Bogofilter-0.92.0 segfaults on freebsd with `%I' in "header_format"
Matthias Andree
matthias.andree at gmx.de
Mon Jun 28 21:49:56 CEST 2004
Clemens Fischer <ino-qc at spotteswoode.dnsalias.org> writes:
> problem: in bogofilter.cf use "header_format = %h: %c, tests=bogofilter,
> spamicity=%p, IP=%I, version=%v" and watch bogofilter segfault. the last
> syscall completed is `sysctl([hw.floatingpoint], ...)':
Makefile doesn't have received headers, hence the IPADDR is (void *)0
and dereferencing it the process goes boom.
> (btw: matthias, the ports you maintain are of exceptional quality and
> thoroughness!)
Thank you for the compliment.
> ==16225== Invalid read of size 4
> ==16225== at 0x804DB7E: (within /usr/local/bin/bogofilter)
> ==16225== by 0x804DCE9: (within /usr/local/bin/bogofilter)
> ==16225== by 0x8050E5A: (within /usr/local/bin/bogofilter)
> ==16225== by 0x8050E78: (within /usr/local/bin/bogofilter)
> ==16225== Address 0x4 is not stack'd, malloc'd or free'd
> --16225-- signal 11 arrived ... si_code=12
> --16225-- SIGSEGV: si_code=12 faultaddr=0x4 tid=1 esp=0x4FFFDA10 seg=NULL shad=0x50100000-0xAA100000
> --16225-- delivering signal 11 (SIGSEGV) to thread 1
> --16225-- delivering 11 to default handler terminate+core
Unfortunately, the port does not contain debug information.
But OTOH I was lucky that the problem reproduced on Linux, so
here's the fix. Quite similar to David's only that he was in a hurry and
didn't see that it was ipaddr (not ipaddr->text) that was NULL.
The hint is that valgrind reports "Invalid read of size 4 ... Address
0x4" - this is a hint it's not a bare pointer but something from a
struct that is itself a pointer that is read.
Index: src/format.c
===================================================================
RCS file: /cvsroot/bogofilter/bogofilter/src/format.c,v
retrieving revision 1.37
diff -u -r1.37 format.c
--- src/format.c 14 Jun 2004 23:45:44 -0000 1.37
+++ src/format.c 28 Jun 2004 19:45:17 -0000
@@ -357,7 +357,7 @@
buff += format_string(buff, spam_header_name, 0, prec, flags, end);
break;
case 'I': /* I - received IP address */
- buff += format_string(buff, ipaddr->text, 0, prec, flags, end);
+ buff += format_string(buff, ipaddr ? (const char *)ipaddr->text : "UNKNOWN", 0, prec, flags, end);
break;
case 'l': /* l - logging tag */
buff += format_string(buff, logtag, 0, prec, flags, end);
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95
More information about the Bogofilter
mailing list