~kevin8t8/mutt

5761113a2bd4adc58c6ae8e656680fa8a513d709 — Kevin McCarthy a month ago d8e518d
Fix buffer pool buffer truncation with my_hdr and score commands.

The buffer pool is now used for command invocation, but unfortunately
a couple cases of mutt_buffer_init() were hidden in the my_hdr and
score command processors.

This would result in a shortened buffer being returned to the pool and
used later for something like the prompt - which expects LONG_STRING
everywhere.

Fix up the two places to instead copy the string over.  They don't
need to grab a large buffer pool sized hunk of memory.

Also, fix the mutt_buffer_pool_release() to resize upwards in case
future code does this.  I should have done this originally, but was
afraid it would paper over more serious issues.  :-/

Thanks to Armin Wolfermann for reporting the problem.
3 files changed, 4 insertions(+), 8 deletions(-)

M buffer.c
M init.c
M score.c
M buffer.c => buffer.c +1 -1
@@ 269,7 269,7 @@ void mutt_buffer_pool_release (BUFFER **pbuf)
  }

  buf = *pbuf;
  if (buf->dsize > LONG_STRING*2)
  if ((buf->dsize > LONG_STRING*2) || (buf->dsize < LONG_STRING))
  {
    buf->dsize = LONG_STRING;
    safe_realloc (&buf->data, buf->dsize);

M init.c => init.c +2 -5
@@ 1703,9 1703,7 @@ static int parse_my_hdr (BUFFER *buf, BUFFER *s, union pointer_long_t udata, BUF
      if (ascii_strncasecmp (buf->data, tmp->data, keylen) == 0)
      {
	/* replace the old value */
	FREE (&tmp->data);
	tmp->data = buf->data;
	mutt_buffer_init (buf);
	mutt_str_replace (&tmp->data, mutt_b2s (buf));
	return 0;
      }
      if (!tmp->next)


@@ 1719,8 1717,7 @@ static int parse_my_hdr (BUFFER *buf, BUFFER *s, union pointer_long_t udata, BUF
    tmp = mutt_new_list ();
    UserHeader = tmp;
  }
  tmp->data = buf->data;
  mutt_buffer_init (buf);
  tmp->data = safe_strdup (mutt_b2s (buf));
  return 0;
}


M score.c => score.c +1 -2
@@ 76,8 76,7 @@ int mutt_parse_score (BUFFER *buf, BUFFER *s, union pointer_long_t udata, BUFFER
    strfcpy (err->data, _("score: too few arguments"), err->dsize);
    return (-1);
  }
  pattern = buf->data;
  mutt_buffer_init (buf);
  pattern = safe_strdup (mutt_b2s (buf));
  mutt_extract_token (buf, s, 0);
  if (MoreArgs (s))
  {