Commit bdd40a3d authored by Volker Krause's avatar Volker Krause Committed by Laurent Montel
Browse files

Fix potential out-of-bounds access in unfoldHeaders() for invalid input

The current code failed for input starting with (optionally) spaces and a
line break. This shouldn't actually happen under normal circumstances, but
the Qt6 build somehow manages to feed this into here.

As foldBegin is already checked for being null in the outside loop, the
inner loop condition was basically always true here, so this will read
outside of the input of we start with spaces.
parent befbbea7
Pipeline #184808 passed with stage
in 2 minutes and 37 seconds
......@@ -41,6 +41,9 @@ void UtilTest::testUnfoldHeader()
QCOMPARE(KMime::unfoldHeader("bla \n=09 bla"), QByteArray("bla bla"));
QCOMPARE(KMime::unfoldHeader("bla \n =20 bla"), QByteArray("bla =20 bla"));
QCOMPARE(KMime::unfoldHeader("bla \n =09 bla"), QByteArray("bla =09 bla"));
// malformed input resulting in leading linebreaks
QCOMPARE(KMime::unfoldHeader("\n bla"), QByteArray("bla"));
QCOMPARE(KMime::unfoldHeader("\r\n bla"), QByteArray("bla"));
}
void UtilTest::testExtractHeader()
......
......@@ -183,7 +183,7 @@ QByteArray unfoldHeader(const char *header, size_t headerSize)
while ((foldMid = strchr(pos, '\n')) && foldMid < end) {
foldBegin = foldEnd = foldMid;
// find the first space before the line-break
while (foldBegin) {
while (foldBegin > header) {
if (!QChar::isSpace(*(foldBegin - 1))) {
break;
}
......@@ -207,7 +207,7 @@ QByteArray unfoldHeader(const char *header, size_t headerSize)
}
result.append(pos, foldBegin - pos);
if (foldEnd < end - 1) {
if (foldBegin != pos && foldEnd < end - 1) {
result += ' ';
}
pos = foldEnd;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment