https://bugs.exim.org/show_bug.cgi?id=3023
Bug ID: 3023
Summary: Crashes in string expansion
Product: Exim
Version: 4.96
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: String expansion
Assignee: unallocated@exim.org
Reporter: exim@heiko.dialup.fu-berlin.de
CC: exim-dev@lists.exim.org
I noticed several crashes with string expansions in exim-4.96, exim-4.96+fixes,
exim-4.97-RC0, and exim4 4.96-15+deb12u1 (Debian 12.1).
It works fine with exim-4.95 and exim-4.95+fixes.
Can be easily reproduced with:
exim -be '${sg{$header_foobar:${tr{}{}{foobar}}}{}{}}'
Reason seems commit d8b76fa.
There is a "NULL is a possible return." comment introduced for string_catn()
but in expand.c yield->ptr is used for case EITEM_TR without checking for NULL:
yield = string_cat(yield, sub[0]);
[... no checking for NULL ...]
if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++)
If possible, please also add the example above to the exim test suite.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Bug ID: 3023
Summary: Crashes in string expansion
Product: Exim
Version: 4.96
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: String expansion
Assignee: unallocated@exim.org
Reporter: exim@heiko.dialup.fu-berlin.de
CC: exim-dev@lists.exim.org
I noticed several crashes with string expansions in exim-4.96, exim-4.96+fixes,
exim-4.97-RC0, and exim4 4.96-15+deb12u1 (Debian 12.1).
It works fine with exim-4.95 and exim-4.95+fixes.
Can be easily reproduced with:
exim -be '${sg{$header_foobar:${tr{}{}{foobar}}}{}{}}'
Reason seems commit d8b76fa.
There is a "NULL is a possible return." comment introduced for string_catn()
but in expand.c yield->ptr is used for case EITEM_TR without checking for NULL:
yield = string_cat(yield, sub[0]);
[... no checking for NULL ...]
if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++)
If possible, please also add the example above to the exim test suite.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/