<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name



#2885: Buffer overflows in mutt_gecos_name

Comment (by raylai):

 {{{
 $ cat mutt.c
 #include <sys/param.h>
 #include <stdio.h>

 int
 main(int argc, char *argv[])
 {
         size_t destlen = 256, pwnl = 3;
         int idx = 254;

         printf("%zu\n", (size_t)MAX(destlen - idx - pwnl - 1, 0));
         return (0);
 }
 $ make mutt
 cc -O2 -pipe    -o mutt mutt.c
 $ ./mutt
 4294967294
 }}}

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:3>