Mailing List Archive: SpamAssassin: devel

[Bug 6225] Invalid numerical HTML entity crashes perl

Index | Next | Previous | View Threaded

bugzilla-daemon at bugzilla

Nov 9, 2009, 11:47 AM

Post #1 of 7 (871 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

--- Comment #7 from Mark Martinec <Mark.Martinec [at] ijs> 2009-11-09 11:46:58 UTC ---
Bug 6225: untaint the string in an attempt to work around
a perl crash - a workaround for [perl #69973] bug:
Invalid and tainted utf-8 char crashes perl 5.10.1 in regexp evaluation
A regexp and a string should both be utf8, or none of them;
untainting string also seems to avoid the crash.
Sending lib/Mail/SpamAssassin/PerMsgStatus.pm
Committed revision 834191.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 9, 2009, 3:34 PM

Post #2 of 7 (822 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

Justin Mason <jm [at] jmason> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |jm [at] jmason
Target Milestone|Undefined |3.3.0

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 11, 2009, 10:14 AM

Post #3 of 7 (803 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

--- Comment #8 from Mark Martinec <Mark.Martinec [at] ijs> 2009-11-11 10:14:42 UTC ---
Preventively local()-ize $1 in a couple of places in PerMsgStatus
in view of in view of [perl #67962]
Sending lib/Mail/SpamAssassin/PerMsgStatus.pm
Committed revision 834996.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 11, 2009, 10:28 AM

Post #4 of 7 (800 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

Mark Martinec <Mark.Martinec [at] ijs> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED

--- Comment #9 from Mark Martinec <Mark.Martinec [at] ijs> 2009-11-11 10:28:08 UTC ---
The workaround in Comment 7 seems to avoid the immediate threat, so
I'm closing this bug. The HTML::Parser issue is a bug alright, but is
a minor concern to SpamAssassin, apart from facilitating triggering
of the perl 5.10.1 bug (which we now avoid).

The concern of a disabled TRIE optimisation in perl when the pattern
is not unicode has potential impact on our rule matching, but this
is something hard to solve in the regexp-heavy SpamAssassin. If this
is to be discussed, another PR should be opened.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 18, 2009, 12:51 PM

Post #5 of 7 (682 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

--- Comment #10 from Mark Martinec <Mark.Martinec [at] ijs> 2009-11-18 12:51:52 UTC ---
See also Bug 6238.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 23, 2009, 7:40 AM

Post #6 of 7 (594 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

--- Comment #11 from Mark Martinec <Mark.Martinec [at] ijs> 2009-11-23 07:40:20 UTC ---
See also bug 6240, the perl crash there happens in the same spot
in _get_parsed_uri_list, but possibly for a different reason.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

bugzilla-daemon at bugzilla

Nov 23, 2009, 11:51 AM

Post #7 of 7 (596 views)
Permalink

[Bug 6225] Invalid numerical HTML entity crashes perl [In reply to]

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225

--- Comment #12 from Tom Schulz <schulz [at] adi> 2009-11-23 11:51:39 UTC ---
Perhaps it would be better if Spamassassin would refuse to run with the bad
version of Perl. You probably can not find all the places where you could
trigger
that bug.

--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads