On Tue, 12 Nov 2013, Peter Zijlstra <peterz at infradead.org> wrote:
> On Tue, Nov 12, 2013 at 02:31:25PM -0500, Austin Clements wrote:
>> > + /* Strip the maildir "cur", "new" directory entries. */
>> > + i = strlen(maildir);
>> > + if (strncmp(maildir + i - 3, "cur", 3) == 0 ||
>> > + strncmp(maildir + i - 3, "new", 3) == 0) {
>>
>> This is unsafe if directory is less than three characters, which I
>> believe could happen if the message is in the root mail directory (which
>> shouldn't happen with a well-formed maildir, but notmuch doesn't require
>> maildir, and, regardless, we should be defensive).
>>
>> Also, we have a STRNCMP_LITERAL macro that we often use for comparisons
>> with string literals, but I'm good with this, too.
>
> Quite so, I haven't actually seen that, but you're quite right.
FWIW, in this particular case you can just strcmp because you are
looking at the end of maildir.
BR,
Jani.
