Re: [gmime-devel] Wrong results of g_mime_encoding_outlen

From: Jeffrey Stedfast <fejj novell com>
To: Damian Pietras <daper daper net>
Cc: gmime-devel-list gnome org
Subject: Re: [gmime-devel] Wrong results of g_mime_encoding_outlen
Date: Mon, 17 May 2010 12:33:23 -0400

On 05/17/2010 05:09 AM, Damian Pietras wrote:
> On Fri, May 14, 2010 at 10:26:40AM -0400, Jeffrey Stedfast wrote:
>   
>> On 05/14/2010 05:19 AM, Damian Pietras wrote:
>>     
>>> I've hit a bug in gmime 2.4.15 while composing a message. Gmime is
>>> segfaulting if I use GMIME_CONTENT_ENCODING_QUOTEDPRINTABLE. Valgrind
>>> says it's a buffer overflow while encoding to quoted printable.
>>>
>>> It's right, in a simple test case that encodes mostly binary data
>>> using GMIME_CONTENT_ENCODING_QUOTEDPRINTABLE a buffer overrun occurs in
>>> g_mime_encoding_quoted_encode_step.
>>>
>>> I think the reason is that GMIME_QP_ENCODE_LEN looks like:
>>>
>>> #define GMIME_QP_ENCODE_LEN(x)     ((size_t) ((((x) + 1) * 3) + 1))
>>>
>>> is wrong because g_mime_encoding_quoted_encode_step inserts an EOL
>>> char after every 74th output character which the macro doesn't take
>>> into account. The bug doesn't occur if using base64 encoding.
>>>
>>>   
>>>       
>> try this macro:
>>
>> #define GMIME_QP_ENCODE_LEN(x)     ((size_t) ((((x) / 24) * 73) + 74))
>>     
>
> I couldn't test it on weekend but I've tested it now and it still crashes
> in my case. I took another look at the code and this computation
> doesn't account the worst case: gmime-encodings.c:972 inserts "=\n"
> every 72 chars. I calculated and tested that this works for me:
>
> ((size_t) ((((x) / 12) * 37) + 39))
>
> This adds 2 chars ("=\n") for every input char assuming that every input
> char may need encoding.
>   

The way I arrived at my equation is that if every char needed to be
encoded, every line would consist of 24 input chars transformed into 72
output chars + '\n'. The last line would be incomplete (max of 23 input
chars * 3 = 69 + 1 for \n = 70). I used 74 because that's the max line
length which is more consistent with the other formulas.

I guess that 73 should have been 74, though, since it will end the line
with =\n rather than just \n (I overlooked this, thinking that it only
did that if the line ended with a space). Silly me. Doh... and I already
released 2.4.16, guess I'll need to release a 2.4.17 (or 2.4.16.1).

Okay, thanks for the sanity check!

Jeff

References:
- [gmime-devel] Wrong results of g_mime_encoding_outlen
  - From: Damian Pietras
- Re: [gmime-devel] Wrong results of g_mime_encoding_outlen
  - From: Jeffrey Stedfast
- Re: [gmime-devel] Wrong results of g_mime_encoding_outlen
  - From: Damian Pietras

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]