Bogofilter-0.92.0 segfaults on freebsd with `%I' in "header_format"

Matthias Andree matthias.andree at gmx.de
Mon Jun 28 21:49:56 CEST 2004 

Clemens Fischer <ino-qc at spotteswoode.dnsalias.org> writes:

> problem:  in bogofilter.cf use "header_format = %h: %c, tests=bogofilter,
> spamicity=%p, IP=%I, version=%v" and watch bogofilter segfault.  the last
> syscall completed is `sysctl([hw.floatingpoint], ...)':

Makefile doesn't have received headers, hence the IPADDR is (void *)0
and dereferencing it the process goes boom.

> (btw:  matthias, the ports you maintain are of exceptional quality and
> thoroughness!)

Thank you for the compliment.

> ==16225== Invalid read of size 4
> ==16225==    at 0x804DB7E: (within /usr/local/bin/bogofilter)
> ==16225==    by 0x804DCE9: (within /usr/local/bin/bogofilter)
> ==16225==    by 0x8050E5A: (within /usr/local/bin/bogofilter)
> ==16225==    by 0x8050E78: (within /usr/local/bin/bogofilter)
> ==16225==  Address 0x4 is not stack'd, malloc'd or free'd
> --16225-- signal 11 arrived ... si_code=12
> --16225-- SIGSEGV: si_code=12 faultaddr=0x4 tid=1 esp=0x4FFFDA10 seg=NULL shad=0x50100000-0xAA100000
> --16225-- delivering signal 11 (SIGSEGV) to thread 1
> --16225-- delivering 11 to default handler terminate+core

Unfortunately, the port does not contain debug information.
But OTOH I was lucky that the problem reproduced on Linux, so
here's the fix. Quite similar to David's only that he was in a hurry and
didn't see that it was ipaddr (not ipaddr->text) that was NULL.

The hint is that valgrind reports "Invalid read of size 4 ... Address
0x4" - this is a hint it's not a bare pointer but something from a
struct that is itself a pointer that is read.

Index: src/format.c
===================================================================
RCS file: /cvsroot/bogofilter/bogofilter/src/format.c,v
retrieving revision 1.37
diff -u -r1.37 format.c
--- src/format.c	14 Jun 2004 23:45:44 -0000	1.37
+++ src/format.c	28 Jun 2004 19:45:17 -0000
@@ -357,7 +357,7 @@
 		buff += format_string(buff, spam_header_name, 0, prec, flags, end);
 		break;
 	    case 'I':		/* I - received IP address */
-		buff += format_string(buff, ipaddr->text, 0, prec, flags, end);
+		buff += format_string(buff, ipaddr ? (const char *)ipaddr->text : "UNKNOWN", 0, prec, flags, end);
 		break;
 	    case 'l':		/* l - logging tag */
 		buff += format_string(buff, logtag, 0, prec, flags, end);


-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95

More information about the Bogofilter mailing list