art.c:595 in inn-CURRENT-20040223

Joe St Sauver JOE at OREGON.UOREGON.EDU
Mon Feb 23 19:53:07 UTC 2004 

Hi,

I'm seeing a pretty consistent SIGSEGV in inn-CURRENT-20040223 at art.c:595

Sample gdb output follows for a few examples.

Regards,

Joe

Program received signal SIGSEGV, Segmentation fault.
0x0806977e in MaxLength (
    p=0x554532a8 "es.binarios.miscX-No-Archive: yes\r\nLines: 1540\r\nMessage-ID: <aTr_b.3580870$uj6.10370339 at telenews.teleline.es>\r\nDate: Mon, 23 Feb 2004 18:45:26 GMT\r\nNNTP-Posting-Host: 10.20.31.4\r\nX-Complaints-To: usen"..., 
    q=0x0) at util.c:58
58          i = strlen(p);
(gdb) where
#0  0x0806977e in MaxLength (
    p=0x554532a8 "es.binarios.miscX-No-Archive: yes\r\nLines: 1540\r\nMessage-ID: <aTr_b.3580870$uj6.10370339 at telenews.teleline.es>\r\nDate: Mon, 23 Feb 2004 18:45:26 GMT\r\nNNTP-Posting-Host: 10.20.31.4\r\nX-Complaints-To: usen"..., 
    q=0x0) at util.c:58
#1  0x080520ba in ARTparseheader (cp=0x401d6f08, size=0) at art.c:595
#2  0x08052aea in ARTparse (cp=0x401d6f08) at art.c:813
#3  0x0805de5f in NCproc (cp=0x401d6f08) at nc.c:886
#4  0x0805a4ae in CHANreadloop () at chan.c:1062
#5  0x0805c1e3 in main (ac=134966968, av=0x81199d8) at innd.c:672
#6  0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6

----------

Program received signal SIGSEGV, Segmentation fault.
0x0806977e in MaxLength (
    p=0x554975aa "X-Newsposter: NNTP POWER-POST 2000 (Build 24c) - net-toys.8k.com\r\nX-No-Archive: yes\r\nDate: 23 Feb 2004 18:47:27 GMT\r\nLines: 810\r\nMessage-ID: <403a4ab9$0$68969$a8266bb1 at news.titannews.com>\r\nOrganizatio"..., 
    q=0x0) at util.c:58
58          i = strlen(p);
(gdb) where  
#0  0x0806977e in MaxLength (
    p=0x554975aa "X-Newsposter: NNTP POWER-POST 2000 (Build 24c) - net-toys.8k.com\r\nX-No-Archive: yes\r\nDate: 23 Feb 2004 18:47:27 GMT\r\nLines: 810\r\nMessage-ID: <403a4ab9$0$68969$a8266bb1 at news.titannews.com>\r\nOrganizatio"..., 
    q=0x0) at util.c:58
#1  0x080520ba in ARTparseheader (cp=0x401d5a68, size=0) at art.c:595
#2  0x08052aea in ARTparse (cp=0x401d5a68) at art.c:813
#3  0x0805de5f in NCproc (cp=0x401d5a68) at nc.c:886
#4  0x0805a4ae in CHANreadloop () at chan.c:1062
#5  0x0805c1e3 in main (ac=134966968, av=0x81199d8) at innd.c:672
#6  0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6

----------

Program received signal SIGSEGV, Segmentation fault.
0x0806977e in MaxLength (
    p=0x55545008 "Path: elvis.franken.de!chico.franken.de!news.franken.de!newsmi-eu.news.garr.it!NewsITBone-GARR!irazu.switch.ch!switch.ch!tiscali!newsfeed1.ip.tiscali.net!news.tele.dk!bofh.vszbr.cz!news.radio.cz!194.1"..., q=0x0)
    at util.c:58
58          i = strlen(p);
(gdb) where
#0  0x0806977e in MaxLength (
    p=0x55545008 "Path: elvis.franken.de!chico.franken.de!news.franken.de!newsmi-eu.news.garr.it!NewsITBone-GARR!irazu.switch.ch!switch.ch!tiscali!newsfeed1.ip.tiscali.net!news.tele.dk!bofh.vszbr.cz!news.radio.cz!194.1"..., q=0x0)
    at util.c:58
#1  0x080520ba in ARTparseheader (cp=0x401d45c8, size=0) at art.c:595
#2  0x08052aea in ARTparse (cp=0x401d45c8) at art.c:813
#3  0x0805de5f in NCproc (cp=0x401d45c8) at nc.c:886
#4  0x0805a4ae in CHANreadloop () at chan.c:1062
#5  0x0805c1e3 in main (ac=134966968, av=0x81199d8) at innd.c:672
#6  0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6

-----------

Program received signal SIGSEGV, Segmentation fault.
0x0806977e in MaxLength (
    p=0x55479342 "X-Trace: sv3-9uUaXJbCGcuhkE8gBn7oMREOH3qcPBXggYQUV6UYw+JQwYiloy03sp5iNd/VpjJm9r3A3P8+8gMkhFB!UvAbuc7kT/6OV3wnZ7UimZvoZMcX28FiS0QCWiA6XZ69ce+1Kr8X3zg3P+Vv\r\nX-Complaints-To: abuse at giganews.com\r\nX-DMCA-N"..., q=0x0)
    at util.c:58
58          i = strlen(p);
(gdb) where
#0  0x0806977e in MaxLength (
    p=0x55479342 "X-Trace: sv3-9uUaXJbCGcuhkE8gBn7oMREOH3qcPBXggYQUV6UYw+JQwYiloy03sp5iNd/VpjJm9r3A3P8+8gMkhFB!UvAbuc7kT/6OV3wnZ7UimZvoZMcX28FiS0QCWiA6XZ69ce+1Kr8X3zg3P+Vv\r\nX-Complaints-To: abuse at giganews.com\r\nX-DMCA-N"..., q=0x0)
    at util.c:58
#1  0x080520ba in ARTparseheader (cp=0x401d2a48, size=0) at art.c:595
#2  0x08052aea in ARTparse (cp=0x401d2a48) at art.c:813
#3  0x0805de5f in NCproc (cp=0x401d2a48) at nc.c:886
#4  0x0805a4ae in CHANreadloop () at chan.c:1062
#5  0x0805c1e3 in main (ac=134966968, av=0x81199d8) at innd.c:672
#6  0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6

----------

art.c:595 looks like the snprintf in...

/*
**  Parse a header that starts at header.  size includes trailing "\r\n"
*/
static void
ARTparseheader(CHANNEL *cp, int size)
{
  ARTDATA       *data = &cp->Data;
  char          *header = cp->In.data + data->CurHeader;
  HDRCONTENT    *hc = cp->Data.HdrContent;
  TREE          *tp;
  const ARTHEADER *hp;
  char          c, *p, *colon;
  int           i;

  /* Find first colon */
  if ((colon = memchr(header, ':', size)) == NULL || !ISWHITE(colon[1])) {
    if ((p = memchr(header, '\r', size)) != NULL)
      *p = '\0';
    snprintf(cp->Error, sizeof(cp->Error),
             "%d No colon-space in \"%s\" header",
             NNTP_REJECTIT_VAL, MaxLength(header, header));
    if (p != NULL)
      *p = '\r';
    return;
  }

More information about the inn-workers mailing list