Through the rest of the file, the data member of struct msg_data is kept NUL-terminated, and that fact is relied upon in a couple of places. Change lf_to_crlf() to preserve this invariant. In fact, there are no execution paths in which lf_to_crlf() is called and then its data member is required to be NUL-terminated, but it is better to be consistent to prevent future confusion. Document the invariant in the struct msg_data definition. Signed-off-by: Michael Haggerty <mhagger@xxxxxxxxxxxx> --- imap-send.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/imap-send.c b/imap-send.c index d42e471..c818b0c 100644 --- a/imap-send.c +++ b/imap-send.c @@ -69,8 +69,12 @@ struct store { }; struct msg_data { + /* NUL-terminated data: */ char *data; + + /* length of data (not including NUL): */ int len; + unsigned char flags; }; @@ -1276,7 +1280,7 @@ static void lf_to_crlf(struct msg_data *msg) lfnum++; } - new = xmalloc(msg->len + lfnum); + new = xmalloc(msg->len + lfnum + 1); if (msg->data[0] == '\n') { new[0] = '\r'; new[1] = '\n'; @@ -1297,6 +1301,7 @@ static void lf_to_crlf(struct msg_data *msg) /* otherwise it already had CR before */ new[j++] = '\n'; } + new[j] = '\0'; msg->len += lfnum; free(msg->data); msg->data = new; -- 1.8.0 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html