likely bug in plugins/digestmd5.c
markopaolini at gmail.com
Thu Oct 27 07:31:10 EDT 2011
On 27/10/2011 12:16, Marco Paolini wrote:
> subversion (that is a cyrus-sasl user) triggers a segfault in digestmd5_client_mech_dispose when call to utils->log is made
> same happens in digestmd5_common_mech_dispose whan utils->log is invoked
> I'm not a sasl expert, so I'm asking for your advice: do you thing this is a bug in sasl?
> it looks like digestmd5 is the only plugin that tries to log in mech_dispose routines, maybe it shouldn't...
ops sorry for the noise, it turns out it is a subversion 1.6.17 bug (fixed in release 1.7.1 or maybe earlier):
subversion was using a local variable in stack for the callbacks argument of sasl_client_new
but sasl_dispose was called outside this function, so when utils->log went looking for log callbacks
it was accessing some bogus memory area
More information about the Cyrus-devel