Skip to content

Properly fix #80220 #6343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Properly fix #80220 #6343

wants to merge 1 commit into from

Conversation

cmb69
Copy link
Member

@cmb69 cmb69 commented Oct 16, 2020

The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now. While imap_mail_compose() does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects TYPEMESSAGE with an explicit
subtype of RFC822 to have a nested.msg (otherwise there will be a
segfault during free), but not to have any contents.text.data (this
will leak otherwise).

[1] http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7

@cmb69
Properly fix #80220
228d27b 
The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now.  While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>
@cmb69 cmb69 added the Bug label Oct 16, 2020
This was referenced Oct 16, 2020
Closed
Closed
@cmb69
Copy link
Member Author

cmb69 commented Oct 19, 2020

What to do here? There is currently a regression in 7.3.24RC1 and 7.4.12RC1; should we cherry-pick this fix into 7.3.24 and 7.4.12? @derickr ?

nikic
nikic approved these changes Oct 19, 2020
View reviewed changes
Copy link
Member

@nikic nikic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really don't know enough about this, but it doesn't look unreasonable...

@php-pulls php-pulls closed this in 7f3bdda Oct 20, 2020
@cmb69 cmb69 deleted the cmb/80220-3 branch October 20, 2020 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikic nikic nikic approved these changes

Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cmb69 @nikic