<<< Date Index >>>     <<< Thread Index >>>

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name



#2885: Buffer overflows in mutt_gecos_name

Comment (by Thomas Roessler):

 {{{
 That indeed suggests making the execution of that code conditional.

 Good point; thanks Vincent.

 On 2007-05-08 21:51:51 -0000, Mutt wrote:
 > From: Mutt <fleas@xxxxxxxx>
 > To: mutt@xxxxxxxx, brendan@xxxxxxxxxx, vincent@xxxxxxxxxx
 > Cc: mutt-dev@xxxxxxxx
 > Date: Tue, 08 May 2007 21:51:51 -0000
 > Subject: Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name
 > Reply-To: fleas@xxxxxxxx
 > X-Spam-Level:
 > X-URL: http://www.mutt.org/
 > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
 >
 > #2885: Buffer overflows in mutt_gecos_name
 >
 > Comment (by vinc17):
 >
 >  The fix is implementation-defined behavior, and a C implementation may
 >  generate a trap when converting an unsigned value into a signed value
 if
 >  the value is not representable in the signed type. I don't think gcc
 can
 >  do this yet, but this would be a good (optional) feature (in case of a
 >  bug, a trap being better than an undetected overflow for security
 >  reasons).
 >
 > --
 > Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:9>
 >
 >
 }}}

-- 
Ticket URL: <http://dev.mutt.org/trac/ticket/2885#comment:>