Bug 345580 - Problem decoding quoted-printable question mark in subject r=biesi
authorAndrew Sutherland <bugmail@asutherland.org>
Thu, 28 Jan 2016 14:25:46 -0500
changeset 305902 d4fe24eab2b74d044332321e23ba55dab8fdc687
parent 305901 5c871eddec4991abdd901a18ea821a1fe2878b9d
child 305903 a8a6133b6eebcc6fb7216ef75d8726eecfc65e29
push id9214
push userraliiev@mozilla.com
push dateMon, 07 Mar 2016 14:25:21 +0000
treeherdermozilla-aurora@8849dd1a4a79 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbiesi
bugs345580
milestone47.0a1
Bug 345580 - Problem decoding quoted-printable question mark in subject r=biesi
netwerk/mime/nsMIMEHeaderParamImpl.cpp
--- a/netwerk/mime/nsMIMEHeaderParamImpl.cpp
+++ b/netwerk/mime/nsMIMEHeaderParamImpl.cpp
@@ -1233,23 +1233,24 @@ nsresult DecodeRFC2047Str(const char *aH
     q++;
     curEncoding = nsCRT::ToUpper(*q);
     if (curEncoding != 'Q' && curEncoding != 'B')
       goto badsyntax;
 
     if (q[1] != '?')
       goto badsyntax;
 
-    r = q;
-    for (r = q + 2; *r != '?'; r++) {
+    // loop-wise, keep going until we hit "?=".  the inner check handles the
+    //  nul terminator should the string terminate before we hit the right
+    //  marker.  (And the r[1] will never reach beyond the end of the string
+    //  because *r != '?' is true if r is the nul character.)
+    for (r = q + 2; *r != '?' || r[1] != '='; r++) {
       if (*r < ' ') goto badsyntax;
     }
-    if (r[1] != '=')
-        goto badsyntax;
-    else if (r == q + 2) {
+    if (r == q + 2) {
         // it's empty, skip
         begin = r + 2;
         isLastEncodedWord = 1;
         continue;
     }
 
     curCharset.Assign(charsetStart, charsetEnd - charsetStart);
     // Override charset if requested.  Never override labeled UTF-8.