On 2016/06/14 01:43, Robert Urban wrote:
> Hello,
>
> on my mail server running postfix + amavisd, amavisd was dying occasionally
> when
> using File::LibMagic to analyze mail messages.
>
> I can reproduce it on the server (OpenBSD the-server 5.9 GENERIC.MP#3 amd64)
> with this Perl script:
I don't have a fix, but the problem is that the copy of the file contents
that ends up in ms->search->s is not null-terminated but instead has a
bunch of 0xdf (the "-33 'ß'" in x/c output from gdb below), indicating
address space that was previously used but has been free()'d.
I'm not sure whether it's in libmagic or p5-File-LibMagic, I'm not doing
very well at getting debug symbols in the perl module, it probably needs a
hunt starting around file_or_fd() or file_buffer() in ports/devel/libmagic..
(gdb) set args ./a bb
(gdb) r
Starting program: /usr/bin/perl ./a bb
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
0x000017d064355080 in *_libc_strnlen (
str=0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., maxlen=1511)
at /usr/src/lib/libc/string/strnlen.c:28
28 for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
(gdb) bt
#0 0x000017d064355080 in *_libc_strnlen (
str=0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., maxlen=1511)
at /usr/src/lib/libc/string/strnlen.c:28
#1 0x000017d06436fdcb in *_libc_strndup (
str=0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., maxlen=Variable "maxlen" is not available.
)
at /usr/src/lib/libc/string/strndup.c:31
#2 0x000017d09734c24f in mprint (ms=0x17d080402700, m=0x17d09cc45cc8) at
softmagic.c:672
#3 0x000017d09734ade1 in match (ms=0x17d080402700, magic=0x17d09cbf3138,
nmagic=11791,
s=0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., nbytes=413, offset=0, mode=64,
text=1, flip=0, indir_count=0x7f7ffffcb374, name_count=0x7f7ffffcb376,
printed_something=0x7f7ffffcb36c,
need_separator=0x7f7ffffcb368, returnval=0x7f7ffffcb2cc) at softmagic.c:252
#4 0x000017d09734a97c in file_softmagic (ms=0x17d080402700,
buf=0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., nbytes=413,
indir_count=0x7f7ffffcb374, name_count=0x7f7ffffcb376, mode=64, text=1) at
softmagic.c:107
#5 0x000017d0973512d4 in file_ascmagic_with_encoding (ms=0x17d080402700,
buf=0x17d0c8cf5000 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., nbytes=413, ubuf=0x17d09a809310,
ulen=413, code=0x17d097464628 "ASCII", type=0x17d097464600 "text", text=1)
at ascmagic.c:143
#6 0x000017d097351113 in file_ascmagic (ms=0x17d080402700,
buf=0x17d0c8cf5000 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., nbytes=413, text=1)
at ascmagic.c:89
#7 0x000017d09735b6eb in file_buffer (ms=0x17d080402700, fd=6,
inname=0x17d073100910 "bb", buf=0x17d0c8cf5000, nb=413) at funcs.c:284
#8 0x000017d097343793 in file_or_fd (ms=0x17d080402700, inname=0x17d073100910
"bb", fd=6) at magic.c:521
#9 0x000017d0973433d9 in magic_file (ms=0x17d080402700, inname=0x17d073100910
"bb") at magic.c:399
#10 0x000017d06daa0f35 in XS_File__LibMagic_magic_file (cv=0x17cffbbad6a0) at
LibMagic.xs:175
#11 0x000017d00ccc17f7 in Perl_pp_entersub () at
/usr/src/gnu/usr.bin/perl/pp_hot.c:2794
#12 0x000017d00cce5f93 in Perl_runops_standard () at
/usr/src/gnu/usr.bin/perl/run.c:42
#13 0x000017d00ccedfac in perl_run (my_perl=Variable "my_perl" is not available.
) at perl.c:2463
#14 0x000017cdf2801163 in main () from /usr/bin/perl
(gdb) frame 9
#9 0x000017d0973433d9 in magic_file (ms=0x17d080402700, inname=0x17d073100910
"bb") at magic.c:399
399 return file_or_fd(ms, inname, STDIN_FILENO);
(gdb) p *ms
$1 = {mlist = {0x17d0794f8900, 0x17d0a281cd40}, c = {len = 10, li =
0x17d066207300}, o = {buf = 0x17d03e475470 "", pbuf = 0x0},
offset = 0, error = -1, flags = 0, event_flags = 0, file = 0x17d09746353e
"unknown", line = 23, search = {
s = 0x17d02225f650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"..., s_len = 413, offset = 105,
rm_len = 3991}, ms_value = {b = 36 '$', h = 20260, l = 1701859108, q =
4923351859561778980, hs = "$O", hl = "$Ope",
hq = "$OpenBSD", s = "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github";,
us = "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee https://github";,
f = 7.09267402e+22, d = 1.4211000495498456e+21},
indir_max = 50, name_max = 30, elf_shnum_max = 32768, elf_phnum_max = 2048,
elf_notes_max = 256, regex_max = 8192,
bytes_max = 1048576}
(gdb) x/512c ms->search->s
0x17d02225f650: 36 '$' 79 'O' 112 'p' 101 'e' 110 'n' 66 'B' 83 'S' 68 'D'
0x17d02225f658: 36 '$' 10 '\n' 10 '\n' 85 'U' 115 's' 101 'e' 32 ' ' 67 'C'
0x17d02225f660: 32 ' ' 99 'c' 111 'o' 100 'd' 101 'e' 103 'g' 101 'e' 110 'n'
0x17d02225f668: 32 ' ' 102 'f' 111 'o' 114 'r' 32 ' ' 109 'm' 108 'l' 116 't'
0x17d02225f670: 111 'o' 110 'n' 45 '-' 50 '2' 48 '0' 49 '1' 51 '3' 48 '0'
0x17d02225f678: 55 '7' 49 '1' 53 '5' 46 '.' 10 '\n' 83 'S' 101 'e' 101 'e'
0x17d02225f680: 32 ' ' 104 'h' 116 't' 116 't' 112 'p' 115 's' 58 ':' 47 '/'
0x17d02225f688: 47 '/' 103 'g' 105 'i' 116 't' 104 'h' 117 'u' 98 'b' 46 '.'
0x17d02225f690: 99 'c' 111 'o' 109 'm' 47 '/' 77 'M' 76 'L' 116 't' 111 'o'
0x17d02225f698: 110 'n' 47 '/' 109 'm' 108 'l' 116 't' 111 'o' 110 'n' 47 '/'
0x17d02225f6a0: 105 'i' 115 's' 115 's' 117 'u' 101 'e' 115 's' 47 '/' 49 '1'
0x17d02225f6a8: 52 '4' 56 '8' 32 ' ' 102 'f' 111 'o' 114 'r' 32 ' ' 100 'd'
0x17d02225f6b0: 101 'e' 116 't' 97 'a' 105 'i' 108 'l' 115 's' 46 '.' 10 '\n'
0x17d02225f6b8: 10 '\n' 45 '-' 45 '-' 45 '-' 32 ' ' 109 'm' 108 'l' 121 'y'
0x17d02225f6c0: 97 'a' 99 'c' 99 'c' 47 '/' 77 'M' 97 'a' 107 'k' 101 'e'
0x17d02225f6c8: 102 'f' 105 'i' 108 'l' 101 'e' 46 '.' 111 'o' 114 'r' 105 'i'
0x17d02225f6d0: 103 'g' 9 '\t' 84 'T' 104 'h' 117 'u' 32 ' ' 77 'M' 97 'a'
0x17d02225f6d8: 121 'y' 32 ' ' 50 '2' 54 '6' 32 ' ' 49 '1' 51 '3' 58 ':'
0x17d02225f6e0: 49 '1' 52 '4' 58 ':' 53 '5' 54 '6' 32 ' ' 50 '2' 48 '0'
0x17d02225f6e8: 49 '1' 54 '6' 10 '\n' 43 '+' 43 '+' 43 '+' 32 ' ' 109 'm'
0x17d02225f6f0: 108 'l' 121 'y' 97 'a' 99 'c' 99 'c' 47 '/' 77 'M' 97 'a'
0x17d02225f6f8: 107 'k' 101 'e' 102 'f' 105 'i' 108 'l' 101 'e' 9 '\t' 84 'T'
0x17d02225f700: 104 'h' 117 'u' 32 ' ' 77 'M' 97 'a' 121 'y' 32 ' ' 50 '2'
0x17d02225f708: 54 '6' 32 ' ' 49 '1' 51 '3' 58 ':' 49 '1' 53 '5' 58 ':'
0x17d02225f710: 49 '1' 48 '0' 32 ' ' 50 '2' 48 '0' 49 '1' 54 '6' 10 '\n'
0x17d02225f718: 64 '@' 64 '@' 32 ' ' 45 '-' 49 '1' 51 '3' 44 ',' 55 '7'
0x17d02225f720: 32 ' ' 43 '+' 49 '1' 51 '3' 44 ',' 55 '7' 32 ' ' 64 '@'
0x17d02225f728: 64 '@' 32 ' ' 66 'B' 73 'I' 78 'N' 32 ' ' 58 ':' 61 '='
0x17d02225f730: 32 ' ' 36 '$' 40 '(' 66 'B' 85 'U' 73 'I' 76 'L' 68 'D'
0x17d02225f738: 41 ')' 47 '/' 98 'b' 105 'i' 110 'n' 10 '\n' 32 ' ' 76 'L'
0x17d02225f740: 73 'I' 66 'B' 32 ' ' 58 ':' 61 '=' 32 ' ' 36 '$' 40 '('
0x17d02225f748: 66 'B' 85 'U' 73 'I' 76 'L' 68 'D' 41 ')' 47 '/' 108 'l'
0x17d02225f750: 105 'i' 98 'b' 10 '\n' 32 ' ' 77 'M' 76 'L' 84 'T' 79 'O'
0x17d02225f758: 78 'N' 32 ' ' 58 ':' 61 '=' 32 ' ' 109 'm' 108 'l' 116 't'
0x17d02225f760: 111 'o' 110 'n' 10 '\n' 32 ' ' 84 'T' 65 'A' 82 'R' 71 'G'
0x17d02225f768: 69 'E' 84 'T' 32 ' ' 58 ':' 61 '=' 32 ' ' 115 's' 101 'e'
0x17d02225f770: 108 'l' 102 'f' 10 '\n' 45 '-' 70 'F' 76 'L' 65 'A' 71 'G'
0x17d02225f778: 83 'S' 32 ' ' 58 ':' 61 '=' 32 ' ' 45 '-' 116 't' 97 'a'
0x17d02225f780: 114 'r' 103 'g' 101 'e' 116 't' 32 ' ' 36 '$' 40 '(' 84 'T'
0x17d02225f788: 65 'A' 82 'R' 71 'G' 69 'E' 84 'T' 41 ')' 10 '\n' 43 '+'
0x17d02225f790: 70 'F' 76 'L' 65 'A' 71 'G' 83 'S' 32 ' ' 58 ':' 61 '='
0x17d02225f798: 32 ' ' 45 '-' 99 'c' 111 'o' 100 'd' 101 'e' 103 'g' 101 'e'
0x17d02225f7a0: 110 'n' 32 ' ' 99 'c' 32 ' ' 45 '-' 116 't' 97 'a' 114 'r'
0x17d02225f7a8: 103 'g' 101 'e' 116 't' 32 ' ' 36 '$' 40 '(' 84 'T' 65 'A'
0x17d02225f7b0: 82 'R' 71 'G' 69 'E' 84 'T' 41 ')' 10 '\n' 32 ' ' 78 'N'
0x17d02225f7b8: 65 'A' 77 'M' 69 'E' 32 ' ' 58 ':' 61 '=' 32 ' ' 109 'm'
0x17d02225f7c0: 108 'l' 121 'y' 97 'a' 99 'c' 99 'c' 10 '\n' 32 ' ' 80 'P'
0x17d02225f7c8: 65 'A' 84 'T' 72 'H' 32 ' ' 58 ':' 61 '=' 32 ' ' 36 '$'
0x17d02225f7d0: 40 '(' 66 'B' 73 'I' 78 'N' 41 ')' 58 ':' 36 '$' 40 '('
0x17d02225f7d8: 115 's' 104 'h' 101 'e' 108 'l' 108 'l' 32 ' ' 101 'e' 99 'c'
0x17d02225f7e0: 104 'h' 111 'o' 32 ' ' 36 '$' 36 '$' 80 'P' 65 'A' 84 'T'
0x17d02225f7e8: 72 'H' 41 ')' 10 '\n' 32 ' ' 10 '\n' -33 'ß' -33 'ß' -33 'ß'
0x17d02225f7f0: -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß'
0x17d02225f7f8: -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß'
0x17d02225f800: -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß'
0x17d02225f808: -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß'
0x17d02225f810: -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß' -33 'ß'
---Type <return> to continue, or q <return> to quit---q
