Hello,
expanding $reply_address on a mail with empty Reply-To and no From
segfaults. Here is a patch to fix that. According to the documentation,
setting *newsize back to 0 should be ok. Philip, please have a look if
this is really ok or if newsize should be saved and restored.
After finding out that Reply-To is empty, s is "" and newsize is 2.
Now find_header returns NULL, because From is not set, but newsize is
still 2, although a pointer to the statically allocated "" is returned.
Michael
----------------------------------------------------------------------
--- src/expand.c.orig 2005-07-29 10:45:22.000000000 +0200
+++ src/expand.c 2005-07-29 10:52:01.000000000 +0200
@@ -1425,8 +1425,9 @@
case vtype_reply: /* Get reply address */
s = find_header(US"reply-to:", exists_only, newsize, FALSE,
headers_charset);
- if (s == NULL || *s == 0)
- s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
+ if (s != NULL && *s != 0) return s;
+ *newsize=0;
+ s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
return (s == NULL)? US"" : s;
/* A recipients list is available only during system message filtering,
