[gmime/gmime-2-4] Fixed g_malloc abort() caused by malformed encoded-word token

[Jeffrey Stedfast <fejj src gnome org>]

commit befd34e6b0a5fba18499087d0cd5351e237919c8
Author: Jeffrey Stedfast <fejj gnome org>
Date:   Sun Aug 5 13:35:41 2012 -0400

    Fixed g_malloc abort() caused by malformed encoded-word token
    
    2012-08-05  Jeffrey Stedfast  <jeff xamarin com>
    
    	* gmime/gmime-utils.c (rfc2047_token_new_encoded_word): Make sure
    	to properly handle broken encoded-word tokens in the form:
    	=?charset?q?=.
    
    	Fixes the g_malloc abort() in bug #679388

 ChangeLog           |    8 ++++++++
 gmime/gmime-utils.c |    4 ++++
 2 files changed, 12 insertions(+), 0 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index d674d2c..e0e7c00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-08-05  Jeffrey Stedfast  <jeff xamarin com>
+
+	* gmime/gmime-utils.c (rfc2047_token_new_encoded_word): Make sure
+	to properly handle broken encoded-word tokens in the form:
+	=?charset?q?=.
+
+	Fixes the g_malloc abort() in bug #679388
+
 2012-06-13  Jeffrey Stedfast  <fejj gnome org>
 
 	* gmime/gmime-utils.c (rfc2047_encode_get_rfc822_words): Use
diff --git a/gmime/gmime-utils.c b/gmime/gmime-utils.c
index 4563a80..8ea544e 100644
--- a/gmime/gmime-utils.c
+++ b/gmime/gmime-utils.c
@@ -1907,6 +1907,10 @@ rfc2047_token_new_encoded_word (const char *word, size_t len)
 	/* find the end of the payload */
 	inptr = word + len - 2;
 	
+	/* make sure that we don't have something like: =?iso-8859-1?Q?= */
+	if (payload > inptr)
+		return NULL;
+	
 	token = rfc2047_token_new (payload, inptr - payload);
 	token->charset = g_mime_charset_iconv_name (charset);
 	token->encoding = encoding;