[exim-dev] [Bug 2171] New: Crash at DATA ACL string expansio…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2171] New: Crash at DATA ACL string expansion.
https://bugs.exim.org/show_bug.cgi?id=2171

            Bug ID: 2171
           Summary: Crash at DATA ACL string expansion.
           Product: Exim
           Version: 4.89
          Hardware: x86-64
                OS: FreeBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: String expansion
          Assignee: nigel@???
          Reporter: zarabotak@???
                CC: exim-dev@???


Created attachment 1039
--> https://bugs.exim.org/attachment.cgi?id=1039&action=edit
Two backtraces.

Hello,

I have rule
warn set acl_m_headerfrom = ${reduce{${addresses:$h_From:}}{}{$item}} at DATA
ACL.
As far as I understood this rule causes crash.
Two backtraces are added as attachment.
Below only a small part of it.

#0  0x000000000047b224 in parse_fix_phrase (phrase=0x8047ffffc "onte"<error:
Cannot access memory at address 0x804800000>, len=8, buffer=0x7fffffff8118 "",
buffer_size=1) at parse.c:1026
        ch = 0
        i = 8
        quoted = 73614376
        s = 0x650047baab <error: Cannot access memory at address 0x650047baab>
        end = 0x804634428
"emontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemont"...
        t = 0x1006500000001 <error: Cannot access memory at address
0x1006500000001>
        yield = 0x4000 <error: Cannot access memory at address 0x4000>
#1  0x000000000047a879 in read_domain (s=0x804634422
"\nemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemon"..., 
    t=0x7fffffff8118 "", errorptr=0x7fffffff8110) at parse.c:255
        tt = 0x7fffffff810c "\377\177"
#2  0x0000000000456d7d in expand_string_internal (string=0x8044d7911
"${addresses:$h_From:}}{}{$item}}", ket_ends=1, left=0x7fffffffb220,
skipping=0, honour_dollar=1, resetok_p=0x7fffffffb10c) at expand.c:6858
        needs_quote = 32767
        t = 0x7fffffff9329 ""
        c = 7
        arg = 0x0
        sub = 0x804634422
"\nemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemontemon"...
        vp = 0x0
        value = 0x7fffffff9410 "l"
        name =
"addresses\000\377\377\377\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\006\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001",
'\000' <repeats 15 times>,
"\020Cc\004\b\000\000\000\350Bc\004\b\000\000\000W\330K\000\000\000\000\000\020\220\377\377\377\177\000\000\353\357E",
'\000' <repeats 13 times>,
"\365\366D\000\000\000\000\000\000Cc\004\b\000\000\000\200Vt\000\000\000\000\000\000\000\000\000\251\000\000\000\252\000\000\000\251\000\000\000\000\260\377\377\377\177\000\000Xft\000\000\000\000\000\020\222\377\377\377\177\000\000\024\237E\000\000\000\000\000\000@\000\000\000\000\000\000"...
        ptr = 0
        size = 96
        yield = 0x8046343c0 "\036sw"
        item_type = -1
        s = 0x8044d7926 "}{}{$item}}"
        save_expand_nstring = {0x8045042b0 "\210>P\004\b", 0x74e4c8
<debug_buffer+104> "RuneMagiNONE", 0x1 <error: Cannot access memory at address
0x1>, 0x7fffffff9190 "", 0x7fffffffafec "", 0x0, 0x3fffff9160 <error: Cannot
access memory at address 0x3fffff9160>, 
          0x518fbe "=%s)", 0x100004000 <error: Cannot access memory at address
0x100004000>, 0x804634300 " [78.46.206.71] Warning: HeaderFrom:(>)
EnvelopeFrom: webmaster@???", 
          0x804634300 " [78.46.206.71] Warning: HeaderFrom:(>) EnvelopeFrom:
webmaster@???", 0x0, 0x7fffffffeb68 "\230\355\377\377\377\177", 0x3
<error: Cannot access memory at address 0x3>, 0x7fffffff9210
"\220\262\377\377\377\177", 
          0x459be5 <find_variable+773>
"\203\352\035H\211\205\300\376\377\377H\211\225\270\376\377\377\017\207\262\n",
0x7fffffff9190 "", 0x74e4c8 <debug_buffer+104> "RuneMagiNONE", 0x7fffffff91b0
"\300Cc\004\b", 
          0x45efeb <eval_op_shift+155>
"\340H\213E\340H\211\301H\203\301\001H\211M\340\017\266\020\211U\314H\213E\340H\203\300\001H\211E\340\213u\364H\213U\350\350g",
0x0}
        save_expand_nlength = {0, 0, 72185707, 8, -26976, 32767, 72119432, 8,
-243812000, 289058040, 57247496, 8, -27804, 32767, -23, -1, 6, 0, 54891170, 8,
0}
        resetok = 1


--
You are receiving this mail because:
You are on the CC list for the bug.