summarylogtreecommitdiffstats
path: root/553321-ansi-escape-segfault.patch
diff options
context:
space:
mode:
Diffstat (limited to '553321-ansi-escape-segfault.patch')
-rw-r--r--553321-ansi-escape-segfault.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/553321-ansi-escape-segfault.patch b/553321-ansi-escape-segfault.patch
new file mode 100644
index 000000000000..3e2492baa962
--- /dev/null
+++ b/553321-ansi-escape-segfault.patch
@@ -0,0 +1,29 @@
+From: Antonio Radici <antonio@debian.org>
+Date: Thu, 27 Feb 2014 16:56:37 +0100
+Subject: 553321-ansi-escape-segfault
+
+This patch prevents Mutt from crashing when *buf is freed,
+the root cause is the fact that an adjacent memory segment
+(*fmt) overruns and overwrite prev_size field in the heap.
+
+The bug and the patch were forwarded upstream,
+see http://bugs.mutt.org/3371
+
+Gbp-Pq: Topic upstream
+---
+ pager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pager.c b/pager.c
+index b17afb4..7b61266 100644
+--- a/pager.c
++++ b/pager.c
+@@ -1053,7 +1053,7 @@ fill_buffer (FILE *f, LOFF_T *last_pos, LOFF_T offset, unsigned char **buf,
+ q = *fmt;
+ while (*p)
+ {
+- if (*p == '\010' && (p > *buf))
++ if (*p == '\010' && (p > *buf) && (q > *fmt))
+ {
+ if (*(p+1) == '_') /* underline */
+ p += 2;