[evolution-data-server] Bug #520233 - Crash in imap_body_decode at camel-imap-utils.c:979

From: Milan Crha <mcrha src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution-data-server] Bug #520233 - Crash in imap_body_decode at camel-imap-utils.c:979
Date: Thu, 1 Apr 2010 12:27:52 +0000 (UTC)

commit 500e0e9efd733f5e4f0923d657e2d0ed0e1dd5a5
Author: Milan Crha <mcrha redhat com>
Date:   Thu Apr 1 14:27:06 2010 +0200

    Bug #520233 - Crash in imap_body_decode at camel-imap-utils.c:979

 camel/providers/imap/camel-imap-utils.c |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/camel/providers/imap/camel-imap-utils.c b/camel/providers/imap/camel-imap-utils.c
index e4ee339..e9d89ae 100644
--- a/camel/providers/imap/camel-imap-utils.c
+++ b/camel/providers/imap/camel-imap-utils.c
@@ -911,9 +911,9 @@ imap_body_decode (const gchar **in, CamelMessageContentInfo *ci, CamelFolder *fo
 			child->parent = ci;
 			tail->next = child;
 			tail = child;
-		} while (*inptr == '(');
+		} while (inptr && *inptr == '(');
 
-		if (*inptr++ != ' ')
+		if (!inptr || *inptr++ != ' ')
 			return NULL;
 
 		if (g_ascii_strncasecmp (inptr, "nil", 3) != 0) {
@@ -926,7 +926,7 @@ imap_body_decode (const gchar **in, CamelMessageContentInfo *ci, CamelFolder *fo
 		ctype = camel_content_type_new ("multipart", subtype ? subtype : "mixed");
 		g_free (subtype);
 
-		if (*inptr++ != ')') {
+		if (!inptr || *inptr++ != ')') {
 			camel_content_type_unref (ctype);
 			return NULL;
 		}
@@ -975,7 +975,7 @@ imap_body_decode (const gchar **in, CamelMessageContentInfo *ci, CamelFolder *fo
 		if (parse_params (&inptr, ctype) == -1)
 			goto exception;
 
-		if (*inptr++ != ' ')
+		if (!inptr || *inptr++ != ' ')
 			goto exception;
 
 		/* content-id */
@@ -1030,7 +1030,7 @@ imap_body_decode (const gchar **in, CamelMessageContentInfo *ci, CamelFolder *fo
 
 		if (camel_content_type_is (ctype, "message", "rfc822")) {
 			/* body_type_msg */
-			if (*inptr++ != ' ')
+			if (!inptr || *inptr++ != ' ')
 				goto exception;
 
 			/* envelope */
@@ -1070,6 +1070,9 @@ imap_body_decode (const gchar **in, CamelMessageContentInfo *ci, CamelFolder *fo
 		ci->encoding = encoding;
 		ci->size = size;
 		ci->childs = child;
+
+		if (*inptr == ' ' && inptr[1] == '(' && inptr[2] == '\"')
+			inptr++;
 	}
 
 	*in = inptr;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]