#3888: mutt 1.5.23 and 1.7.1 segfault on valid-seeming HTML message
-----------------------+----------------------
Reporter: Lorens | Owner: mutt-dev
Type: defect | Status: new
Priority: critical | Milestone:
Component: display | Version: 1.7.1
Resolution: | Keywords:
-----------------------+----------------------
Comment (by kevin8t8):
It looks like fill_buffer() will seek and read an entire line in. Then
resolve_types() will generate colorizing chunks for the entire line. The
amount rendered into a single display line is determined later.
So if the html were made up of just a few really long lines, then it's
possible for the "color body default default ." to overrun the short int,
since it will generate a synax chunk for every single character.
I'd still like a sample html file to test with, but this explanation makes
sense.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3888#comment:4>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
