From cff26ac125a5509820ec1a99340e8ba6f1947b2e Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Mon, 15 Apr 2019 10:32:39 +0000
Subject: [PATCH] Fix potential crash in create_netmail(), bug introduced in
 rev 3.108: When responding to AreaFix requests, it's normal for
 create_netmail() to be called with a NULL 'msg' argument value - so don't try
 to dereference it (for the "cols" header field value) if it's NULL. Thanks to
 Mark Lewis for the bug report.

---
 src/sbbs3/sbbsecho.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sbbs3/sbbsecho.c b/src/sbbs3/sbbsecho.c
index 14258676fa..0a9feb5dbe 100644
--- a/src/sbbs3/sbbsecho.c
+++ b/src/sbbs3/sbbsecho.c
@@ -1213,9 +1213,9 @@ int create_netmail(const char *to, const smbmsg_t* msg, const char *subject, con
 	if(hdr.origpoint)
 		fprintf(fp,"\1FMPT %hu\r",hdr.origpoint);
 	fprintf(fp,"\1PID: %s\r", (msg==NULL || msg->ftn_pid==NULL) ? sbbsecho_pid() : msg->ftn_pid);
-	if(msg->columns)
-		fprintf(fp,"\1COLS: %u\r", (unsigned int)msg->columns);
 	if(msg != NULL) {
+		if(msg->columns)
+			fprintf(fp,"\1COLS: %u\r", (unsigned int)msg->columns);
 		/* Unknown kludge lines are added here */
 		for(int i=0; i<msg->total_hfields; i++)
 			if(msg->hfield[i].type == FIDOCTRL)
-- 
GitLab