[balsa] mailbox: Guard against out-of-bounds access

[Peter Bloomfield <peterb src gnome org>]

commit 7bbfc012d013f7e53245f7dca8e4273790bf3f09
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date:   Fri Mar 6 14:02:23 2020 -0500

    mailbox: Guard against out-of-bounds access
    
    Guard against out-of-bounds access to a GPtrArray
    
    * libbalsa/mailbox.c (mailbox_compare_func),
      (libbalsa_mailbox_msgno_get_status),
      (libbalsa_mailbox_msgno_get_subject),
      (libbalsa_mailbox_get_index_entry): use a new macro
        LBM_GET_INDEX_ENTRY() to safely access priv->mindex.

 ChangeLog          | 10 ++++++++++
 libbalsa/mailbox.c | 18 +++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 9834cb934..2468b65fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2020-03-06  Peter Bloomfield  <pbloomfield bellsouth net>
+
+       mailbox: Guard against out-of-bounds access to a GPtrArray
+
+       * libbalsa/mailbox.c (mailbox_compare_func),
+       (libbalsa_mailbox_msgno_get_status),
+       (libbalsa_mailbox_msgno_get_subject),
+       (libbalsa_mailbox_get_index_entry): use a new macro
+       LBM_GET_INDEX_ENTRY() to safely access priv->mindex.
+
 2020-03-04  Peter Bloomfield  <pbloomfield bellsouth net>
 
        mailbox: Do not cache message info if the mailbox is not being
diff --git a/libbalsa/mailbox.c b/libbalsa/mailbox.c
index dc0b890c9..ac7abe092 100644
--- a/libbalsa/mailbox.c
+++ b/libbalsa/mailbox.c
@@ -168,6 +168,10 @@ struct _LibBalsaMailboxPrivate {
     gboolean messages_threaded : 1;
 };
 
+#define LBM_GET_INDEX_ENTRY(priv, msgno) \
+    ((LibBalsaMailboxIndexEntry *) (((msgno) <= (priv)->mindex->len) ? \
+     g_ptr_array_index((priv)->mindex, (msgno) - 1) : NULL))
+
 G_DEFINE_TYPE_WITH_CODE(LibBalsaMailbox,
                         libbalsa_mailbox,
                         G_TYPE_OBJECT,
@@ -3673,8 +3677,8 @@ mailbox_compare_func(const SortTuple * a,
        LibBalsaMailboxIndexEntry *message_a;
        LibBalsaMailboxIndexEntry *message_b;
 
-       message_a = g_ptr_array_index(priv->mindex, msgno_a - 1);
-       message_b = g_ptr_array_index(priv->mindex, msgno_b - 1);
+       message_a = LBM_GET_INDEX_ENTRY(priv, msgno_a);
+       message_b = LBM_GET_INDEX_ENTRY(priv, msgno_b);
 
        if (!(VALID_ENTRY(message_a) && VALID_ENTRY(message_b)))
            return 0;
@@ -4473,8 +4477,8 @@ LibBalsaMessageStatus
 libbalsa_mailbox_msgno_get_status(LibBalsaMailbox * mailbox, guint msgno)
 {
     LibBalsaMailboxPrivate *priv = libbalsa_mailbox_get_instance_private(mailbox);
-    LibBalsaMailboxIndexEntry *entry =
-        g_ptr_array_index(priv->mindex, msgno - 1);
+    LibBalsaMailboxIndexEntry *entry = LBM_GET_INDEX_ENTRY(priv, msgno);
+
     return VALID_ENTRY(entry) ?
         entry->status_icon : LIBBALSA_MESSAGE_STATUS_ICONS_NUM;
 }
@@ -4483,8 +4487,8 @@ const gchar *
 libbalsa_mailbox_msgno_get_subject(LibBalsaMailbox * mailbox, guint msgno)
 {
     LibBalsaMailboxPrivate *priv = libbalsa_mailbox_get_instance_private(mailbox);
-    LibBalsaMailboxIndexEntry *entry =
-        g_ptr_array_index(priv->mindex, msgno - 1);
+    LibBalsaMailboxIndexEntry *entry = LBM_GET_INDEX_ENTRY(priv, msgno);
+
     return VALID_ENTRY(entry) ? entry->subject : NULL;
 }
 
@@ -4848,7 +4852,7 @@ libbalsa_mailbox_get_index_entry(LibBalsaMailbox * mailbox, guint msgno)
 
     g_return_val_if_fail(LIBBALSA_IS_MAILBOX(mailbox), NULL);
 
-    return (LibBalsaMailboxIndexEntry *) g_ptr_array_index(priv->mindex, msgno - 1);
+    return LBM_GET_INDEX_ENTRY(priv, msgno);
 }
 
 LibBalsaMailboxView *