Hi, Included in this mail is a patch fixing an overflow and a tar ball containing a maildir demonstrating another mutt crash. This has only been confirmed on OpenBSD/i386 3.8-current however. MacOS X 10.4 mutt 1.5.11 built from darwinports doesn't exhibit the same behavior. Please feel free to diagnose the problem with the included mail (tar ball), it's something in qp_decode_line in handler.c, that's as far as I've gotten. handler.c patch (against 1.5.11): --- handler.c.orig Wed Sep 7 10:20:39 2005 +++ handler.c Wed Dec 21 13:20:01 2005 @@ -93,7 +93,7 @@ void mutt_convert_to_state(iconv_t cd, c return; } - if (cd == (iconv_t)(-1)) + if (cd == (iconv_t)(-1) || *l >= BUFI_SIZE) { state_prefix_put (bufi, *l, s); *l = 0; -- Jon
Attachment:
crash.tar.gz
Description: application/tar-gz