[gmime-devel] Patch to fix segfault when decoding an invalid 8bit header

From: Damian Pietras <daper daper net>
To: gmime-devel-list gnome org
Subject: [gmime-devel] Patch to fix segfault when decoding an invalid 8bit header
Date: Tue, 12 Jan 2010 10:39:12 +0100

When using g_mime_utils_decode_8bit to read an 8bit header gmime 2.4.11
will segfault if there are unknown non-ascii characters because of a bug
in this loop:

		while (inptr < inend) {
                        if (is_ascii (*inptr))
                                *outbuf++ = *inptr++;
                        else
                                *outbuf++ = '?';
                }

So when we encounter a non-ascii char it will become an infinite (until
segfault) loop that advances the outbuf pointer but not inptr. A patch
for this is attached.

-- 
Damian Pietras

http://www.linuxprogrammingblog.com

diff -rup gmime-2.4.11/gmime/gmime-utils.c gmime-2.4.11-8bit-fix/gmime/gmime-utils.c
--- gmime-2.4.11/gmime/gmime-utils.c	2009-10-11 02:24:13.000000000 +0200
+++ gmime-2.4.11-8bit-fix/gmime/gmime-utils.c	2010-01-12 10:26:20.000000000 +0100
@@ -1671,8 +1671,10 @@ g_mime_utils_decode_8bit (const char *te
 		while (inptr < inend) {
 			if (is_ascii (*inptr))
 				*outbuf++ = *inptr++;
-			else
+			else {
 				*outbuf++ = '?';
+				inptr++;
+			}
 		}
 		
 		*outbuf++ = '\0';

Follow-Ups:
- Re: [gmime-devel] Patch to fix segfault when decoding an invalid 8bit header
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]