Bug#392793: segfault on amd64 systems

Fri, 13 Oct 2006 08:48:51 -0700 

Package: libspf2-2
Version: 1.2.5-3
The milter-greylist (linked with libspf2) segfaults every time on amd64 cpus. The attached gdb shows: 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1124096352 (LWP 5648)]
0x00002aaaab19d2a0 in memset () from /lib/libc.so.6

(gdb) bt
#0  0x00002aaaab19d2a0 in memset () from /lib/libc.so.6
#1  0x00002aaaaabcc5c2 in SPF_record_expand_data () from /usr/lib/libspf2.so.2
#2  0x00002aaaaabcccb7 in SPF_record_expand_data () from /usr/lib/libspf2.so.2
#3  0x00002aaaaabcceb6 in SPF_request_get_exp () from /usr/lib/libspf2.so.2
#4  0x00002aaaaabcdd6f in SPF_i_done () from /usr/lib/libspf2.so.2
#5  0x00002aaaaabcedf6 in SPF_record_interpret () from /usr/lib/libspf2.so.2
#6 0x00002aaaaabd1525 in SPF_request_is_loopback () from /usr/lib/libspf2.so.2 #7 0x00002aaaaabd15cf in SPF_request_query_mailfrom () from /usr/lib/libspf2.so.2 
#8  0x000000000040cb75 in ?? ()
#9  0x0000000000403208 in ?? ()
#10 0x00002aaaab02273d in st_sender (g=0x43005140) at engine.c:853
#11 0x00002aaaab021bbe in mi_engine (ctx=0x547f30) at engine.c:355
#12 0x00002aaaab023b1f in mi_handle_session (ctx=0x547f30) at handler.c:45
#13 0x00002aaaab0228d9 in mi_thread_handle_wrapper (arg=0x549e40) at listener.c:566 
#14 0x00002aaaaaf0d0fa in start_thread () from /lib/libpthread.so.0
#15 0x00002aaaab1f2ce2 in clone () from /lib/libc.so.6
#16 0x0000000000000000 in ?? ()
(gdb)

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) 
||/ Name           Version        Description
+++-==============-==============-============================================
ii  libspf2-2      1.2.5-3        Sender Policy Framework library, written in
Carsten Koch-Mauthe found the same error and debugged the situation, see the mailinglist article: 

http://permalink.gmane.org/gmane.mail.spam.spf.devel/709
I created a patch, based on this analyses, but also change len from int to size_t: 

--- src/libspf2/spf_interpret.c.orig    2006-10-13 16:47:29.000000000 +0200
+++ src/libspf2/spf_interpret.c 2006-10-13 16:48:16.000000000 +0200
@@ -49,8 +49,8 @@
        SPF_record_t    *spf_record;
        SPF_errcode_t    err;
        char                    *buf;
-       int                              buflen;
-       int                              len;
+       size_t                   buflen;
+       size_t                   len;

        SPF_ASSERT_NOTNULL(spf_response);
        spf_request = spf_response->spf_request;

With this patch, the milter-greylist doesn't segfaults.

Regards
Herbert Straub

Reply via email to