On Tue, Jun 14, 2016 at 03:07:43PM +0100, Stuart Henderson wrote:
> On 2016/06/14 01:43, Robert Urban wrote:
> > Hello,
> >
> > on my mail server running postfix + amavisd, amavisd was dying occasionally
> > when
> > using File::LibMagic to analyze mail messages.
> >
> > I can reproduce it on the server (OpenBSD the-server 5.9 GENERIC.MP#3 amd64)
> > with this Perl script:
>
> I don't have a fix, but the problem is that the copy of the file contents
> that ends up in ms->search->s is not null-terminated but instead has a
> bunch of 0xdf (the "-33 'ß'" in x/c output from gdb below), indicating
> address space that was previously used but has been free()'d.
>
> I'm not sure whether it's in libmagic or p5-File-LibMagic, I'm not doing
> very well at getting debug symbols in the perl module, it probably needs a
> hunt starting around file_or_fd() or file_buffer() in ports/devel/libmagic..
I believe it's something in libmagic, as I can reproduce with python2.7.
#!/usr/local/bin/python2.7
import sys
import magic
file = './p005'
ms = magic.open(magic.NONE)
ms.load()
for i in range(0, 100000):
desc = ms.file(file)
if (i % 100 == 0):
sys.stdout.write(".")
sys.stdout.flush()
And the backtrace, although I assume it can be reproduced.
#0 0x00000e5d9c368910 in *_libc_strnlen (
str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"...,
maxlen=1511) at /usr/src/lib/libc/string/strnlen.c:28
28 for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
(gdb) bt
#0 0x00000e5d9c368910 in *_libc_strnlen (
str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"...,
maxlen=1511) at /usr/src/lib/libc/string/strnlen.c:28
#1 0x00000e5d9c342d2b in *_libc_strndup (
str=0xe5e09592650 "$OpenBSD$\n\nUse C codegen for mlton-20130715.\nSee
https://github.com/MLton/mlton/issues/148 for details.\n\n---
mlyacc/Makefile.orig\tThu May 26 13:14:56 2016\n+++ mlyacc/Makefile\tThu May 26
13:15:10 2016\n"...,
maxlen=Variable "maxlen" is not available.
) at /usr/src/lib/libc/string/strndup.c:31
#2 0x00000e5dcbc002d8 in mprint () from /usr/local/lib/libmagic.so.4.2
#3 0x00000e5dcbc00ec5 in match () from /usr/local/lib/libmagic.so.4.2
#4 0x00000e5dcbc01118 in file_softmagic () from /usr/local/lib/libmagic.so.4.2
#5 0x00000e5dcbc02cd0 in file_ascmagic_with_encoding ()
from /usr/local/lib/libmagic.so.4.2
#6 0x00000e5dcbc03000 in file_ascmagic () from /usr/local/lib/libmagic.so.4.2
#7 0x00000e5dcbc09bb8 in file_buffer () from /usr/local/lib/libmagic.so.4.2
#8 0x00000e5dcbbf9152 in file_or_fd () from /usr/local/lib/libmagic.so.4.2
#9 0x00000e5da0d37b44 in ffi_call_unix64 () from /usr/local/lib/libffi.so.1.2
#10 0x00000e5da0d37951 in ffi_call () from /usr/local/lib/libffi.so.1.2
#11 0x00000e5d8040eb11 in _ctypes_callproc ()
from /usr/local/lib/python2.7/lib-dynload/_ctypes.so
#12 0x00000e5d8040893f in PyCFuncPtr_call ()
from /usr/local/lib/python2.7/lib-dynload/_ctypes.so
#13 0x00000e5e39d36c28 in PyObject_Call ()
from /usr/local/lib/libpython2.7.so.0.0
#14 0x00000e5e39dd38b7 in PyEval_EvalFrameEx ()
from /usr/local/lib/libpython2.7.so.0.0
#15 0x00000e5e39dd6b8c in PyEval_EvalFrameEx ()
from /usr/local/lib/libpython2.7.so.0.0
#16 0x00000e5e39dd8bad in PyEval_EvalCodeEx ()
from /usr/local/lib/libpython2.7.so.0.0
#17 0x00000e5e39dd8ca2 in PyEval_EvalCode ()
from /usr/local/lib/libpython2.7.so.0.0
#18 0x00000e5e39df5d82 in run_mod () from /usr/local/lib/libpython2.7.so.0.0
#19 0x00000e5e39df5e56 in PyRun_FileExFlags ()
from /usr/local/lib/libpython2.7.so.0.0
#20 0x00000e5e39df751d in PyRun_SimpleFileExFlags ()
from /usr/local/lib/libpython2.7.so.0.0
#21 0x00000e5e39e0886c in Py_Main () from /usr/local/lib/libpython2.7.so.0.0
#22 0x00000e5b7aa009a2 in _start () from /usr/local/bin/python2.7
#23 0x0000000000000000 in ?? ()
--
andrew - http://afresh1.com
Computer Science: solving today's problems tomorrow.
