From 32046a6d2e338a94b6a59183fe3431ff27daf81a Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Thu, 4 Sep 2008 05:49:39 +0000
Subject: [PATCH] Monotone-Parent: b4864301d33bcd83b867c526d61b7fbf700afd5a
 Monotone-Revision: 485f88abf48cd4cfca19756b2d50e4d01f48ed95

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2008-09-04T05:49:39
Monotone-Branch: ca.inverse.sogo
---
 ChangeLog                                  |  5 +++
 UI/MailPartViewers/UIxMailPartTextViewer.m | 50 +++++++++++-----------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7258ed874..2292cf557 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-09-04  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* UI/MailPartViewers/UIxMailPartTextViewer.m (convertChars):
+	fixed a buffer overflow. Incremented the buffer size to 8192.
+
 2008-09-02  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
 	* SoObjects/Mailer/SOGoMailManager.m ([NGImap
diff --git a/UI/MailPartViewers/UIxMailPartTextViewer.m b/UI/MailPartViewers/UIxMailPartTextViewer.m
index c8d203479..99df539f4 100644
--- a/UI/MailPartViewers/UIxMailPartTextViewer.m
+++ b/UI/MailPartViewers/UIxMailPartTextViewer.m
@@ -44,51 +44,51 @@
 
 @implementation NSString (SOGoMailUIExtension)
 
+#define paddingBuffer 8192
+
 static inline char *
 convertChars (const char *oldString, unsigned int oldLength,
 	      unsigned int *newLength)
 {
   const char *currentChar, *upperLimit;
   char *newString, *destChar, *reallocated;
-  unsigned int length, maxLength, iteration;
-
-  maxLength = oldLength + 500;
-  newString = malloc (maxLength);
+  unsigned int length, maxLength;
+ 
+  maxLength = oldLength + paddingBuffer;
+  newString = malloc (maxLength + 1);
   destChar = newString;
   currentChar = oldString;
 
   length = 0;
-  iteration = 0;
 
   upperLimit = oldString + oldLength;
   while (currentChar < upperLimit)
     {
-      if (*currentChar != '\r')
+      switch (*currentChar)
 	{
-	  if (*currentChar == '\n')
+	case '\r': break;
+	case '\n':
+	  length = destChar - newString;
+	  if (length + paddingBuffer > maxLength - 6)
 	    {
-	      length = destChar - newString;
-	      if ((length + (6 * iteration) + 500) > maxLength)
+	      maxLength += paddingBuffer;
+	      reallocated = realloc (newString, maxLength + 1);
+	      if (reallocated)
 		{
-		  maxLength = length + (iteration * 6) + 500;
-		  reallocated = realloc (newString, maxLength);
-		  if (reallocated)
-		    newString = reallocated;
-		  else
-		    [NSException raise: NSMallocException
-				 format: @"reallocation failed in %s",
-				 __PRETTY_FUNCTION__];
+		  newString = reallocated;
 		  destChar = newString + length;
 		}
-	      strcpy (destChar, "<br />");
-	      destChar += 6;
-	      iteration++;
-	    }
-	  else
-	    {
-	      *destChar = *currentChar;
-	      destChar++;
+	      else
+		[NSException raise: NSMallocException
+			     format: @"reallocation failed in %s",
+			     __PRETTY_FUNCTION__];
 	    }
+	  strcpy (destChar, "<br />");
+	  destChar += 6;
+	  break;
+	default:
+	  *destChar = *currentChar;
+	  destChar++;
 	}
       currentChar++;
     }