• rswindell's avatar
    Fix long-standing bug in js_ParseMsgHeaderObject which is only (currently) · 121e87b7
    rswindell authored
    used by js_post_msg() (the JS bbs.post_msg() method when used with the
    reply_header object argument) - the private data attached to a message
    header object is of type privatemsg_t, not private_t. This caused the
    dereferences of and assignments to p->smb_result in parse_header_object()
    to corrupt the privatemsg_t->msg memory causing heap corruption (caught
    on Windows debug builds in js_get_msg_header_finalize()) and stack faults
    (caught on Linux-gcc in parse_recipient_object()). This one was hard to
    find. <whew!>
js_msgbase.c 95.4 KB