# These patches have been accepted upstream and should thus be removed upon
# the next upgrade; details in the bug report.
--- mutt-1.5.21/rfc1524.c.orig Mon Mar 1 09:56:19 2010
+++ mutt-1.5.21/rfc1524.c Thu Feb 21 13:05:24 2013
@@ -68,7 +68,7 @@
if (option (OPTMAILCAPSANITIZE))
mutt_sanitize_filename (type, 0);
- while (x < clen && command[x] && y < sizeof (buf) - 1)
+ while (x < clen - 1 && command[x] && y < sizeof (buf) - 1)
{
if (command[x] == '\\')
{
--- mutt-1.5.21/sendlib.c.orig Mon Sep 13 10:19:55 2010
+++ mutt-1.5.21/sendlib.c Thu Feb 21 13:27:42 2013
@@ -1664,7 +1664,7 @@
/* find the next word and place it in `buf'. it may start with
* whitespace we can fold before */
next = find_word (p);
- l = MIN(sizeof (buf), next - p);
+ l = MIN(sizeof (buf) - 1, next - p);
memcpy (buf, p, l);
buf[l] = 0;
--- mutt-1.5.21/smime.c.orig Mon Sep 13 10:19:55 2010
+++ mutt-1.5.21/smime.c Fri Feb 22 04:17:00 2013
@@ -357,7 +357,7 @@
char index_file[_POSIX_PATH_MAX];
FILE *index;
char buf[LONG_STRING];
- char fields[5][STRING];
+ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
int numFields, hash_suffix, done, cur; /* The current entry */
MUTTMENU* menu;
unsigned int hash;
@@ -470,7 +470,7 @@
int addr_len, query_len, found = 0, ask = 0, choice = 0;
char cert_path[_POSIX_PATH_MAX];
char buf[LONG_STRING], prompt[STRING];
- char fields[5][STRING];
+ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
char key[STRING];
int numFields;
struct stat info;