On Tue, 12 Nov 2013, Peter Zijlstra <peterz@infradead.org> wrote: > On Tue, Nov 12, 2013 at 02:31:25PM -0500, Austin Clements wrote: >> > + /* Strip the maildir "cur", "new" directory entries. */ >> > + i = strlen(maildir); >> > + if (strncmp(maildir + i - 3, "cur", 3) == 0 || >> > + strncmp(maildir + i - 3, "new", 3) == 0) { >> >> This is unsafe if directory is less than three characters, which I >> believe could happen if the message is in the root mail directory (which >> shouldn't happen with a well-formed maildir, but notmuch doesn't require >> maildir, and, regardless, we should be defensive). >> >> Also, we have a STRNCMP_LITERAL macro that we often use for comparisons >> with string literals, but I'm good with this, too. > > Quite so, I haven't actually seen that, but you're quite right. FWIW, in this particular case you can just strcmp because you are looking at the end of maildir. BR, Jani.