* Santiago Vila , 2017-11-16, 22:35:
-{ if(buffilled+len>buflen)/* buf can't hold the text */
+{ while(buffilled+len>buflen) /* buf can't hold the
text */
buf=realloc(buf,buflen+=Bsize);
The patch looks to me, and I confirm that it fixes the cra
Hi Santiago, hi Jakub,
On Thu, Nov 16, 2017 at 10:35:05PM +0100, Santiago Vila wrote:
> On Sat, Sep 23, 2017 at 12:24:35AM +0200, Jakub Wilk wrote:
> > Package: procmail
> > Version: 3.22-25+b1
> > Tags: security
> >
> > formail crashes on the attached file:
> >
> > $ zcat overflow.822.gz | fo
I managed to reproduce the problem (but not a crash as such) on a
Debian 8 machine (i386) from Digital Ocean (it is increasingly
difficult to find a i386 machine these days).
In this machine, the output of formail with sample email had garbage
chars, and the garbage was different every time. The p
On Sat, Sep 23, 2017 at 12:24:35AM +0200, Jakub Wilk wrote:
> Package: procmail
> Version: 3.22-25+b1
> Tags: security
>
> formail crashes on the attached file:
>
> $ zcat overflow.822.gz | formail -r
> *** Error in `formail': corrupted size vs. prev_size: 0x584565a8 ***
> ...
> Aborted
>
Package: procmail
Version: 3.22-25+b1
Tags: security
formail crashes on the attached file:
$ zcat overflow.822.gz | formail -r
*** Error in `formail': corrupted size vs. prev_size: 0x584565a8 ***
...
Aborted
I believe the culrpit is the loadbuf() function. It looks like this:
void lo
5 matches
Mail list logo