On 06/05/2009 05:15 PM, Mark Martinec wrote:
> I'm not getting anywhere on this. I installed your versions
> of Archive-Zip-1.23 and IO-Compress-Zlib-2.008 (along with
> your version of amavisd-new and perl, but on FreeBSD),
> but it doesn't break here with your sample message.
>
> The main suspect is Compress-Raw-Zlib, as it uses C code,
> although I don't see anything suspicious in its Changes file.
You were right!
I tracked down the problem using the valgrind memory debugger.
It's a buffer overflow in Compress::Raw::Zlib that shippes with perl (at
least with perl-5.10.0 that's part of Fedora 10 and perl-5.8.8 that
comes with Redhat Enterprise Linux 5).
This buffer overflow has been fixed in Compress-Raw-Zlib 2.017 so
upgrading this module should help.
Cheers,
--leo
P.S.: The following changes between 2.015 and 2.017 fix the problem.
Note the "+ 1" on buffer allocation...
--- Compress-Raw-Zlib-2.015/Zlib.xs 2008-09-02 23:02:41.000000000 +0200
+++ Compress-Raw-Zlib-2.017/Zlib.xs 2009-03-26 10:40:57.000000000 +0100
@@ -1306,23 +1310,39 @@
if((s->flags & FLAG_APPEND) != FLAG_APPEND) {
SvCUR_set(output, 0);
}
+
+ /* Assume no output buffer - the code below will update if there is any
available */
+ s->stream.avail_out = 0;
+
+
if (SvLEN(output)) {
prefix_length = cur_length = SvCUR(output) ;
- s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length;
- increment = SvLEN(output) - cur_length - 1;
- s->stream.avail_out = increment;
- }
- else {
- s->stream.avail_out = 0;
+
+ if (s->flags & FLAG_LIMIT_OUTPUT && SvLEN(output) - cur_length
- 1 <
bufinc)
+ {
+ Sv_Grow(output, bufinc + cur_length + 1) ;
+ }
+
+ /* Only setup the stream output pointers if there is spare
+ capacity in the outout SV
+ */
+ if (SvLEN(output) > cur_length + 1)
+ {
+ s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) +
cur_length;
+ increment = SvLEN(output) - cur_length - 1;
+ s->stream.avail_out = increment;
+ }
}
+
+
s->bytesInflated = 0;
RETVAL = Z_OK;
while (RETVAL == Z_OK) {
- if (s->stream.avail_out == 0 ) {
+ if (s->stream.avail_out == 0) {
/* out of space in the output buffer so make it bigger */
- Sv_Grow(output, SvLEN(output) + bufinc) ;
+ Sv_Grow(output, SvLEN(output) + bufinc +1) ;
cur_length += increment ;
s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) +
cur_length
;
increment = bufinc ;
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
