While reviewing this old flex bug:
I've noticed that bogofilter's custom yyinput method returns unexpected result for the input file attached in the flex bug, as it returns result exceeding max_size limit passed to it. It does not seem to write out of bounds of the provided buffer, though incorrect result seems to have been causing flex to write out of bounds. I've not checked whether the extra buffer resize added to flex in response to the original bug is sufficient in all cases to avoid out of bounds write.
As noted in the referenced bug, issue can be reproduced with current bogofilter 1.2.2.
Log in to post a comment.