It will cause mutt_buffer_* to segfault if it needs to grow the space.
Thanks to Steve Losh for discovering the issue. I have done some simple
grepping to find other cases, but some may remain.
void mutt_enter_command (void)
{
BUFFER err, token;
- char buffer[LONG_STRING], errbuf[LONG_STRING];
+ char buffer[LONG_STRING];
int r;
buffer[0] = 0;
if (mutt_get_field (":", buffer, sizeof (buffer), M_COMMAND) != 0 || !buffer[0])
return;
- err.data = errbuf;
- err.dsize = sizeof (errbuf);
+ err.dsize = STRING;
+ err.data = safe_malloc(err.dsize);
memset (&token, 0, sizeof (token));
r = mutt_parse_rc_line (buffer, &token, &err);
FREE (&token.data);
- if (errbuf[0])
+ if (err.data[0])
{
/* since errbuf could potentially contain printf() sequences in it,
we must call mutt_error() in this fashion so that vsprintf()
doesn't expect more arguments that we passed */
if (r == 0)
- mutt_message ("%s", errbuf);
+ mutt_message ("%s", err.data);
else
- mutt_error ("%s", errbuf);
+ mutt_error ("%s", err.data);
}
+
+ FREE (&err.data);
}
void mutt_display_address (ENVELOPE *env)
{
HOOK *tmp = Hooks;
BUFFER err, token;
- char buf[STRING];
current_hook_type = M_FOLDERHOOK;
- err.data = buf;
- err.dsize = sizeof (buf);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
memset (&token, 0, sizeof (token));
for (; tmp; tmp = tmp->next)
{
FREE (&token.data);
mutt_sleep (1); /* pause a moment to let the user see the error */
current_hook_type = 0;
+ FREE (&err.data);
+
return;
}
}
}
}
FREE (&token.data);
+ FREE (&err.data);
current_hook_type = 0;
}
{
BUFFER err, token;
HOOK *hook;
- char buf[STRING];
current_hook_type = type;
- err.data = buf;
- err.dsize = sizeof (buf);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
memset (&token, 0, sizeof (token));
for (hook = Hooks; hook; hook = hook->next)
{
mutt_error ("%s", err.data);
mutt_sleep (1);
current_hook_type = 0;
+ FREE (&err.data);
+
return;
}
}
FREE (&token.data);
+ FREE (&err.data);
+
current_hook_type = 0;
}
HOOK* hook;
BUFFER token;
BUFFER err;
- char buf[STRING];
if (inhook)
return;
- err.data = buf;
- err.dsize = sizeof (buf);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
memset (&token, 0, sizeof (token));
for (hook = Hooks; hook; hook = hook->next)
{
FREE (&token.data);
mutt_error ("%s", err.data);
+ FREE (&err.data);
mutt_sleep (1);
inhook = 0;
}
FREE (&token.data);
+ FREE (&err.data);
}
#endif
{
LIST *p;
- char errbuff[LONG_STRING];
char command[STRING];
BUFFER err, token;
memset (&err, 0, sizeof (err));
memset (&token, 0, sizeof (token));
- err.data = errbuff;
- err.dsize = sizeof (errbuff);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
for (p = queries; p; p = p->next)
{
{
fprintf (stderr, "%s\n", err.data);
FREE (&token.data);
+ FREE (&err.data);
+
return 1;
}
printf ("%s\n", err.data);
}
FREE (&token.data);
+ FREE (&err.data);
+
return 0;
}
{
int i;
- char errbuff[LONG_STRING];
char command[STRING];
BUFFER err, token;
memset (&err, 0, sizeof (err));
memset (&token, 0, sizeof (token));
- err.data = errbuff;
- err.dsize = sizeof (errbuff);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
for (i = 0; MuttVars[i].option; i++)
{
{
fprintf (stderr, "%s\n", err.data);
FREE (&token.data);
+ FREE (&err.data);
+
return 1;
}
printf("%s\n", err.data);
}
FREE (&token.data);
+ FREE (&err.data);
+
return 0;
}
static int mutt_execute_commands (LIST *p)
{
BUFFER err, token;
- char errstr[SHORT_STRING];
memset (&err, 0, sizeof (err));
- err.data = errstr;
- err.dsize = sizeof (errstr);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
memset (&token, 0, sizeof (token));
for (; p; p = p->next)
{
{
fprintf (stderr, _("Error in command line: %s\n"), err.data);
FREE (&token.data);
- return (-1);
+ FREE (&err.data);
+
+ return -1;
}
}
FREE (&token.data);
+ FREE (&err.data);
+
return 0;
}
{
struct passwd *pw;
struct utsname utsname;
- char *p, buffer[STRING], error[STRING];
+ char *p, buffer[STRING];
int i, default_rc = 0, need_pause = 0;
BUFFER err;
memset (&err, 0, sizeof (err));
- err.data = error;
- err.dsize = sizeof (error);
+ err.dsize = STRING;
+ err.data = safe_malloc(err.dsize);
+ err.dptr = err.data;
Groups = hash_create (1031, 0);
ReverseAlias = hash_create (1031, 1);
#if 0
set_option (OPTWEED); /* turn weeding on by default */
#endif
+
+ FREE (&err.data);
}
int mutt_get_hook_type (const char *name)
int mutt_pattern_func (int op, char *prompt)
{
pattern_t *pat;
- char buf[LONG_STRING] = "", *simple, error[STRING];
+ char buf[LONG_STRING] = "", *simple;
BUFFER err;
int i;
progress_t progress;
mutt_check_simple (buf, sizeof (buf), NONULL (SimpleSearch));
memset (&err, 0, sizeof(err));
- err.data = error;
- err.dsize = sizeof (error);
+ err.dsize = STRING;
+ err.data = safe_malloc(err.dsize);
if ((pat = mutt_pattern_comp (buf, M_FULL_MSG, &err)) == NULL)
{
FREE (&simple);
mutt_error ("%s", err.data);
+ FREE (&err.data);
return (-1);
}
}
FREE (&simple);
mutt_pattern_free (&pat);
+ FREE (&err.data);
+
return 0;
}
int i, j;
char buf[STRING];
char temp[LONG_STRING];
- char error[STRING];
int incr;
HEADER *h;
progress_t progress;
strfcpy (LastSearch, buf, sizeof (LastSearch));
mutt_message _("Compiling search pattern...");
mutt_pattern_free (&SearchPattern);
- err.data = error;
- err.dsize = sizeof (error);
+ err.dsize = STRING;
+ err.data = safe_malloc (err.dsize);
if ((SearchPattern = mutt_pattern_comp (temp, M_FULL_MSG, &err)) == NULL)
{
- mutt_error ("%s", error);
+ mutt_error ("%s", err.data);
+ FREE (&err.data);
LastSearch[0] = '\0';
return (-1);
}
projects / mutt / commitdiff