[Bug 617849] Re: php5 crashed with SIGSEGV in memcpy()
Vladimir Kolesnikov
617849 at bugs.launchpad.net
Sat Aug 14 16:09:13 BST 2010
Finally got it.
The problem is that mail_fetch_body() function from uw-imap-
2007e~dfsg/src/c-client/mail.c can return an empty string without
setting len to zero:
if (!(section && *section))<->/* top-level text wanted? */
return mail_fetch_message (stream,msgno,len,flags);
else if (strlen (section) > (MAILTMPLEN - 20)) return "";
MAILTMPLEN is #define'd to be 1024, the length of that long section name
is 1005 characters (1005+20 > 1024).
Thus strlen (section) > (MAILTMPLEN - 20) condition is true and the
empty string is returned. But len is not zeroed.
The quickest workaround is to set len to zero (in pgp5_imap) before
passing it to mail_fetch_body().
--
php5 crashed with SIGSEGV in memcpy()
https://bugs.launchpad.net/bugs/617849
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list