[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

flex buffer overrun problem

From: David Relson
Subject: flex buffer overrun problem
Date: Sat, 18 Nov 2006 19:28:24 -0500


Bogofilter is an open source bayesian spam filter.  It uses a
flex grammar to parse incoming messages so that they can be scored.

As the lead developer of bogofilter I recently received a report that
bogofilter was seg-faulting on some messages.  Having received a copy
of one such message, I was able to drill down and find that the code
generated by flex is accessing memory outside its buffer and that this
is the cause of the problem..

I've tested with flex versions 2.5.4, 2.5.31, and 2.5.31 and all 3
versions exhibit the problem.

The bogofilter package has, in addition to the actual spam filter, a
standalone parser, named bogolexer, that can be used to parse a message
and see the resulting tokens.  Bogolexer is simpler to work with than
bogofilter since it operates without a ham/spam database..

I have a snapshot that shows the above to be the case. It contains
source code for the application, i.e. bogolexer, and a message that
causes a segfault.  I also have pertinent valgrind output and an
instrumented copy of flex-2.5.4's generated code that uses
fprintf(stderr) to show the buffer overrun problem.

To whom should I send this info?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]