On Tue, Jun 14, 2016 at 03:07:43PM +0100, Stuart Henderson wrote: > On 2016/06/14 01:43, Robert Urban wrote: > > Hello, > > > > on my mail server running postfix + amavisd, amavisd was dying occasionally > > when > > using File::LibMagic to analyze mail messages. > > > > I can reproduce it on the server (OpenBSD the-server 5.9 GENERIC.MP#3 amd64) > > with this Perl script: > > I don't have a fix, but the problem is that the copy of the file contents > that ends up in ms->search->s is not null-terminated but instead has a > bunch of 0xdf (the "-33 'ß'" in x/c output from gdb below), indicating > address space that was previously used but has been free()'d. > > I'm not sure whether it's in libmagic or p5-File-LibMagic, I'm not doing > very well at getting debug symbols in the perl module, it probably needs a > hunt starting around file_or_fd() or file_buffer() in ports/devel/libmagic..
I believe it's something in libmagic, as I can reproduce with python2.7. #!/usr/local/bin/python2.7 import sys import magic file = './p005' ms = magic.open(magic.NONE) ms.load() for i in range(0, 100000): desc = ms.file(file) if (i % 100 == 0): sys.stdout.write(".") sys.stdout.flush() And the backtrace, although I assume it can be reproduced. #0 0x00000e5d9c368910 in *_libc_strnlen ( str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee https://github.com/MLton/mlton/issues/148 for details.\n\n--- mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26 13:15:10 2016\n"..., maxlen=1511) at /usr/src/lib/libc/string/strnlen.c:28 28 for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) (gdb) bt #0 0x00000e5d9c368910 in *_libc_strnlen ( str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee https://github.com/MLton/mlton/issues/148 for details.\n\n--- mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26 13:15:10 2016\n"..., maxlen=1511) at /usr/src/lib/libc/string/strnlen.c:28 #1 0x00000e5d9c342d2b in *_libc_strndup ( str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee https://github.com/MLton/mlton/issues/148 for details.\n\n--- mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26 13:15:10 2016\n"..., maxlen=Variable "maxlen" is not available. ) at /usr/src/lib/libc/string/strndup.c:31 #2 0x00000e5dcbc002d8 in mprint () from /usr/local/lib/libmagic.so.4.2 #3 0x00000e5dcbc00ec5 in match () from /usr/local/lib/libmagic.so.4.2 #4 0x00000e5dcbc01118 in file_softmagic () from /usr/local/lib/libmagic.so.4.2 #5 0x00000e5dcbc02cd0 in file_ascmagic_with_encoding () from /usr/local/lib/libmagic.so.4.2 #6 0x00000e5dcbc03000 in file_ascmagic () from /usr/local/lib/libmagic.so.4.2 #7 0x00000e5dcbc09bb8 in file_buffer () from /usr/local/lib/libmagic.so.4.2 #8 0x00000e5dcbbf9152 in file_or_fd () from /usr/local/lib/libmagic.so.4.2 #9 0x00000e5da0d37b44 in ffi_call_unix64 () from /usr/local/lib/libffi.so.1.2 #10 0x00000e5da0d37951 in ffi_call () from /usr/local/lib/libffi.so.1.2 #11 0x00000e5d8040eb11 in _ctypes_callproc () from /usr/local/lib/python2.7/lib-dynload/_ctypes.so #12 0x00000e5d8040893f in PyCFuncPtr_call () from /usr/local/lib/python2.7/lib-dynload/_ctypes.so #13 0x00000e5e39d36c28 in PyObject_Call () from /usr/local/lib/libpython2.7.so.0.0 #14 0x00000e5e39dd38b7 in PyEval_EvalFrameEx () from /usr/local/lib/libpython2.7.so.0.0 #15 0x00000e5e39dd6b8c in PyEval_EvalFrameEx () from /usr/local/lib/libpython2.7.so.0.0 #16 0x00000e5e39dd8bad in PyEval_EvalCodeEx () from /usr/local/lib/libpython2.7.so.0.0 #17 0x00000e5e39dd8ca2 in PyEval_EvalCode () from /usr/local/lib/libpython2.7.so.0.0 #18 0x00000e5e39df5d82 in run_mod () from /usr/local/lib/libpython2.7.so.0.0 #19 0x00000e5e39df5e56 in PyRun_FileExFlags () from /usr/local/lib/libpython2.7.so.0.0 #20 0x00000e5e39df751d in PyRun_SimpleFileExFlags () from /usr/local/lib/libpython2.7.so.0.0 #21 0x00000e5e39e0886c in Py_Main () from /usr/local/lib/libpython2.7.so.0.0 #22 0x00000e5b7aa009a2 in _start () from /usr/local/bin/python2.7 #23 0x0000000000000000 in ?? () -- andrew - http://afresh1.com Computer Science: solving today's problems tomorrow.