[exim-dev] [Bug 3023] New: Crashes in string expansion

Autore: Exim Bugzilla
Data:
To: exim-dev
Oggetto: [exim-dev] [Bug 3023] New: Crashes in string expansion

https://bugs.exim.org/show_bug.cgi?id=3023

            Bug ID: 3023
           Summary: Crashes in string expansion
           Product: Exim
           Version: 4.96
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: String expansion
          Assignee: unallocated@???
          Reporter: exim@???
                CC: exim-dev@???

I noticed several crashes with string expansions in exim-4.96, exim-4.96+fixes,
exim-4.97-RC0, and exim4 4.96-15+deb12u1 (Debian 12.1).
It works fine with exim-4.95 and exim-4.95+fixes.

Can be easily reproduced with:

exim -be '${sg{$header_foobar:${tr{}{}{foobar}}}{}{}}'

Reason seems commit d8b76fa.

There is a "NULL is a possible return." comment introduced for string_catn()
but in expand.c yield->ptr is used for case EITEM_TR without checking for NULL:

yield = string_cat(yield, sub[0]);
[... no checking for NULL ...]
if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++)

If possible, please also add the example above to the exim test suite.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Questo messaggio è parte di questo thread:
	il thread completo ordinato per data

	Exim Bugzilla at