From dbdcdc465e8f0e1509d6c7516daab249baa5a8a4 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 10 Feb 2015 18:29:24 +0100
Subject: [PATCH] Fix buffer underread for empty header values. (closes #3736)

When a header has no value (*p == '\0' so l == 0), do not read outside
the buffer but print the newline anyway when a tag is already printed
(col != 0).

Caught by ASAN while opening a draft with no Subject.
---
 sendlib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sendlib.c b/sendlib.c
index f364f9f1e..9a3242ba0 100644
--- a/sendlib.c
+++ b/sendlib.c
@@ -1728,7 +1728,7 @@ static int fold_one_header (FILE *fp, const char *tag, const char *value,
 
   /* if we have printed something but didn't \n-terminate it, do it
    * except the last word we printed ended in \n already */
-  if (col && buf[l - 1] != '\n')
+  if (col && (l == 0 || buf[l - 1] != '\n'))
     if (putc ('\n', fp) == EOF)
       return -1;
 
-- 
2.40.0