Hi,
On 2019-05-10 09:12:23 -0700, Kevin J. McCarthy wrote:
> I've just emailed the mutt.pot file to the translators mailing list. From
> now until the release (planned for the weekend of May 25-26), please
> restrict commits to bug fixes or documentation updates only.
I've just fixed an undefined behavior that can occur in an invalid
message, such as the attached one.
See commit 3b6f6b829718ec8a7cf3eb6997d86e83e6c38567.
--- a/rfc2231.c
+++ b/rfc2231.c
@@ -146,7 +146,12 @@ void rfc2231_decode_parameters (PARAMETER **headp)
encoded = (*t == '*');
*t = '\0';
- index = atoi (s);
+ /* RFC 2231 says that the index starts at 0 and increments by 1,
+ thus an overflow should never occur in a valid message, thus
+ the value INT_MAX in case of overflow does not really matter
+ (the goal is just to avoid undefined behavior). */
+ if (mutt_atoi (s, &index))
+ index = INT_MAX;
conttmp = rfc2231_new_parameter ();
conttmp->attribute = p->attribute;
--
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>From [email protected] Wed May 15 12:43:00 2018
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------070001020609030109080507"
This is a multi-part message in MIME format.
--------------070001020609030109080507
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
foo
--------------070001020609030109080507
Content-Type: text/plain; name="name"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename*17="na";
filename*999999999999999999999999999999="me"
bar
--------------070001020609030109080507--
