[pybsddb] Data leak in latest bsddb3/berkeleydb packages

[Jesus Cea]

On 7/5/25 4:00, jacobhenner at outlook.com wrote:
> The leaked data is sufficiently distinct from the ordinary contents of
> a sendmail access.db file to be noticed immediately. I can confirm that
> the data that is being leaked was never part of the database, at any
> point. When viewing the raw file, imagine seeing a block (or substring)
> of pretty-printed JSON, a partial ini file, or HTML. All of these cases
> have been observed, and the leaked data comes from very different parts
> of the codebase than the part that manipulates these databases.

If you are running under Linux, could you possibly run your program with 
this environment variable set (see "man mallopt") (note the underscore 
suffix)?:

MALLOC_PERTURB_=165

Then look for runs of characters "Z" or "0xa5".

You see those characters? One or both?. Do you still see program data 
memory leaks while that environment variable is set?

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - https://www.jcea.es/    _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.jcea.es/pipermail/pybsddb/attachments/20250508/a0dcb40c/attachment.bin>