<<< Date Index >>>     <<< Thread Index >>>

Bug in mutt 1.5.11



Hi,

  Included in this mail is a patch fixing an overflow and a tar ball
containing a maildir demonstrating another mutt crash.  This has only been
confirmed on OpenBSD/i386 3.8-current however.  MacOS X 10.4 mutt 1.5.11 built
from darwinports doesn't exhibit the same behavior.
  Please feel free to diagnose the problem with the included mail (tar ball),
it's something in qp_decode_line in handler.c, that's as far as I've gotten.

handler.c patch (against 1.5.11):
--- handler.c.orig      Wed Sep  7 10:20:39 2005
+++ handler.c   Wed Dec 21 13:20:01 2005
@@ -93,7 +93,7 @@ void mutt_convert_to_state(iconv_t cd, c
     return;
   }
 
-  if (cd == (iconv_t)(-1))
+  if (cd == (iconv_t)(-1) || *l >= BUFI_SIZE)
   {
     state_prefix_put (bufi, *l, s);
     *l = 0;
-- 
Jon

Attachment: crash.tar.gz
Description: application/tar-gz