diff options
-rw-r--r-- | camel/ChangeLog | 7 | ||||
-rw-r--r-- | camel/camel-object.c | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 5a8c3949c7..d75244005b 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,9 @@ +2004-03-11 Jeffrey Stedfast <fejj@ximian.com> + + * camel-object.c (cobject_state_read): Sanity check that count is + <1024 and also use g_try_malloc so that we can recover if malloc + fails. + 2004-03-11 Not Zed <NotZed@Ximian.com> * providers/imap/camel-imap-store.c (no_such_folder): removed @@ -62,6 +68,7 @@ * camel-store.h: time to fix up the camelfolderinfo mess. fix some member names, and add some type fields. Fixed all uses. +>>>>>>> 1.2033 2004-03-04 Not Zed <NotZed@Ximian.com> ** See bug #53355. diff --git a/camel/camel-object.c b/camel/camel-object.c index 2af07e15e2..4875774652 100644 --- a/camel/camel-object.c +++ b/camel/camel-object.c @@ -434,13 +434,15 @@ cobject_state_read(CamelObject *obj, FILE *fp) CamelArgV *argv; if (camel_file_util_decode_uint32(fp, &count) == -1 - || count == 0) { + || count == 0 || count > 1024) { /* maybe it was just version 0 afterall */ return 0; } - + /* we batch up the properties and set them in one go */ - argv = g_malloc(sizeof(*argv) + (count - CAMEL_ARGV_MAX) * sizeof(argv->argv[0])); + if (!(argv = g_try_malloc (sizeof (*argv) + (count - CAMEL_ARGV_MAX) * sizeof (argv->argv[0])))) + return -1; + argv->argc = 0; for (i=0;i<count;i++) { if (camel_file_util_decode_uint32(fp, &argv->argv[argv->argc].tag) == -1) |