Problem with history - cant fgets after article

[Russ Allbery]

Thank you very much for this!  It was extremely helpful.

Steve Youngs <sryoungs at bigpond.net.au> writes:

> ==8015== Invalid write of size 4
> ==8015==    at 0x8074008: PYartfilter (python.c:122)
> ==8015==    by 0x805EF31: ARTpost (art.c:1873)
> ==8015==    by 0x8069BDE: NCpostit (nc.c:196)
> ==8015==    by 0x806BAC2: NCproc (nc.c:985)
> ==8015==  Address 0x42B81A70 is 0 bytes after a block of size 156 alloc'd
> ==8015==    at 0x40029D7B: malloc (vg_replace_malloc.c:160)
> ==8015==    by 0x80A9B54: x_malloc (xmalloc.c:74)
> ==8015==    by 0x807502A: PYsetup (python.c:680)
> ==8015==    by 0x80694F3: main (innd.c:654)

I bet this is our arena corruption right here.  PYheaditem was also being
used to store the body and the line count of the message, but was only
sized to hold all the headers, so we were writing two pointers past the
end of the array.  This has now been fixed in CVS.

> ==8015== Invalid read of size 1
> ==8015==    at 0x4002272A: strlen (mac_replace_strmem.c:162)
> ==8015==    by 0x80A1603: HashMessageID (hash.c:68)
> ==8015==    by 0x809DAA3: hisv6_write (hisv6.c:852)
> ==8015==    by 0x809BEF5: HISwrite (his.c:265)
> ==8015==  Address 0x0 is not stack'd, malloc'd or free'd

This looks like the INN 2.4.0 bug where articles without Message ID
headers would cause core dumps.  This *should* be fixed in INN 2.4.1, so
I'm not sure why you're seeing it.  Maybe it's somehow related to the
memory clobber?

Hm.  You're getting it in HISwrite rather than HISremember, though, so
that isn't quite the same bug.  There's no way that an article with a NULL
message ID should be able to get far enough to call HISwrite.

I'm hoping that this is just a bogon from the memory corruption and will
magically disappear once that's fixed.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.