Bug 46197

Summary: Outlook express mail import crashes
Product: [Unmaintained] kmail Reporter: Simon Munton <simon.j.munton>
Component: kmailcvtAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Simon Munton 2002-08-06 21:09:32 UTC 
(*** This bug was imported into bugs.kde.org ***)

Package:           kmailcvt
Version:           KDE 3.0.2 
Severity:          crash
Installed from:    Compiled From Sources
Compiler:          gcc 2.95
OS:                Linux
OS/Compiler notes: Not Specified

When importing a message from Outlook Express 5 that has a line longer than 2048 characters a crash occurs and no further messages/folders are imported.

The problem is in the file liboe.cxx line 153 in the function oe_readmessage() where a 2048 byte buffer is malloc'ed and then used without checking for buffer overflow. When I increased  the buffer size being malloc'ed (to 2MB) the crash did not occur and the import completed successfully.

Rather than just increasing the buffer size it would be better to keep track of how full the buffer is and realloc the buffer when needed.

A similar problem is at line 327 in oe_readbox_oe4() where a 65536 byte buffer is malloc'ed and then used without checking for buffer overflow.


(Submitted via bugs.kde.org)
Comment 1 Laurence Anderson 2003-02-22 11:51:30 UTC 
New Outlook Filter added without these limits