mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-12-22 09:24:54 +01:00
notmuch: Fix off-by-one errors if a header is >200 characters long.
If a single header is more than 200 characters long a set of 'off by one' errors cause memory corruption. When allocating memory with: a = malloc (len); the last usable byte of the memory is 'a + len - 1' rather than 'a + len'. Fix the same bug when calculating the current offset should the buffer used for collecting the output header need to be reallocated.
This commit is contained in:
parent
1d528f890a
commit
1671eaecdb
1 changed files with 3 additions and 3 deletions
|
@ -169,7 +169,7 @@ filter_filter (GMimeFilter *filter, char *inbuf, size_t inlen, size_t prespace,
|
|||
headers->lineptr = headers->line = malloc (headers->line_size);
|
||||
}
|
||||
lineptr = headers->lineptr;
|
||||
lineend = headers->line + headers->line_size;
|
||||
lineend = headers->line + headers->line_size - 1;
|
||||
if (lineptr == NULL)
|
||||
return;
|
||||
outptr = filter->outbuf;
|
||||
|
@ -185,8 +185,8 @@ filter_filter (GMimeFilter *filter, char *inbuf, size_t inlen, size_t prespace,
|
|||
if (lineptr == lineend) {
|
||||
headers->line_size *= 2;
|
||||
headers->line = xrealloc (headers->line, headers->line_size);
|
||||
lineptr = headers->line + headers->line_size / 2;
|
||||
lineend = headers->line + headers->line_size;
|
||||
lineptr = headers->line + (headers->line_size / 2) - 1;
|
||||
lineend = headers->line + headers->line_size - 1;
|
||||
}
|
||||
|
||||
if (headers->saw_nl && *inptr != ' ' && *inptr != '\t') {
|
||||
|
|
Loading…
Reference in a new issue