#2885: Buffer overflows in mutt_gecos_name Comment (by raylai): {{{ $ cat mutt.c #include <sys/param.h> #include <stdio.h> int main(int argc, char *argv[]) { size_t destlen = 256, pwnl = 3; int idx = 254; printf("%zu\n", (size_t)MAX(destlen - idx - pwnl - 1, 0)); return (0); } $ make mutt cc -O2 -pipe -o mutt mutt.c $ ./mutt 4294967294 }}} -- Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:3>