<<< Date Index >>>     <<< Thread Index >>>

Re: Bug in mutt 1.5.11



On Thursday, 22 December 2005 at 09:54, Jon Olsson wrote:
> Hi,
> 
>   Included in this mail is a patch fixing an overflow and a tar ball
> containing a maildir demonstrating another mutt crash.  This has only been
> confirmed on OpenBSD/i386 3.8-current however.  MacOS X 10.4 mutt 1.5.11 built
> from darwinports doesn't exhibit the same behavior.
>   Please feel free to diagnose the problem with the included mail (tar ball),
> it's something in qp_decode_line in handler.c, that's as far as I've gotten.
> 
> handler.c patch (against 1.5.11):
> +++ handler.c   Wed Dec 21 13:20:01 2005
> @@ -93,7 +93,7 @@ void mutt_convert_to_state(iconv_t cd, c
>      return;
>    }
>  
> -  if (cd == (iconv_t)(-1))
> +  if (cd == (iconv_t)(-1) || *l >= BUFI_SIZE)
>    {
>      state_prefix_put (bufi, *l, s);
>      *l = 0;

This was discussed before, but no one seemed to be confident about the
right resolution:

http://www.df7cb.de/mutt/message/20050818.182554.2764d13e.en.html