, 0x0, 0 )
--16225-- sys_wait_results: got PX_RunSyscall for TID 1: syscall 202 result 0
==16225== Invalid read of size 4
==16225==    at 0x804DB7E: (within /usr/local/bin/bogofilter)
==16225==    by 0x804DCE9: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E5A: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E78: (within /usr/local/bin/bogofilter)
==16225==  Address 0x4 is not stack'd, malloc'd or free'd
--16225-- signal 11 arrived ... si_code=12
--16225-- SIGSEGV: si_code=12 faultaddr=0x4 tid=1 esp=0x4FFFDA10 seg=NULL shad=0x50100000-0xAA100000
--16225-- delivering signal 11 (SIGSEGV) to thread 1
--16225-- delivering 11 to default handler terminate+core
==16225==
==16225== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==16225==    at 0x804DB7E: (within /usr/local/bin/bogofilter)
==16225==    by 0x804DCE9: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E5A: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E78: (within /usr/local/bin/bogofilter)
==16225==
==16225== FILE DESCRIPTORS: 4 open at exit.
==16225== Open file descriptor 3: /var/lib/bogofilter/wordlist.db
==16225==    at 0x3C2D22E0: (within /usr/lib/libc.so.4)
==16225==    by 0x3C246176: __os_open_extend_4002 (in /usr/local/lib/libdb-4.2.so.2)
==16225==    by 0x3C2406CF: __memp_fopen_4002 (in /usr/local/lib/libdb-4.2.so.2)
==16225==    by 0x3C20A19D: __db_dbenv_mpool (in /usr/local/lib/libdb-4.2.so.2)
==16225==
==16225== Open file descriptor 2:
==16225==    <inherited from parent>
==16225==
==16225== Open file descriptor 1:
==16225==    <inherited from parent>
==16225==
==16225== Open file descriptor 0:
==16225==    <inherited from parent>
==16225==
==16225==
==16225== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==16225==
==16225== 1 errors in context 1 of 1:
==16225== Invalid read of size 4
==16225==    at 0x804DB7E: (within /usr/local/bin/bogofilter)
==16225==    by 0x804DCE9: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E5A: (within /usr/local/bin/bogofilter)
==16225==    by 0x8050E78: (within /usr/local/bin/bogofilter)
==16225==  Address 0x4 is not stack'd, malloc'd or free'd
==16225== IN SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==16225==
==16225== malloc/free: in use at exit: 490841 bytes in 607 blocks.
==16225== malloc/free: 654 allocs, 47 frees, 500223 bytes allocated.
==16225==
==16225== searching for pointers to 607 not-freed blocks.
==16225== checked 13973116 bytes.
==16225==
==16225==
==16225== 40 bytes in 2 blocks are definitely lost in loss record 1 of 8
==16225==    at 0x3C0250C1: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==16225==    by 0x8054596: (within /usr/local/bin/bogofilter)
==16225==    by 0x80546C0: (within /usr/local/bin/bogofilter)
==16225==    by 0x804D425: (within /usr/local/bin/bogofilter)
==16225==
==16225==
...
==16225==
==16225== LEAK SUMMARY:
==16225==    definitely lost: 40 bytes in 2 blocks.
==16225==    possibly lost:   0 bytes in 0 blocks.
==16225==    still reachable: 490801 bytes in 605 blocks.
==16225==         suppressed: 0 bytes in 0 blocks.
--16225--     TT/TC: 0 tc sectors discarded.
--16225--            2495 chainings, 0 unchainings.
--16225-- translate: new     4662 (72175 -> 1055192; ratio 146:10)
--16225--            discard 0 (0 -> 0; ratio 0:10).
--16225--  dispatch: 505181 jumps (bb entries), of which 76873 (15%) were unchained.
--16225--            45/6096 major/minor sched events.  5062 tt_fast misses.
--16225-- reg-alloc: 610 t-req-spill, 191569+3271 orig+spill uis, 22372 total-reg-r.
--16225--    sanity: 46 cheap, 2 expensive checks.
--16225--    ccalls: 22422 C calls, 53% saves+restores avoided (71122 bytes)
--16225--            28906 args, avg 0.89 setup instrs each (6178 bytes)
--16225--            0% clear the stack (67266 bytes)
--16225--            7753 retvals, 33% of reg-reg movs avoided (4996 bytes)
Segmentation fault

changing "header_format" to:

  "header_format = %h: %c, tests=bogofilter, spamicity=%p, version=%v"

(anything without `%I') makes the segfault go away.

  clemens

More information about the Bogofilter mailing list