On Tue, 21 Mar 2017 20:26:15 -0400, David Levine said:
Valdis wrote:
It appears to be in the same class of faults as another bug I
reported a while back with handling of null bytes in mhfixmsg -
the failure symptoms appear to be dependent on the amount of
input.
Just to note: that problem was due to use of strlen(3) in the MIME
parser, which of course didn't do what we want with null bytes. At
least I think it was, it looks like we never confirmed that it fixed
your particular problem. I had recently run into what looked like
the same behavior and it fixed it for me.
I meant that the exact failure mode depends on how much data follows
the null byte or split multi-byte character, because after that it's
off to the races looking for the *next* plausible stopping point (and
where things finally end is often *not* at the next null char or whatever).
Ralph wasn't able to replicate it with a 7-byte string, when I feed it
the entire problematic mail it spews about 400 extra bytes, if I give it
the headers and just the first line of the body it doesn't go anywhere near
as far, etc...
pgpIk2pZhTnEH.pgp
Description: PGP signature
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers