Commit 476ea0ac authored by Vincent Lefevre's avatar Vincent Lefevre Committed by Kevin J. McCarthy

Avoid a potential integer overflow if a Content-Length value is huge.

parent 2a857f63
......@@ -317,7 +317,11 @@ int mbox_parse_mailbox (CONTEXT *ctx)
LOFF_T tmploc;
loc = ftello (ctx->fp);
tmploc = loc + curhdr->content->length + 1;
/* The test below avoids a potential integer overflow if the
* content-length is huge (thus necessarily invalid).
*/
tmploc = curhdr->content->length < ctx->size ? loc + curhdr->content->length + 1 : -1;
if (0 < tmploc && tmploc < ctx->size)
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment