On my request, Viktor scanned Postfix source with Anthropic's Claude
Opus 4.6.
It found an uninitialized pointer bug in the proxymap server (requires
an invalid map name configured in main.cf) and an infinite loop
error in the RFC 2047 encoder (requires an absurdly long charset
name configured main.cf).
It found two instances where Postfix internal documentation was not
consistent with the Postfix implementation (handling of "*" wildcard
labels in domain names, handling of a 'truncated list' flag in the
DNS client). If documentation is wrong, then that is worse than no
documentation; it makes Postfix harder to maintain.
Claude also found mistakes that may have been seen in the wild: two
bugs in debug logging (CIDR map, DNS client), one null pointer bug
in the PostgreSQL client (with libpq < 8.0). There was one never-seen
resource leak after fork() failure, and there were some ignored
errors that may happen during severe memory shortage.
Finally, Claude pointed out missing detection of integer overflows
(relevant with expressions that determine how large a buffer needs
to be, or where in a buffer to read or write). Integer overflow is
unlikely because by design Postfix process memory does not contain
large objects or large numbers of objects. That was especially true
when computers had smaller-than-gigabyte memories, but things have
evolved. To make Postfix future-proof, I started a few years ago
to eliminate potential integer overflows, but finding them by hand
was slow (Postfix source without comments amounts to 200k lines).
The number of false findings was remarkably low (about three).
Relevant for the future: besides suggesting code changes, Claude
also suggested clarification in code comments that will help to
make Postfix maintainable by other people (and to silence future
code scanners).
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
