Bug 119748 – entering '*' into score subject box will cause crash when group is accessed

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 119748 - entering '*' into score subject box will cause crash when group is accessed


Summary:	entering '*' into score subject box will cause crash when group is accessed


Status:	RESOLVED FIXED

Product:	Pan
Classification:	Other
Component:	general
Version:	pre-0.14.1 betas
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	0.14.1
Assigned To:	Charles Kerr
QA Contact:	Pan QA Team

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2003-08-13 01:36 UTC by phoenixreads
Modified:	2006-06-18 05:04 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description phoenixreads 2003-08-13 01:36:33 UTC

Selected Articles->Plonk Author

Changed subject to 
*

Selected [Add & Rescore]. Pan crashes

Restart Pan. Select same ng as selected above. Pan Crashes

Edit score file from '*' to '.*'

Restart Pan. Select same ng as selected above. Pan Works as expected.

Comment 1 Charles Kerr 2003-08-13 15:17:40 UTC

(can't be Pan 0.10.0; that one didn't have scoring)

Looks like you _can_ enter an illegal regular expression to crash Pan.
Maybe there's a validator we can use before calling regexec()?

+ Trace 39562

#0 re_search_internal
from /lib/i686/libc.so.6
#1 regexec
from /lib/i686/libc.so.6
#2 my_regexec
#3 filter_phrase_test_articles
at filter-phrase.c line 292
#4 filter_test_articles
at filter.c line 116
#5 score_articles
at score.c line 1112
#6 ensure_articles_scored
at score.c line 1189
#7 set_group_worker_articles
at articlelist.c line 2775
#8 group_article_forall
at group.c line 1472
#9 set_group_worker
at articlelist.c line 2813
#10 g_static_private_free
from /usr/lib/libglib-2.0.so.0
#11 pthread_start_thread
from /lib/i686/libpthread.so.0
#12 pthread_start_thread_event
from /lib/i686/libpthread.so.

Comment 2 Charles Kerr 2003-08-13 15:20:08 UTC

Yes, regcomp() returns an error state if the expression is bad.
We need to test for that, preferably both in the backend and in
the score creation dialog.

Comment 3 Charles Kerr 2003-08-13 16:17:41 UTC

Two other notes:

1. In order to tickle this bug, I had to change the Subject:
   option menu from "contains" to "matches regular expression".

2. There's no need to set ".*" in the Subject: match for
   plonking an author; just turn off the Subject: criteria
   instead. :)

Comment 4 Charles Kerr 2003-08-13 16:27:39 UTC

Fixed in CVS:

http://cvs.gnome.org/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=pan/pan/filters&command=DIFF_FRAMESET&file=score.c&rev1=1.20&rev2=1.21&root=/cvs/gnome
http://cvs.gnome.org/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=pan/pan/filters&command=DIFF_FRAMESET&file=filter-phrase.h&rev1=1.14&rev2=1.15&root=/cvs/gnome
http://cvs.gnome.org/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=pan/pan/filters&command=DIFF_FRAMESET&file=filter-phrase.c&rev1=1.26&rev2=1.27&root=/cvs/gnome
http://cvs.gnome.org/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=pan/pan&command=DIFF_FRAMESET&file=score-add-ui.c&rev1=1.6&rev2=1.7&root=/cvs/gnome