bogofilter: yyinput result may exceed max_size
Fast Bayesian spam filter along lines suggested by Paul Graham
Brought to you by:
m-a
While reviewing this old flex bug:
https://sourceforge.net/tracker/?func=detail&aid=1601111&group_id=97492&atid=618177
I've noticed that bogofilter's custom yyinput method returns unexpected result for the input file attached in the flex bug, as it returns result exceeding max_size limit passed to it. It does not seem to write out of bounds of the provided buffer, though incorrect result seems to have been causing flex to write out of bounds. I've not checked whether the extra buffer resize added to flex in response to the original bug is sufficient in all cases to avoid out of bounds write.
As noted in the referenced bug, issue can be reproduced with current bogofilter 1.2.2.
I think this is similar to #116 - unfortunately, the URL to the flex bug is now defunct, but I believe this bug was fixed with
commit cd33fc00802a75fe7b3b8a967bf879f7bc33c320 (refs/bisect/bad)
Author: Matthias Andree matthias.andree@gmx.de
Date: Sat Feb 28 20:25:42 2015 +0000