Bug#971935: libperl5.30: rfc-ignorant MIME-Header can make decode() crash
eingousef
eingousef+debbugs at rhizogen.es.eu.org
Sat Oct 10 03:02:57 BST 2020
Package: libperl5.30
Version: 5.30.3-4
Severity: normal
Dear Maintainer,
I have tried to follow the recommendations of :
https://github.com/pbrisbin/mail-query/blob/master/README.md
by adding
set query_command= "mail-query '%s' ~/Mail/ | perl -CS -MEncode -ne 'print decode(\"MIME-Header\", $_)'"
to my muttrc.
Unfortunately one e-mail of my mailbox contains an iso-8859-1 header
which is not ASCII-encoded, and it makes the command crash with the
following output :
Malformed UTF-8 character: \xe9\x62\x69 (unexpected non-continuation byte 0x62, immediately after start byte 0xe9; need 3 bytes, got 1) in substitution (s///) at /usr/lib/x86_64-linux-gnu/perl/5.30/Encode/MIME/Header.pm line 90, <> line 24. Malformed UTF-8 character (fatal) at /usr/lib/x86_64-linux-gnu/perl/5.30/Encode/MIME/Header.pm line 90, <> line 24.
messing up the Mutt UI.
I don't know much about perl libraries so I don't know if my report is
relevant or not, maybe it is the expected behavior for decode() to
trust user input.
If it's not, then it should check if the string is a properly
formatted MIME-Header bfore trying to decode it.
If it is, you can ignore this report and I'll just stick with this :
set query_command= "mail-query '%s' ~/Mail/ | grep -v -a '=?' || perl -CS -MEncode -ne 'print decode(\"MIME-Header\", $_)'"
Regards,
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing'), (980, 'stable-updates'), (980, 'stable'), (500, 'oldstable-updates'), (500, 'oldstable'), (90, 'experimental'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.8.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages libperl5.30 depends on:
ii libbz2-1.0 1.0.8-4
ii libc6 2.31-3
ii libcrypt1 1:4.4.17-1
ii libdb5.3 5.3.28+dfsg1-0.6
ii libgdbm-compat4 1.18.1-5.1
ii libgdbm6 1.18.1-5.1
ii perl-modules-5.30 5.30.3-4
ii zlib1g 1:1.2.11.dfsg-2
libperl5.30 recommends no packages.
Versions of packages libperl5.30 suggests:
ii sensible-utils 0.0.12+nmu1
-- no debconf information
More information about the Perl-maintainers
mailing list