#3720: Integer Overflow
-------------------------+----------------------
Reporter: MegaManSec | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: crypto | Version: 1.5.23
Resolution: | Keywords:
-------------------------+----------------------
Comment (by kevin8t8):
Thank you for the bug report. I currently can't see the overflow at line
127. Here's the snippet surrounding it:
{{{
119 else if (192 <= b && b <= 223)
120 {
121 material = (b - 192) * 256;
122 if (fread (&b, 1, 1, fp) < 1)
123 {
124 perror ("fread");
125 goto bail;
126 }
127 material += b + 192;
128 partial = 0;
129 /* material -= 2; */
130 }
}}}
It looks like the value for material is constrained by line 121, so it
should be between 0 and 7936.
If I've misunderstood or missed something (which is quite possible, as I'm
not very familiar with this file), please reply and let us know with more
details.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3720#comment:1>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
