1 Return-Path: <dme@dme.org>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 7836D4196F0
\r
6 for <notmuch@notmuchmail.org>; Wed, 28 Apr 2010 03:45:30 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
\r
12 tests=[BAYES_00=-1.9] autolearn=ham
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id hQAyQtKuBmfa for <notmuch@notmuchmail.org>;
\r
16 Wed, 28 Apr 2010 03:45:29 -0700 (PDT)
\r
17 Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com
\r
18 [74.125.82.53]) by olra.theworths.org (Postfix) with ESMTP id 8417D431FC1 for
\r
19 <notmuch@notmuchmail.org>; Wed, 28 Apr 2010 03:45:29 -0700 (PDT)
\r
20 Received: by wwb22 with SMTP id 22so14536wwb.26
\r
21 for <notmuch@notmuchmail.org>; Wed, 28 Apr 2010 03:45:28 -0700 (PDT)
\r
22 Received: by 10.216.173.202 with SMTP id v52mr994449wel.200.1272451528412;
\r
23 Wed, 28 Apr 2010 03:45:28 -0700 (PDT)
\r
24 Received: from ut.hh.sledj.net (gmp-ea-fw-1.sun.com [192.18.1.36])
\r
25 by mx.google.com with ESMTPS id x14sm14786052wbs.18.2010.04.28.03.45.26
\r
26 (version=TLSv1/SSLv3 cipher=RC4-MD5);
\r
27 Wed, 28 Apr 2010 03:45:27 -0700 (PDT)
\r
28 Received: by ut.hh.sledj.net (Postfix, from userid 1000)
\r
29 id 95BCA5940B0; Wed, 28 Apr 2010 11:45:44 +0100 (BST)
\r
31 To: notmuch@notmuchmail.org
\r
32 Subject: [PATCH] notmuch: Fix off-by-one errors if a header is >200 characters
\r
34 Date: Wed, 28 Apr 2010 11:45:41 +0100
\r
35 Message-Id: <1272451541-6479-1-git-send-email-dme@dme.org>
\r
36 X-Mailer: git-send-email 1.7.0
\r
37 X-BeenThere: notmuch@notmuchmail.org
\r
38 X-Mailman-Version: 2.1.13
\r
40 List-Id: "Use and development of the notmuch mail system."
\r
41 <notmuch.notmuchmail.org>
\r
42 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
43 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
44 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
45 List-Post: <mailto:notmuch@notmuchmail.org>
\r
46 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
47 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
48 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
49 X-List-Received-Date: Wed, 28 Apr 2010 10:45:30 -0000
\r
51 From: David Edmondson <dme@dme.org>
\r
53 If a single header is more than 200 characters long a set of 'off by
\r
54 one' errors cause memory corruption.
\r
56 When allocating memory with:
\r
58 the last usable byte of the memory is 'a + len - 1' rather than 'a +
\r
61 Fix the same bug when calculating the current offset should the buffer
\r
62 used for collecting the output header need to be reallocated.
\r
65 This is the cause of my segmentation fault (or bus error) during
\r
66 `notmuch reply'. The patch is for the 0.3.1 branch, but I'd expect
\r
67 that it will apply cleanly to master.
\r
69 gmime-filter-headers.c | 6 +++---
\r
70 1 files changed, 3 insertions(+), 3 deletions(-)
\r
72 diff --git a/gmime-filter-headers.c b/gmime-filter-headers.c
\r
73 index 2f3df80..7db3779 100644
\r
74 --- a/gmime-filter-headers.c
\r
75 +++ b/gmime-filter-headers.c
\r
76 @@ -169,7 +169,7 @@ filter_filter (GMimeFilter *filter, char *inbuf, size_t inlen, size_t prespace,
\r
77 headers->lineptr = headers->line = malloc (headers->line_size);
\r
79 lineptr = headers->lineptr;
\r
80 - lineend = headers->line + headers->line_size;
\r
81 + lineend = headers->line + headers->line_size - 1;
\r
82 if (lineptr == NULL)
\r
84 outptr = filter->outbuf;
\r
85 @@ -185,8 +185,8 @@ filter_filter (GMimeFilter *filter, char *inbuf, size_t inlen, size_t prespace,
\r
86 if (lineptr == lineend) {
\r
87 headers->line_size *= 2;
\r
88 headers->line = xrealloc (headers->line, headers->line_size);
\r
89 - lineptr = headers->line + headers->line_size / 2;
\r
90 - lineend = headers->line + headers->line_size;
\r
91 + lineptr = headers->line + (headers->line_size / 2) - 1;
\r
92 + lineend = headers->line + headers->line_size - 1;
\r
95 if (headers->saw_nl && *inptr != ' ' && *inptr != '\t') {
\r