This is just the test case, not a patch as yet. I don't have a 2.4
installation at this time.
Alex
-- cut here and base64 decode this tarball --
H4sIAJJa/mkAA+1WW3PaVhDO8/kVG7/EnlRECGyMUs9U3GUMmIsx8MIcSQdJWLdKh4vy67uSIBDsONM200473hlGo3N2v/32InZd27Nd6sxDFoS+sdJZmGOu8+6niiiKV8UiJE+U06coSUUR8pf5Uql4WSgVr0DMX6K8A/Hn0nhZVhGnIVIJfZ+/prexGHstL6fB/UekEfquDJxF/De2pW7gsJzuu2Tkv3A4XGlLpnMZOlnTQM1fM93noFs0jBgXbN331qCtTDi0E6n6HmceF0ZxwGRwVw63AxryT669ZcZn0PyVZ9AwvjkTUG7mXbbl93g/F8X8GemonbowZmFk+54M+ZxIiCA8VzxxwvHqU+BQ2/u853Zz9jBqCKWzg2ZIvWjBQqHu6b5he6YMGo3YVZGQ2cQSZ5Pbldqarelj35xK2/XUvXX0Zd2nj5eiWg2+GM2GOBuXN0ZLDXobsf09G6Iv1T9tpC87L9qQxKjWDwLN65szt7xuN7v+dKKa03hjpgatrjidDJy7aiXVMZpWPJt0fU3aPrWHlVKt75tqtVKgTScis6Hi64WBZTQfzPtqRaQt9CxZa63ZD9RW1K3aCiorpl4wAgMdqVUrYzN8MhkSSe4QbDmddB2i1upXGXpmdJyzWy9j1R4dQNEwmNmKP42V8v1Q8dq2/tUp2YPsw2nHUekYfDGsOFqr66hNx0VWS7UmltWqvr6Nj5llP7ILkd99672sNseRLj08M3iN+YFZ01gbzWtTK4zF3jFASzx2stSaZXvqjuOObbo7IsFePwNr3sazx0bYO0moWlO/k8/Oi/lEsIqtu2OLfjkcLvoZaPJMmZrZO+qJRtp3GVDiPNHZtxbRHhuBZlvpy3Ry6yX9NZUsS7eV39tuI54VpocWwbYxWuNYsyuuJl37ib7hRNvJOIonw41JMgAlVGv9CMPKd7F/7m1l26kpWNWgjGHevPxZCwL5t/8f/+8yqCu1Tj3Ht68Ov78nP5j/+VLh6/y/lPIlnP/SVUl6m///hLw4wnM6VFYLHI7QW7Nw4fgbfDdhcBjqN39FCBlZdgQ01C17zQA9cRzReADubqFgLrUdcFkUUZMBtygHHtqmiQsAamkZJ3/HidjefgP5ED0LIB33YOCtgTst2c/9SCbC3t3J0itD/Rv3G5tbO5hkDYFka4Hz/C/56yJoMW5HF4Q8KoOu2m3KSAQ8TCPi6WiO1DHQLJoUZp/mxmgItmewLS4cwDyqOcx4T1SOWo4DOl1FDIydLvfRpWfrKYJM4DRE+bogA40iFnLcjmCBzpghw3kU6g5bcPj1BqotZTCsj+YdZTK/r3drSHVeeWjMh+qsjuyTotYYFsFJ06JgenWeYOzpYl6zBOxcJzVbZ9sY6o+y0shH6UmDPVm59oVOQs5WLIElOxcz0hssCsaWGmo0ZPDh44cUgSIVLPu5Yz8xOKOhqcNHKJ5doOM7X6c83Qh3rubcn6/44nrOw/j8AhYrT09zgh3yPGnYhrjZoncEQLB9rFKukMuLcwnwrBEyVhnWII9HwqB+V1eGdSEoo6V/WG0hogvmxDLJ56C+5QlhhEzXZohi9OASKQcPu4pSw00qmhYf24Nl3UEKOehpWEL8HtJif9JDGlmE1HrQ7Y1g4YcbGhrH/RTSDQhAnQ2NI3hiLACbJ4HuPys0cd+/zc03eZM3+aH8Ad5MJggAEgAA
-- cut here --
On May 9, 2026, at 11:28AM, John Stoffel <[email protected]> wrote:
"Alex" == Alex Rosenberg via dovecot <[1][email protected]>
writes:
Looks like attachments are stripped by this Mailman instance. I'll
send it to anybody that wants it; I made it an attachment to try to
avoid crashing the server of everybody on this list. Alex
Just send the patch inline, or maybe put it up somewhere where people
can find it more easily? If you're including a test case (great!
please do!) then I can understand the problem. But maybe there's a
way to encode the test case so it will work inline, but then get
tested properly.
And does this same issue hit under 2.4?
Thanks,
John
On May 8, 2026, at 3:27PM, Alex Rosenberg via dovecot
<[email protected]> wrote:
Attached is an LLM-reduced reproduction of the crash in the title.
My particular setup is dovecot 2.3.21.1 (d492236fa0) in a FreeBSD
jail (13.5). I realize that this is an older release but there is no
FreeBSD port/pkg for dovecot 2.4.x yet.
The message in the attachment is reduced from an old (2017!) email
to one of the LLVM compiler mailing lists. The original malformed
email had this header:
X-Mailer: Evolution 3.22.5 (3.22.5-1.fc25)
The bug occurs when dovecot's FTS indexer processes a MIME part
that:
1. Declares charset="UTF-7"
2. Contains base64-encoded content that, when decoded, has bare '+'
characters
3. Causes UTF-7 decoder buffer overflow in charset-iconv.c:83
The base64 content decodes to C source code with expressions like:
- argc + 4
- state++
- state--
These '+' characters in UTF-7 context cause the decoder's pending
buffer to exceed CHARSET_MAX_PENDING_BUF_SIZE, triggering the
assertion failure.
Alex
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [2][email protected]
To unsubscribe send an email to [3][email protected]
References
Visible links
1. mailto:[email protected]
2. mailto:[email protected]
3. mailto:[email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
