Strange INN-current crash.

Wed Apr 1 19:55:27 UTC 2009

On Wed, 1 Apr 2009, Julien LIE wrote:

JL> Hi Petr,
JL> 
JL> > Distribution:
JL> > After "Distribution:" I put 3 space and press enter.
JL> 
JL> Program received signal SIGSEGV, Segmentation fault.
JL> [Switching to Thread -1211054400 (LWP 29533)]
JL> 0x08071611 in MaxLength (p=0x0, q=0x0) at util.c:58
JL> 58          i = strlen(p);
JL> (gdb) bt
JL> #0  0x08071611 in MaxLength (p=0x0, q=0x0) at util.c:58
JL> #1  0x08053a9a in ARTpost (cp=0xb6fb2d00) at art.c:2108
JL> #2  0x080614f8 in NCreader (cp=0xb6fb2d00) at nc.c:227
JL> #3  0x0805be4f in CHANreadloop () at chan.c:1021
JL> #4  0x0805e806 in main (ac=Cannot access memory at address 0xffffffff
JL> ) at innd.c:718
JL> 
JL> 
JL> That's what I get.  Here, I have p=q (whereas you had a different
JL> thing).  Well, never mind.  There is a bug in INN and I now understand
JL> why you kept saying the unwanted distribution was never logged!

If "Distribution:" header comes AFTER Message-ID header, it is logged, in 
my cases (if I have no other empty headers).

JL> 
JL>       ARTparsedist(HDR(HDR__DISTRIBUTION), HDR_LEN(HDR__DISTRIBUTION),
JL>         &data->Distribution);
JL> 
JL>       if (ME.Distributions &&
JL>         !DISTwantany(ME.Distributions, data->Distribution.List)) {
JL>         snprintf(cp->Error, sizeof(cp->Error),
JL>                  "%d Unwanted distribution \"%s\"",
JL>                  ihave ? NNTP_FAIL_IHAVE_REJECT : NNTP_FAIL_TAKETHIS_REJECT,
JL>                  MaxLength(data->Distribution.List[0],
JL>                            data->Distribution.List[0]));
JL> 
JL> 
JL> (gdb) print data->Distribution
JL> $14 = {Data = 0x832c990 "", DataLength = 2, List = 0x832ca90, ListLength =
JL> 64}
JL> (gdb) print data->Distribution.List
JL> $15 = (char **) 0x832ca90
JL> (gdb) print *data->Distribution.List
JL> $16 = 0x0
JL> 
JL> It is never assigned in ARTparsedist().
JL> 
JL> I would suggest:
JL> 
JL> Index: art.c
JL> ===================================================================
JL> --- art.c       (rvision 8389)
JL> +++ art.c       (copie de travail)
JL> @@ -2108,6 +2108,7 @@
JL>         snprintf(cp->Error, sizeof(cp->Error),
JL>                   "%d Unwanted distribution \"%s\"",
JL>                   ihave ? NNTP_FAIL_IHAVE_REJECT :
JL> NNTP_FAIL_TAKETHIS_REJECT,
JL> +                 data->Distribution.List == NULL ? "" :
JL>                   MaxLength(data->Distribution.List[0],
JL>                             data->Distribution.List[0]));
JL>         ARTlog(data, ART_REJECT, cp->Error);
JL> 
JL> 
JL> 
JL> But I see that MaxLength() can segfault elsewhere in the code.
JL> So I also suggest:
JL> 
JL> 
JL> Index: util.c
JL> ===================================================================
JL> --- util.c      (rvision 8385)
JL> +++ util.c      (copie de travail)
JL> @@ -54,6 +54,11 @@
JL>      static char buff[80];
JL>      unsigned int i;
JL> 
JL> +    if (p == NULL || q == NULL) {
JL> +        *buff = '\0';
JL> +        return buff;
JL> +    }
JL> +
JL>      /* Already short enough? */
JL>      i = strlen(p);
JL>      if (i < sizeof buff - 1) {
JL> 
JL> 
JL> 
JL> 
JL> It now works fine:
JL> 
JL> Apr  1 21:15:03.889 - localhost <a1 at 19ldsfdodjfz> 439 Unwanted distribution
JL> ""
JL> 
JL> 
JL> Could you please also try it?

Yes, but later.

JL> Julien LIE
JL> 

--pety