lib-mail: Fix assert-crash in mail_html2text_more() with invalid input.

parse_data() continues forward thinking that it might have valid input,
until it has enough data and realizes that there's nothing valid. This
triggers:

Panic: file mail-html2text.c: line 312 (mail_html2text_more): assertion failed: (pos >= buf_orig_size)

diff --git a/src/lib-mail/mail-html2text.c b/src/lib-mail/mail-html2text.c
index f15acf2d05d7c1dde85595f6b214067c728abcb4..ddde6bd6a202ea90a13734728d1902771b52285c 100644 (file)
--- a/src/lib-mail/mail-html2text.c
+++ b/src/lib-mail/mail-html2text.c
@@ -307,18 +307,22 @@ void mail_html2text_more(struct mail_html2text *ht,
                buffer_append(ht->input, data, inc_size);
                pos = parse_data(ht, ht->input->data,
                                 ht->input->used, output);
-               if (pos != 0) {
-                       /* we parsed forward */
-                       i_assert(pos >= buf_orig_size);
-                       data += pos - buf_orig_size;
-                       size -= pos - buf_orig_size;
-                       buffer_set_used_size(ht->input, 0);
-               } else {
+               if (pos == 0) {
                        /* we need to add more data into buffer */
                        data += inc_size;
                        size -= inc_size;
                        if (size == 0)
                                return;
+               } else if (pos >= buf_orig_size) {
+                       /* we parsed forward */
+                       data += pos - buf_orig_size;
+                       size -= pos - buf_orig_size;
+                       buffer_set_used_size(ht->input, 0);
+               } else {
+                       /* invalid input - eat away what we parsed so far
+                          and retry */
+                       buffer_set_used_size(ht->input, buf_orig_size);
+                       buffer_delete(ht->input, 0, pos);
                }
        }
        pos = parse_data(ht, data, size, output);

diff --git a/src/lib-mail/test-mail-html2text.c b/src/lib-mail/test-mail-html2text.c
index 190a0740ec43f0f2273ceb73f5fe44e18df0a41e..953b26e2cb51f9b81eb889e248931d149751f2a3 100644 (file)
--- a/src/lib-mail/test-mail-html2text.c
+++ b/src/lib-mail/test-mail-html2text.c
@@ -10,6 +10,8 @@ static struct {
        const char *input;
        const char *output;
 } tests[] = {
+       { "&&aaaaaaaaaa", "" },
+
        { "a&<♣>b",
          "a&<\xE2\x99\xA3>b" },
        { "&", "" },