From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 15 Jan 2004 00:35:04 +0000 (+0000)
Subject: Fixed bug #26909 (crash in imap_mime_header_decode() when no encoding is
X-Git-Tag: php_ibase_before_split~205
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=827a79ad8d53ce8566f7e8744512decad67c79da;p=php

Fixed bug #26909 (crash in imap_mime_header_decode() when no encoding is
used).
---

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index fd0ddbce2e..97d54f8546 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -3607,8 +3607,12 @@ PHP_FUNCTION(imap_mime_header_decode)
 					add_property_string(myobject, "charset", charset, 1);
 					add_property_string(myobject, "text", decode, 1);
 					zend_hash_next_index_insert(Z_ARRVAL_P(return_value), (void *)&myobject, sizeof(zval *), NULL);
-					fs_give((void**)&decode);
-						
+
+					/* only free decode if it was allocated by rfc822_qprint or rfc822_base64 */
+					if (decode != text) {
+						fs_give((void**)&decode);
+					}
+
 					offset = end_token+2;
 					for (i = 0; (string[offset + i] == ' ') || (string[offset + i] == 0x0a) || (string[offset + i] == 0x0d); i++);
 					if ((string[offset + i] == '=') && (string[offset + i + 1] == '?') && (offset + i < end)) {