The menu type is used in several places as a direct index into
Keymaps[], so passing in -1 to mutt_new_menu() was leading to illegal
memory accesses later on.
Add a range check in mutt_new_menu(), defaulting to MENU_GENERIC, to
prevent this problem in the future.
{
MUTTMENU *p = (MUTTMENU *) safe_calloc (1, sizeof (MUTTMENU));
+ if ((menu < 0) || (menu >= MENU_MAX))
+ menu = MENU_GENERIC;
+
p->menu = menu;
p->current = 0;
p->top = 0;
char helpstr[LONG_STRING];
char buf[STRING];
char title[STRING];
- MUTTMENU *menu = mutt_new_menu (-1);
+ MUTTMENU *menu = mutt_new_menu (MENU_GENERIC);
int done, row, i;
FILE *fp;
char *name = NULL, *c;
return 0;
}
- menu = mutt_new_menu (-1);
+ menu = mutt_new_menu (MENU_GENERIC);
menu->max = 25;
menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
for (i = 0; i < menu->max; i++)
projects / mutt / commitdiff