From 83b1300b96e753206f9226e3738a7ad9f5428a75 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 5 Jan 2018 09:51:00 +0200
Subject: [PATCH] lib-mail: mail-html2text - Validate UCS4 codepoint

Fixes: Panic: file unichar.c: line 160 (uni_ucs4_to_utf8_c): assertion failed: (uni_is_valid_ucs4(chr))
---
 src/lib-mail/mail-html2text.c      | 3 ++-
 src/lib-mail/test-mail-html2text.c | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib-mail/mail-html2text.c b/src/lib-mail/mail-html2text.c
index 856ec0b8c1..80f25393a1 100644
--- a/src/lib-mail/mail-html2text.c
+++ b/src/lib-mail/mail-html2text.c
@@ -133,7 +133,8 @@ static bool html_entity_get_unichar(const char *name, unichar_t *chr_r)
 	if (name[0] == '#' &&
 	    ((name[1] == 'x' &&
 	      str_to_uint32_hex(name+2, &chr) == 0) ||
-	     str_to_uint32(name+1, &chr) == 0)) {
+	     str_to_uint32(name+1, &chr) == 0) &&
+	     uni_is_valid_ucs4(chr)) {
 		*chr_r = chr;
 		return TRUE;
 	}
diff --git a/src/lib-mail/test-mail-html2text.c b/src/lib-mail/test-mail-html2text.c
index f4bb165bbb..cbb0a6630f 100644
--- a/src/lib-mail/test-mail-html2text.c
+++ b/src/lib-mail/test-mail-html2text.c
@@ -41,6 +41,7 @@ static const struct {
 	{ "a&#228;", "a\xC3\xA4" },
 	{ "a&#xe4;", "a\xC3\xA4" },
 	{ "&#8364;", "\xE2\x82\xAC" },
+	{ "&#deee;", "" }, // invalid codepoint
 };
 
 static const char *test_blockquote_input =
-- 
2.47.3