Hello,
I've got a php app using the php-imap extension and a segmentation fault
occurs during a call to imap_fetchbody on a specific message and
section. I've attached an example email message that causes my crash. It
seems a multipart/mixed message that contains a text part with no text
will
It's a bug in the IMAP server. It is sending a literal (a type of string) with
a size count of -1. The size count for a literal is an unsigned, non-zero,
32-bit value.
I wonder what strtoul() does in this case. I would have expected it to
return a 0.
I have added defensive code for this case
Thanks for the reply. strtoul() is returning 4294967295 in this case.
The max value, I guess, instead of the min. Thanks again.
Mark Crispin wrote:
It's a bug in the IMAP server. It is sending a literal (a type of string) with
a size count of -1. The size count for a literal is an unsigned, n
That's bizarre. The code checks for that, and rejects a literal size greater
than 0x7ffe. The check works on every system that I've tried. Whatever
compiler built it on your system must be generating a signed comparison.
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a shee
The code checks for that, and rejects a literal size greater than
0x7ffe.
Just to make sure I'm on the same page, is this the check you are
referring to, from imap4r1.c:4937
if ((i = strtoul (*txtptr,(char **) txtptr,10)) > MAXSERVERLIT) {
sprintf (LOCAL->tmp,"Absurd server literal length
Yeah, replace that do loop with something like:
for (j = IMAPTMPLEN - 1; i; i -= j) {
if (j> i) j = i;
net_getbuffer (LOCAL->netstream,j,LOCAL->tmp);
}
Thanks.
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Libert
