Opened 16 years ago
Closed 16 years ago
#2616 closed bug (fixed)
parsedate() with an invalid time value seesm to create stack corruption.
Reported by: | bga | Owned by: | axeld |
---|---|---|---|
Priority: | high | Milestone: | R1/alpha1 |
Component: | System/libroot.so | Version: | R1/pre-alpha1 |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
I have this email on my account that when parsed by MDR crashes it. More specifically, it crashes in parsedate(). I was able to determine that preparseDate() errors out (more specifically here:
// if we're reached our maximum number of elements, bail out if (index >= MAX_ELEMENTS) return B_ERROR;
Then parsedate_etc() catched the error and return it to parsedate():
if (preparseDate(dateString, elements) < B_OK) { *_flags = PARSEDATE_INVALID_DATE; return B_ERROR; }
This was supposed to return to parsedate() which would in turn return the error but it never actually returns. To be sure I changed parsedate() to:
time_t parsedate(const char *dateString, time_t now) { int flags = 0; printf("calling parsedate_etc()\n"); time_t result = parsedate_etc(dateString, now, &flags); printf("returned from parsedate_etc()\n"); return result; }
The second printf is never printed.
I get a segfault and the following useless stack crawl on gdb:
[Switching to team /system/servers/mail_daemon (5651) thread BGA(BUG-Br) (5659)] 0x00000000 in ?? () (gdb) bt #0 0x00000000 in ?? () (gdb)
The emails that causes this is attached. Note the problem is its "Date" header line.
Attachments (1)
Change History (5)
by , 16 years ago
comment:1 by , 16 years ago
You might want to add your testcase in src/tests/system/libroot/os/ParseDateTest.cpp.
comment:2 by , 16 years ago
Added the test case with hrev27003. Again, gdb is useless to debug this due to the stack corruption.
comment:3 by , 16 years ago
Milestone: | R1 → R1/alpha1 |
---|---|
Status: | new → assigned |
comment:4 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Thanks for the nice test case! Fixed in hrev27006.
Crashing email (check Date header)