[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] Likely bug found in MH C code

From: d.henman
Subject: [bug-mailutils] Likely bug found in MH C code
Date: Wed, 10 Apr 2013 10:59:45 +0900


I believe there is a logic bug in the mh-format logic.
The function strobj_assign located in the file  ..../mh/mh_format.c 

--- a yanked copy of the function:
strobj_assign (strobj_t *lvalue, strobj_t *rvalue)
  strobj_free (lvalue);
  *lvalue = *rvalue;
  rvalue->size = 0;
  rvalue->ptr = NULL;
--- end of copy

But, since the lvalue points to the same structure in memory as rvalue, the 
following two statements also nullify the values in the lvalue and size will 
always be 0 and ptr = NULL

  rvalue->size = 0;
  rvalue->ptr = NULL;

I applied the following mh-format string to some messages two of which have 
null subject header fields

%4(msg) : %(comp{subject}) : len=%(strlen) : null=%(null) : 

The function 'comp' above should load the string register with the subject's 
string val.
'strlen' should return that value, but it's always producing a 0.

The result is:
  12 : 1 : len=0 : null=0 : str=:Re: method of autosa:
  13 : 1 : len=0 : null=0 : str=::
  15 : 1 : len=0 : null=0 : str=::
  16 : 1 : len=0 : null=0 : str=:failure notice      :

* strlen should not be zero for all messages only two of them and
* null should not be 0 or false for all of them.
* putstr should be printing the subjects contents and it's not

I believe that this is because strobj_assign is zeroing out and the size and 
NULLifying the str ptr in strobj_assign. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]