From 2ffa97db92db18a4b76d26512af658138b4e36c7 Mon Sep 17 00:00:00 2001
From: Richard Russon <rich@flatcap.org>
Date: Sun, 24 Sep 2017 23:35:48 +0100
Subject: [PATCH] fix: crash in mutt_substrdup

Fixes #780
---
 lib/string.c | 13 +++++++++++++
 sendlib.c    |  4 ++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/string.c b/lib/string.c
index 84aa6a562..81547c5ba 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -62,6 +62,7 @@
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
+#include "debug.h"
 #include "memory.h"
 #include "string2.h"
 
@@ -338,10 +339,22 @@ char *mutt_substrdup(const char *begin, const char *end)
   size_t len;
   char *p = NULL;
 
+  if (!begin)
+  {
+    mutt_debug(1, "%s: ERROR: 'begin' is NULL\n", __func__);
+    return NULL;
+  }
+
   if (end)
+  {
+    if (begin > end)
+      return NULL;
     len = end - begin;
+  }
   else
+  {
     len = strlen(begin);
+  }
 
   p = safe_malloc(len + 1);
   memcpy(p, begin, len);
diff --git a/sendlib.c b/sendlib.c
index 0dbd33d75..75e4c6c5e 100644
--- a/sendlib.c
+++ b/sendlib.c
@@ -1747,7 +1747,7 @@ static int fold_one_header(FILE *fp, const char *tag, const char *value,
   char buf[HUGE_STRING] = "";
   int first = 1, enc, col = 0, w, l = 0, fold;
 
-  mutt_debug(4, "mwoh: pfx=[%s], tag=[%s], flags=%d value=[%s]\n", pfx, tag, flags, value);
+  mutt_debug(4, "mwoh: pfx=[%s], tag=[%s], flags=%d value=[%s]\n", pfx, tag, flags, NONULL(value));
 
   if (tag && *tag && fprintf(fp, "%s%s: ", NONULL(pfx), tag) < 0)
     return -1;
@@ -1923,7 +1923,7 @@ static int write_one_header(FILE *fp, int pfxw, int max, int wraplen, const char
       valbuf = mutt_substrdup(t, end);
     }
     mutt_debug(4, "mwoh: buf[%s%s] too long, max width = %d > %d\n",
-               NONULL(pfx), valbuf, max, wraplen);
+               NONULL(pfx), NONULL(valbuf), max, wraplen);
     if (fold_one_header(fp, tagbuf, valbuf, pfx, wraplen, flags) < 0)
     {
       FREE(&valbuf);
-- 
2.49.0