changeset: 6611:b8240918eded
user: Kevin McCarthy <[email protected]>
date: Fri Apr 08 18:38:27 2016 -0700
link: http://dev.mutt.org/hg/mutt/rev/b8240918eded
Fix potential memory leak in rfc2047_encode. (closes #3825)
If convert_string() has nonreversible characters, the allocated output
buffer would be overwritten (and not freed) in rfc2047_encode().
Thanks to Richard Russon for the bug report and initial patch, and to
TAKAHASHI Tamotsu for the analysis and revised fix suggestion.
diffs (21 lines):
diff -r 180a90d05ed4 -r b8240918eded rfc2047.c
--- a/rfc2047.c Fri Apr 08 15:27:17 2016 -0700
+++ b/rfc2047.c Fri Apr 08 18:38:27 2016 -0700
@@ -410,7 +410,7 @@
int ret = 0;
char *buf;
size_t bufpos, buflen;
- char *u, *t0, *t1, *t;
+ char *u = NULL, *t0, *t1, *t;
char *s0, *s1;
size_t ulen, r, n, wlen;
encoder_t encoder;
@@ -423,7 +423,7 @@
{
ret = 1;
icode = 0;
- u = safe_malloc ((ulen = dlen) + 1);
+ safe_realloc (&u, (ulen = dlen) + 1);
memcpy (u, d, dlen);
u[ulen] = 0;
}
