Re: Bug in mutt 1.5.11
On Thursday, 22 December 2005 at 09:54, Jon Olsson wrote:
> Hi,
>
> Included in this mail is a patch fixing an overflow and a tar ball
> containing a maildir demonstrating another mutt crash. This has only been
> confirmed on OpenBSD/i386 3.8-current however. MacOS X 10.4 mutt 1.5.11 built
> from darwinports doesn't exhibit the same behavior.
> Please feel free to diagnose the problem with the included mail (tar ball),
> it's something in qp_decode_line in handler.c, that's as far as I've gotten.
>
> handler.c patch (against 1.5.11):
> +++ handler.c Wed Dec 21 13:20:01 2005
> @@ -93,7 +93,7 @@ void mutt_convert_to_state(iconv_t cd, c
> return;
> }
>
> - if (cd == (iconv_t)(-1))
> + if (cd == (iconv_t)(-1) || *l >= BUFI_SIZE)
> {
> state_prefix_put (bufi, *l, s);
> *l = 0;
This was discussed before, but no one seemed to be confident about the
right resolution:
http://www.df7cb.de/mutt/message/20050818.182554.2764d13e.en.html