From: Oswald B. <osw...@gm...> - 2021-11-17 09:18:21
|
On Wed, Nov 17, 2021 at 08:08:22AM +0900, Norbert Preining wrote: >Today I got a bug report about a crash including a backtrace: > i know, i watch the debian package. you don't need to forward anything to me. in fact, i was about to reply directly on the bts before it occurred to me to check the other folder first. >Do you have any suggestion? > it's an obvious heap corruption, which may be exploitable in the worst case (the glibc allocator seems to catch the condition, but others may not, or a more carefully crafted message may sidestep it). the easiest way to get to the bottom of it should be running valgrind --tool=memcheck --num-callers=50 mbsync -D <...> (mbsync's -D should help identify the culprit message, a verbatim copy of which should be inspected). antoine, you can send the log (and the message, if it's not too confidential) to me in private. |