Alex Riesen <raa.lkml@xxxxxxxxx> writes: > Junio, I cannot have time to fix the code nice and proper, but as > heavy user of git-am just have to have it fixed at least a like this. > And this is ugly (and definitely incomplete), everyone be warned. > > Checked with valgrind, looks good (except for iconv_open reading past > one of its arguments): On the top of your patch, I think decode_header_bq() needs to make sure that a string with more than one pieces, each of which decodes well within piecebuf, cannot overflow outbuf[] in the while loop. > @@ -578,56 +588,56 @@ static int decode_header_bq(char *it) > default: > return rfc2047; /* no munging */ > case 'b': > - sz = decode_b_segment(cp + 3, piecebuf, ep); > + sz = decode_b_segment(cp + 3, piecebuf, sizeof(piecebuf), ep); > break; > case 'q': > - sz = decode_q_segment(cp + 3, piecebuf, ep, 1); > + sz = decode_q_segment(cp + 3, piecebuf, sizeof(piecebuf), ep, 1); > break; > } > if (sz < 0) > return rfc2047; > if (metainfo_charset) > - convert_to_utf8(piecebuf, charset_q); > + convert_to_utf8(piecebuf, sizeof(piecebuf), charset_q); > strcpy(out, piecebuf); > out += strlen(out); > in = ep + 2; > } It might also make sense to redo the lower level decoding functions using existing strbuf interface to build string without pre-set bounds. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
