# These patches have been accepted upstream and should thus be removed upon
# the next upgrade; details in the bug report.
--- mutt-1.5.21/rfc1524.c.orig	Mon Mar  1 09:56:19 2010
+++ mutt-1.5.21/rfc1524.c	Thu Feb 21 13:05:24 2013
@@ -68,7 +68,7 @@
   if (option (OPTMAILCAPSANITIZE))
     mutt_sanitize_filename (type, 0);
 
-  while (x < clen && command[x] && y < sizeof (buf) - 1)
+  while (x < clen - 1 && command[x] && y < sizeof (buf) - 1)
   {
     if (command[x] == '\\')
     {
--- mutt-1.5.21/sendlib.c.orig	Mon Sep 13 10:19:55 2010
+++ mutt-1.5.21/sendlib.c	Thu Feb 21 13:27:42 2013
@@ -1664,7 +1664,7 @@
     /* find the next word and place it in `buf'. it may start with
      * whitespace we can fold before */
     next = find_word (p);
-    l = MIN(sizeof (buf), next - p);
+    l = MIN(sizeof (buf) - 1, next - p);
     memcpy (buf, p, l);
     buf[l] = 0;
 
--- mutt-1.5.21/smime.c.orig	Mon Sep 13 10:19:55 2010
+++ mutt-1.5.21/smime.c	Fri Feb 22 04:17:00 2013
@@ -357,7 +357,7 @@
   char index_file[_POSIX_PATH_MAX];
   FILE *index;
   char buf[LONG_STRING];
-  char fields[5][STRING];
+  char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
   int numFields, hash_suffix, done, cur; /* The current entry */
   MUTTMENU* menu;
   unsigned int hash;
@@ -470,7 +470,7 @@
   int addr_len, query_len, found = 0, ask = 0, choice = 0;
   char cert_path[_POSIX_PATH_MAX];
   char buf[LONG_STRING], prompt[STRING];
-  char fields[5][STRING];
+  char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */
   char key[STRING];  
   int numFields;
   struct stat info;