#3988: signed integer overflow in mbox_parse_mailbox --------------------------+---------------------- Reporter: josephbisch | Owner: mutt-dev Type: defect | Status: new Priority: major | Milestone: Component: mutt | Version: Resolution: | Keywords: --------------------------+----------------------
Comment (by josephbisch): Regarding comment #3, I don't think it is very plausible in practice. There is the check for the content-length being > 0, so the content-length can't be so huge such that it wraps around by itself. So {{{loc}}} has to be large. So the overall filesize of the mbox has to be large. Maybe on 32-bit, but we are still talking about a huge mbox file. Regarding comment #2, a website could purposefully provide a specially crafted mbox file, so it doesn't necessarily mean a bug is not a big problem because the file itself is invalid. Though this bug probably isn't a big problem for the reason I outlined in the first paragraph of this comment. -- Ticket URL: <https://dev.mutt.org/trac/ticket/3988#comment:4> Mutt <http://www.mutt.org/> The Mutt mail user agent