#3988: signed integer overflow in mbox_parse_mailbox
--------------------------+----------------------
Reporter: josephbisch | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version:
Resolution: | Keywords:
--------------------------+----------------------
Comment (by josephbisch):
Regarding comment #3, I don't think it is very plausible in practice.
There is the check for the content-length being > 0, so the content-length
can't be so huge such that it wraps around by itself. So {{{loc}}} has to
be large. So the overall filesize of the mbox has to be large. Maybe on
32-bit, but we are still talking about a huge mbox file.
Regarding comment #2, a website could purposefully provide a specially
crafted mbox file, so it doesn't necessarily mean a bug is not a big
problem because the file itself is invalid. Though this bug probably isn't
a big problem for the reason I outlined in the first paragraph of this
comment.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3988#comment:4>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
