Re: core dump in 2.0b2

From: <>
Date: Fri, 26 Jun 1998 11:48:51 +0300 (IDT)
Message-ID: <13715.23792.361783.778191_at_Rhodos> writes:
>I decided to upgrade to the 2.0b2 version of hypermail, and thus re-lived a
>bug that I used to have in 1.0b2 version. I can't remember how I got around
>it then.
>When processing a mailbox larger than some certain size (actually, its a
>mailing list) I get a core dump during loadheader() function (parse.c).
>There are several strings defined at the top of this function, some with
>length MAXLINE, ... so on a whim I decided to bump these values in
>hypermail.h. Here is the diff with the original:

This is good example of how nice C and arrays can be... :-(

I think you have header information which is longer than the maximum string lengths (like MSGDSTRLEN). If this happens, there will be a null termination in position MSGDSTRLEN (which in C is an error, since arrays are indexed 0 - LEN-1).

An example from parse.c, function getid line 419:

- %< ----------------------------------------------------------------
    for (i = 0; *c && *c != '>' && *c != '\n' && i < MSGDSTRLEN; c++) {
        if (*c == '\\')
        msgid[i++] = *c;


    msgid[i] = '\0';

- %< ----------------------------------------------------------------

If the header-id is longer than MSGDSTRLEN, the loop is terminated because i = MSGDSTRLEN; then an assigment msgid[MSGDSTRLEN] = '\0' is run. This breaks the code.
There are many more examples of this kind of string processing loops in the code (I think *all* the getXXX functions are written in the same way).
The loop could be written as "...&& i < (MSGDSTRLEN-1); c++) {" or the assignment could check for overflow - perhaps that is a better (faster) solution?

Hm. I remember clearly sending a bug report about this parsing a couple of times earlier.

 Human-Computer Interaction
 Uppsala University, SWEDEN         

 +46 (0)18 471 28 28 (voice)
 +46 (0)18 471 78 11 (fax) Received on Mon 29 Jun 1998 04:50:20 PM GMT

This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:11 AM GMT GMT