[dev] [commits] Horde branch master updated. 96483e0d91a027c338b703995e0b123b31684488

Michael J Rubinsky mrubinsk at horde.org
Fri Sep 27 18:17:20 UTC 2013 

Quoting Michael M Slusarz <slusarz at horde.org>:

> Quoting "Michael J. Rubinsky" <mrubinsk at horde.org>:
>
>> commit 4faaf153875911d05a2329f693ff767cefdc2e7c
>> Author: Michael J Rubinsky <mrubinsk at horde.org>
>> Date:   Mon Sep 23 11:24:56 2013 -0400
>>
>>    This seems to prevent a PHP bug from being triggered.
>>
>>    Without hex-encoding of control characters, PHP is segfaulting on
>>    numerous platforms with certain strings. Still working out the
>>    exact string combinations that trigger this for reporting to PHP.
>>
>> framework/Mime/lib/Horde/Mime/Part.php |    3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> http://github.com/horde/horde/commit/4faaf153875911d05a2329f693ff767cefdc2e7c
>> http://git.horde.org/horde-git/-/commit/4faaf153875911d05a2329f693ff767cefdc2e7c
>
> This is being reverted.  You can't do this.  This breaks things like  
> generating PGP and flowed messages, where spaces MUST NOT be encoded  
> in quoted-printable data.  To say nothing of the size of messages  
> sent now (this is way less efficient than base64).
>
> The correct fix would be to manually change the encoding of the part  
> to base64 at the location you are seeing issues until you can figure  
> out the problem.  However, the solution is not to cripple the  
> software for everyone else that is using it normally.

Yeah, sorry about this. I spent over 8 hours tracking down this issue  
with a very anxious client. Was just happy that I finally found  
something that stopped the segfaults.

I've tracked this down to the point that it is triggered by a bare CR  
at the end of the string, while all other line endings are CRLF (so  
line-break-chars is set to CRLF), but only if the string is a certain  
size, and with certain values of line-length.  My guess: Since the  
stream's line endings are detected to be CRLF, but there exists a  
*single* bare CR, this screws up the internal calculations for  
line-length leading to some sort of overflow or divide-by-zero error  
internally.


-- 
mike

The Horde Project (www.horde.org)
mrubinsk at horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5849 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/dev/attachments/20130927/f7d1da9a/attachment.bin>

More information about the dev mailing list