bug#1558: marked as done (mutt-1.5.4i: OPT_MAX is not max, and mutt_expand_fmt off-by-one error)
Your message dated Mon, 8 Sep 2003 02:25:50 +0200
with message-id <20030908002550.GA18247@xxxxxxxxxxxxxxxxxxxxxxxxxx>
and subject line (no subject)
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Herr der Kaefer
(administrator, GUUG bugs database)
--------------------------------------
Received: (at submit) by bugs.guug.de; 2 May 2003 20:14:05 +0000
>From dan@xxxxxxxxxxxxxxxx Fri May 02 22:14:05 2003
Received: from dan.emsphone.com ([199.67.51.101] ident=root)
by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
id 19Bgup-0008Rk-00
for <submit@xxxxxxxxxxxx>; Fri, 02 May 2003 22:13:55 +0200
Received: (from dan@localhost)
by dan.emsphone.com (8.12.9/8.12.9) id h42KFfrG083875;
Fri, 2 May 2003 15:15:41 -0500 (CDT)
(envelope-from dan)
Date: Fri, 2 May 2003 15:15:41 -0500 (CDT)
Message-Id: <200305022015.h42KFfrG083875@xxxxxxxxxxxxxxxx>
From: dnelson@xxxxxxxxxxxxxxx
Subject: mutt-1.5.4i: OPT_MAX is not max, and mutt_expand_fmt off-by-one error
To: submit@xxxxxxxxxxxx
Package: mutt
Version: 1.5.4i
Severity: normal
-- Please type your report below this line
In trying to hunt down the cause of an intermittent coredump when a new
message arrives in an empty folder, I built mutt with gcc-3.2.3
-fbounds-checking. I've found two bugs so far, neither of which seem
to be causing my crash:
1) In mutt.h, OPT_MAX is no longer the last value in the enum list.
This means the QuadOptions array to be too small, which causes a
bounds check when OPT_BOUNCE is used.
2) In muttlib.c, a pointer is incremented by 2 instead of one when
skipping %s expandos in mutt_expand_fmt. This means that expanding
"%s%s" results in only the first s being expanded, and also causes a
bounds check if the last two characters in fmt are "%s".
Fix:
Index: mutt.h
===================================================================
RCS file: /home/roessler/cvs/mutt/mutt.h,v
retrieving revision 3.17
diff -u -p -r3.17 mutt.h
--- mutt.h 14 Apr 2003 09:09:53 -0000 3.17
+++ mutt.h 2 May 2003 20:12:21 -0000
@@ -288,8 +288,9 @@ enum
OPT_SUBJECT,
OPT_MIMEFWDREST,
OPT_FORWEDIT,
- OPT_MAX,
- OPT_BOUNCE
+ OPT_BOUNCE,
+
+ OPT_MAX /* must be last */
};
/* flags to ci_send_message() */
Index: muttlib.c
===================================================================
RCS file: /home/roessler/cvs/mutt/muttlib.c,v
retrieving revision 3.12
diff -u -p -r3.12 muttlib.c
--- muttlib.c 21 Jan 2003 12:33:41 -0000 3.12
+++ muttlib.c 2 May 2003 20:12:22 -0000
@@ -806,7 +806,7 @@ void mutt_expand_fmt (char *dest, size_t
dest += slen;
destlen -= slen;
- p += 2;
+ p++;
last = p;
}
else if (p[1] == '%')
-- System Information
System Version: FreeBSD dan.emsphone.com 5.0-CURRENT FreeBSD 5.0-CURRENT #266:
Tue Apr 15 18:05:08 CDT 2003
dan@xxxxxxxxxxxxxxxx:/usr/src/sys/i386/compile/DANSMP i386
-- Build environment information
(Note: This is the build environment installed on the system
muttbug is run on. Information may or may not match the environment
used to build mutt.)
- gcc version information
cc -I/usr/local/include
Using built-in specs.
Configured with: FreeBSD/i386 system compiler
Thread model: posix
gcc version 3.2.2 [FreeBSD] 20030205 (release)
- CFLAGS
-Wall -O2 -pipe -march=pentium3 -g
-- Mutt Version Information
Mutt 1.5.4i (2003-03-19)
Copyright (C) 1996-2002 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: FreeBSD 5.0-CURRENT (i386) [using ncurses 5.2] [using libiconv 1.8]
Compile options:
-DOMAIN
-DEBUG
-HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE
-USE_FCNTL +USE_FLOCK
+USE_POP +USE_IMAP +IMAP_EDIT_THREADS -USE_GSS -USE_SSL -USE_SASL
-USE_SASL2
+HAVE_REGCOMP -USE_GNU_REGEX +COMPRESSED
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME -CRYPT_BACKEND_GPGME
+BUFFY_SIZE -EXACT_ADDRESS +SUN_ATTACHMENT
+ENABLE_NLS +LOCALES_HACK +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_LIBIDN +HAVE_GETSID +HAVE_GETADDRINFO
ISPELL="/usr/local/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
To report a bug, please use the flea(1) utility.
Feature patch: pager_status_on_top 0.94.7 by Stefan `Sec` Zehl
---------------------------------------
Received: (at 1558-done) by bugs.guug.de; 8 Sep 2003 00:24:06 +0000
>From roessler+bounce@xxxxxxxxxxxxxxxxxx Mon Sep 08 02:24:03 2003
Received: from does-not-exist.info ([217.160.221.198]
helo=kamino.does-not-exist.org)
by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
id 19w9p5-00055Z-00
for <1558-done@xxxxxxxxxxxx>; Mon, 08 Sep 2003 02:24:03 +0200
Received: from voyager.does-not-exist.org (pD900B2D0.dip0.t-ipconnect.de
[217.0.178.208])
(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
(No client certificate requested)
by kamino.does-not-exist.org (Postfix) with ESMTP
id 54381314100; Mon, 8 Sep 2003 02:26:24 +0200 (CEST)
Received: by voyager.does-not-exist.org (Postfix, from userid 500)
id 4DB638175; Mon, 8 Sep 2003 02:25:50 +0200 (CEST)
Date: Mon, 8 Sep 2003 02:25:50 +0200
From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
To: 1558-done@xxxxxxxxxxxx
Message-ID: <20030908002550.GA18247@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
X-Spam-Status: No, hits=-102.5 required=5.0
tests=USER_AGENT_MUTT,USER_IN_WHITELIST
version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Closing bugs referenced from within mutt's ChangeLog.