#3988: signed integer overflow in mbox_parse_mailbox
  Reporter:  josephbisch  |      Owner:  mutt-dev
      Type:  defect       |     Status:  new
  Priority:  major        |  Milestone:
 Component:  mutt         |    Version:
Resolution:               |   Keywords:

Comment (by josephbisch):

 Regarding comment #3, I don't think it is very plausible in practice.
 There is the check for the content-length being > 0, so the content-length
 can't be so huge such that it wraps around by itself. So {{{loc}}} has to
 be large. So the overall filesize of the mbox has to be large. Maybe on
 32-bit, but we are still talking about a huge mbox file.

 Regarding comment #2, a website could purposefully provide a specially
 crafted mbox file, so it doesn't necessarily mean a bug is not a big
 problem because the file itself is invalid. Though this bug probably isn't
 a big problem for the reason I outlined in the first paragraph of this

Ticket URL: <https://dev.mutt.org/trac/ticket/3988#comment:4>
Mutt <http://www.mutt.org/>
The Mutt mail user agent

Reply via email to