https://bugs.exim.org/show_bug.cgi?id=2199
--- Comment #2 from meh <meh@???> ---
It does happen.
In receive.c, exim used receive_getc to get message.
1831 ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
When exim is handling BDAT command, receive_getc is bdat_getc.
In bdat_getc, after the length of BDAT is reached, bdat_getc tries to read the
next command.
smtp_in.c
536 next_cmd:
537 switch(smtp_read_command(TRUE, 1))
538 {
539 default:
540 (void) synprot_error(L_smtp_protocol_error, 503, NULL,
541 US"only BDAT permissible after non-LAST BDAT");
synprot_error may call store_get if any non-printable character exists because
synprot_error uses string_printing.
string.c
304 /* Get a new block of store guaranteed big enough to hold the
305 expanded string. */
306
307 ss = store_get(length + nonprintcount * 3 + 1);
This all happens in the main thread.
--
You are receiving this mail because:
You are on the CC list for the bug.
