Fix out-of-bounds error when incorporating email from stdin

[mmh] / sbr / folder_realloc.c

diff --git a/sbr/folder_realloc.c b/sbr/folder_realloc.c
index 2418abd..64a6640 100644 (file)
--- a/sbr/folder_realloc.c
+++ b/sbr/folder_realloc.c
@@ -6,6 +6,7 @@
 ** complete copyright information.
 */
 
+#include <sysexits.h>
 #include <h/mh.h>
 #include <h/utils.h>
 
@@ -18,21 +19,21 @@
 */
 
 struct msgs *
-folder_realloc (struct msgs *mp, int lo, int hi)
+folder_realloc(struct msgs *mp, int lo, int hi)
 {
        int msgnum;
 
        /* sanity checks */
        if (lo < 1)
-               adios (NULL, "BUG: called folder_realloc with lo (%d) < 1", lo);
+               adios(EX_SOFTWARE, NULL, "BUG: called folder_realloc with lo (%d) < 1", lo);
        if (hi < 1)
-               adios (NULL, "BUG: called folder_realloc with hi (%d) < 1", hi);
+               adios(EX_SOFTWARE, NULL, "BUG: called folder_realloc with hi (%d) < 1", hi);
        if (mp->nummsg > 0 && lo > mp->lowmsg)
-               adios (NULL, "BUG: called folder_realloc with lo (%d) > mp->lowmsg (%d)",
-                          lo, mp->lowmsg);
+               adios(EX_SOFTWARE, NULL, "BUG: called folder_realloc with lo (%d) > mp->lowmsg (%d)",
+                               lo, mp->lowmsg);
        if (mp->nummsg > 0 && hi < mp->hghmsg)
-               adios (NULL, "BUG: called folder_realloc with hi (%d) < mp->hghmsg (%d)",
-                          hi, mp->hghmsg);
+               adios(EX_SOFTWARE, NULL, "BUG: called folder_realloc with hi (%d) < mp->hghmsg (%d)",
+                               hi, mp->hghmsg);
 
        /* Check if we really need to reallocate anything */
        if (lo == mp->lowoff && hi == mp->hghoff)
@@ -44,7 +45,7 @@ folder_realloc (struct msgs *mp, int lo, int hi)
                ** status array.  So we don't have to move anything and can
                ** just realloc the message status array.
                */
-               mp->msgstats = mh_xrealloc (mp->msgstats, MSGSTATSIZE(mp, lo, hi));
+               mp->msgstats = mh_xrealloc(mp->msgstats, MSGSTATSIZE(mp, lo, hi));
        } else {
                /*
                ** We are changing the offset of the message status
@@ -53,14 +54,15 @@ folder_realloc (struct msgs *mp, int lo, int hi)
                seqset_t *tmpstats;
 
                /* first allocate the new message status space */
-               tmpstats = mh_xmalloc (MSGSTATSIZE(mp, lo, hi));
+               tmpstats = mh_xcalloc(MSGSTATSIZE(mp, lo, hi), 1);
 
                /* then copy messages status array with shift */
                if (mp->nummsg > 0) {
-                       for (msgnum = mp->lowmsg; msgnum <= mp->hghmsg; msgnum++)
+                       for (msgnum=mp->lowmsg; msgnum<=mp->hghmsg; msgnum++) {
                                tmpstats[msgnum - lo] = mp->msgstats[msgnum - mp->lowoff];
+                       }
                }
-               free(mp->msgstats);
+               mh_free0(&(mp->msgstats));
                mp->msgstats = tmpstats;
        }
 
@@ -73,13 +75,13 @@ folder_realloc (struct msgs *mp, int lo, int hi)
        */
        if (mp->nummsg > 0) {
                for (msgnum = mp->lowoff; msgnum < mp->lowmsg; msgnum++)
-                       clear_msg_flags (mp, msgnum);
+                       clear_msg_flags(mp, msgnum);
                for (msgnum = mp->hghmsg + 1; msgnum <= mp->hghoff; msgnum++)
-                       clear_msg_flags (mp, msgnum);
+                       clear_msg_flags(mp, msgnum);
        } else {
                /* no messages, so clear entire range */
                for (msgnum = mp->lowoff; msgnum <= mp->hghoff; msgnum++)
-                       clear_msg_flags (mp, msgnum);
+                       clear_msg_flags(mp, msgnum);
        }
 
        return mp;