Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2008-07-13 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by add): (In [http://www.china-made-door.com.cn/ 736653ce1896]) merge changeset [http://www.cheap-wrought-iron.cn/ 47d08903b79b:] Use signed arithmetic in mutt_gecos_name to avoid an overflow. Closes #2885. -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-26 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by Jonathan Smith ): (In [736653ce1896]) merge changeset 47d08903b79b: Use signed arithmetic in mutt_gecos_name to avoid an overflow. Closes #2885. -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-08 Thread Mutt
TED], [EMAIL PROTECTED], [EMAIL PROTECTED] > Cc: mutt-dev@mutt.org > Date: Tue, 08 May 2007 21:51:51 -0000 > Subject: Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name > Reply-To: [EMAIL PROTECTED] > X-Spam-Level: > X-URL: http://www.mutt.org/ > X-Bogosity: Ham, tests=bogofi

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-08 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by vinc17): The fix is implementation-defined behavior, and a C implementation may generate a trap when converting an unsigned value into a signed value if the value is not representable in the signed type. I don't think gcc can do this yet,

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Changes (by brendan): * status: assigned => closed * resolution: => fixed Comment: (In [47d08903b79b]) Use signed arithmetic in mutt_gecos_name to avoid an overflow. Closes #2885. -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by brendan): I don't particularly, but I prefer the readability. -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by raylai): Why would you want to call memmove with an out-of-bounds dest, even if the size is 0? Anyway, either fix is fine. -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by brendan): I see. I think this is a little clearer: `MAX((ssize_t)(destlen - idx - pwnl - 1), 0)` -- Ticket URL:

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by Thomas Roessler): {{{ On 2007-05-07 17:03:40 -, Mutt wrote: > printf("%zu\n", (size_t)MAX(destlen - idx - pwnl - 1, 0)); Woah. destlen-idx-pwnl-1 is evaluated as an unsigned, and therefore always >= 0. }}} -- Ticket UR

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by raylai): {{{ $ cat mutt.c #include #include int main(int argc, char *argv[]) { size_t destlen = 256, pwnl = 3; int idx = 254; printf("%zu\n", (size_t)MAX(destlen - idx - pwnl - 1, 0)); return (0)

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-07 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Changes (by brendan): * owner: mutt-dev => brendan * status: new => assigned * milestone: => 1.6 Comment: I don't see the bug here. It looks like MAX(destlen - idx -pwnl - 1, 0) does the same thing your check is supposed to do. -- Ticket U

Re: [Mutt] #2885: Buffer overflows in mutt_gecos_name

2007-05-03 Thread Mutt
#2885: Buffer overflows in mutt_gecos_name Comment (by raylai): Actually this is all that is necessary: {{{ --- muttlib.c.orig Thu May 3 09:41:31 2007 +++ muttlib.c Thu May 3 13:54:16 2007 @@ -536,7 +536,9 @@ char *mutt_gecos_name (char *dest, size_t destlen, str { if (des