Fix address out of bounds crash while decoding mails
authorRicardo Mones <ricardo@mones.org>
Mon, 17 Nov 2014 20:28:28 +0000 (21:28 +0100)
committerRicardo Mones <ricardo@mones.org>
Mon, 17 Nov 2014 20:28:28 +0000 (21:28 +0100)
For reference last stack frame:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1e820ca in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt full
No symbol table info available.
    encoded_str=0x7fffffff23e6 "=?UTF-8?B?RGF2aWQgUHLDqXZvdA==?= <david@tilapin.org>", addr_field=1) at unmime.c:135
        decoded_text = 0xffffffffcdd6a0c0 <Address 0xffffffffcdd6a0c0 out of bounds>
        quote_p = 0x0
        len = 5
        p = 0x7fffffff23e6 "=?UTF-8?B?RGF2aWQgUHLDqXZvdA==?= <david@tilapin.org>"
        eword_begin_p = 0x7fffffff23e6 "=?UTF-8?B?RGF2aWQgUHLDqXZvdA==?= <david@tilapin.org>"
        encoding_begin_p = 0x7fffffff23ed "?B?RGF2aWQgUHLDqXZvdA==?= <david@tilapin.org>"
        text_begin_p = 0x7fffffff23ef "?RGF2aWQgUHLDqXZvdA==?= <david@tilapin.org>"
        eword_end_p = 0x7fffffff2404 "?= <david@tilapin.org>"
        charset = "UTF-8", '\000' <repeats 19 times>, "\001\000\000\000\000\000\000"
        encoding = 66 'B'
        conv_str = 0x7fffcdd6a730 "\003"
        outbuf = 0xe45380
        out_str = 0x7fffcdd60e50 "E1Xq7ru-0002EK-Ro@franck.debian.org"
        out_len = 13
        in_quote = 0

src/unmime.c

index 9848977..e9588e3 100644 (file)
@@ -113,7 +113,7 @@ gchar *unmime_header(const gchar *encoded_str, gboolean addr_field)
                if (encoding == 'B') {
                        gchar *tmp;
                        tmp = g_strndup(text_begin_p + 1, eword_end_p - (text_begin_p + 1) + 1);
-                       decoded_text = g_base64_decode_zero(tmp, &out_len);
+                       decoded_text = g_base64_decode(tmp, &out_len);
                        g_free(tmp);
                } else if (encoding == 'Q') {
                        decoded_text = g_malloc