[exim-dev] [Bug 2464] 4.93rc1 Integer overflow on mipsel

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2464] 4.93rc1 Integer overflow on mipsel
https://bugs.exim.org/show_bug.cgi?id=2464

--- Comment #3 from Andreas Metzler <eximusers@???> ---
(In reply to Andreas Metzler from comment #2)
> Looking at src/src/readconf.c the failing line is this one:
>
> store_get((int)statbuf.st_size, FALSE);
>
> which seems to malloc() a statbuf.st_size buffer. However for "-C /dev/null"
> stat is not actually called since both
> a) /dev/null is not trusted and
> b) Ustrcmp(filename, US"/dev/null") returns 0
>
> -------------
> if (f.trusted_config && Ustrcmp(filename, US"/dev/null"))
> {
> if (fstat(fileno(config_file), &statbuf) != 0)
> -------------
>
> Therefore statbuf.st_size is unitialized and a huge number which fails to
> malloc() on 32 bit mipsel.


Is this just a copy and paste error? There are two identical instances of the
if (statbuf.st_size > 8192) - block. The second one is the failing one, being
invoked even when fstat() was not run.

--
You are receiving this mail because:
You are on the CC list for the bug.