From e7fbb18265714403ee686c86e8e487ed21765829 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Fri, 8 Apr 2016 18:38:27 -0700
Subject: [PATCH] Fix potential memory leak in rfc2047_encode.  (closes #3825)

If convert_string() has nonreversible characters, the allocated output
buffer would be overwritten (and not freed) in rfc2047_encode().

Thanks to Richard Russon for the bug report and initial patch, and to
TAKAHASHI Tamotsu for the analysis and revised fix suggestion.
---
 rfc2047.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rfc2047.c b/rfc2047.c
index 663b55b8..aa024227 100644
--- a/rfc2047.c
+++ b/rfc2047.c
@@ -410,7 +410,7 @@ static int rfc2047_encode (ICONV_CONST char *d, size_t dlen, int col,
   int ret = 0;
   char *buf;
   size_t bufpos, buflen;
-  char *u, *t0, *t1, *t;
+  char *u = NULL, *t0, *t1, *t;
   char *s0, *s1;
   size_t ulen, r, n, wlen;
   encoder_t encoder;
@@ -423,7 +423,7 @@ static int rfc2047_encode (ICONV_CONST char *d, size_t dlen, int col,
   {
     ret = 1; 
     icode = 0;
-    u = safe_malloc ((ulen = dlen) + 1);
+    safe_realloc (&u, (ulen = dlen) + 1);
     memcpy (u, d, dlen);
     u[ulen] = 0;
   }
-- 
2.40.0