Starting freeze for 1.12 release

Vincent Lefevre vincent at vinc17.org
Wed May 15 11:14:18 UTC 2019


Hi,

On 2019-05-10 09:12:23 -0700, Kevin J. McCarthy wrote:
> I've just emailed the mutt.pot file to the translators mailing list. From
> now until the release (planned for the weekend of May 25-26), please
> restrict commits to bug fixes or documentation updates only.

I've just fixed an undefined behavior that can occur in an invalid
message, such as the attached one.

See commit 3b6f6b829718ec8a7cf3eb6997d86e83e6c38567.

--- a/rfc2231.c
+++ b/rfc2231.c
@@ -146,7 +146,12 @@ void rfc2231_decode_parameters (PARAMETER **headp)
       encoded = (*t == '*');
       *t = '\0';
 
-      index = atoi (s);
+      /* RFC 2231 says that the index starts at 0 and increments by 1,
+         thus an overflow should never occur in a valid message, thus
+         the value INT_MAX in case of overflow does not really matter
+         (the goal is just to avoid undefined behavior). */
+      if (mutt_atoi (s, &index))
+        index = INT_MAX;
 
       conttmp = rfc2231_new_parameter ();
       conttmp->attribute = p->attribute;

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
-------------- next part --------------
>From a at b.invalid Wed May 15 12:43:00 2018
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------070001020609030109080507"

This is a multi-part message in MIME format.
--------------070001020609030109080507
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

foo
--------------070001020609030109080507
Content-Type: text/plain; name="name"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
        filename*17="na";
        filename*999999999999999999999999999999="me"

bar
--------------070001020609030109080507--


More information about the Mutt-dev mailing list