If it were me and this race condition occurred, shouldn't there also be
a log call of some sort inside the m == NULL loop?
Regards,
KAM
On 3/24/2011 2:54 PM, Frederik Deweerdt wrote:
Hi,
When calling message_dump with a NULL m argument, m is checked against
being NULL before calling message write, but m is derefenced in the
libspamc_log call below.
The patch below just returns if 'm' is NULL.
Regards,
Frederik
diff --git a/spamc/libspamc.c b/spamc/libspamc.c
index 12e5048..7f6fd11 100644
--- a/spamc/libspamc.c
+++ b/spamc/libspamc.c
@@ -853,9 +853,14 @@ void message_dump(int in_fd, int out_fd, struct message *m)
char buf[8196];
int bytes;
- if (m != NULL&& m->type != MESSAGE_NONE) {
+ if (m == NULL) {
+ return;
+ }
+
+ if (m->type != MESSAGE_NONE) {
message_write(out_fd, m);
}
+
while ((bytes = full_read(in_fd, 1, buf, 8192, 8192))> 0) {
if (bytes != full_write(out_fd, 1, buf, bytes)) {
libspamc_log(m->priv->flags, LOG_ERR, "oops! message_dump of %d returned
different",
