Bug#733622: bogofilter: Crash on several emails with realloc(): invalid next size

To: Debian Bug Tracking System <733622@bugs.debian.org>
Subject: Bug#733622: bogofilter: Crash on several emails with realloc(): invalid next size
From: Leonardo Boiko <leoboiko@ime.usp.br>
Date: Thu, 14 Jul 2016 11:17:59 -0300
Message-id: <[🔎] 20160714141759.31519.70223.reportbug@renato.ime.usp.br>
Reply-to: Leonardo Boiko <leoboiko@ime.usp.br>, 733622@bugs.debian.org

Package: bogofilter
Version: 1.2.4+dfsg1-6
Followup-For: Bug #733622

I confirm this bug on jessie (1.2.4+dfsg1-3), and also in the current sid
version (1.2.4+dfsg1-6), on amd64.

I think my previous report wasn't delivered due to annexing a sample spam
message, so instead I'm linking it:
https://namakajiri.net/misc/breaks_bogofilter.spam.eml

Here's the behavior I get:

        $ bogofilter -p < breaks_bogofilter.spam.eml

        *** Error in `bogofilter': realloc(): invalid next size:
        0x00007f70697dad60 ***
        Aborted

        # no problems detected with wordlist.db, which includes both spam and
        # ham tokens.
        $ bogoutil --db-verify ~/.bogofilter/wordlist.db
        # success.

        # a brand-new db still triggers the bug.

The spam is base64-encoded HTML email, like most.  I got it from postcat(1),
after finding the realloc() messages in mail.log.   Spamassassin, Rspamd etc.
handle it just fine:

        $ spamc --full < breaks_bogofilter.spam.txt

        [...]
        Content preview:  Netshoes.com.br Caso não consiga visualizar as imagens selecione
           "Sempre mostrar conteúdo" ou Acesse esse link. Você, que é cadastrado no

        [...]
        Content analysis details:   (8.3 points, 5.0 required)

        pts rule name              description
        ---- ---------------------- --------------------------------------------------
         1.9 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                                    [URIs: descontocomqualidade.com.br]
         2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
        [...]



-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bogofilter depends on:
ii  bogofilter-bdb [bogofilter-db]  1.2.4+dfsg1-6
ii  bogofilter-common               1.2.4+dfsg1-6

bogofilter recommends no packages.

bogofilter suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Bug#831261: xmlrpc-c: FTBFS: Tests failures
Next by Date: Processing of tunapie_2.1.19-1_source.changes
Previous by thread: Bug#831261: marked as done (xmlrpc-c: FTBFS: Tests failures)
Next by thread: Processing of tunapie_2.1.19-1_source.changes
Index(es):
- Date
- Thread