#2885: Buffer overflows in mutt_gecos_name
Comment (by raylai):
{{{
$ cat mutt.c
#include <sys/param.h>
#include <stdio.h>
int
main(int argc, char *argv[])
{
size_t destlen = 256, pwnl = 3;
int idx = 254;
printf("%zu\n", (size_t)MAX(destlen - idx - pwnl - 1, 0));
return (0);
}
$ make mutt
cc -O2 -pipe -o mutt mutt.c
$ ./mutt
4294967294
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:3>