Looks like attachments are stripped by this Mailman instance. I’ll send it to anybody that wants it; I made it an attachment to try to avoid crashing the server of everybody on this list.

Alex

On May 8, 2026, at 3:27 PM, Alex Rosenberg via dovecot <dovecot@dovecot.org> wrote:

Attached is an LLM-reduced reproduction of the crash in the title. My particular setup is dovecot 2.3.21.1 (d492236fa0) in a FreeBSD jail (13.5). I realize that this is an older release but there is no FreeBSD port/pkg for dovecot 2.4.x yet.

The message in the attachment is reduced from an old (2017!) email to one of the LLVM compiler mailing lists. The original malformed email had this header: X-Mailer: Evolution 3.22.5 (3.22.5-1.fc25)

The bug occurs when dovecot's FTS indexer processes a MIME part that:

1. Declares charset="UTF-7"
2. Contains base64-encoded content that, when decoded, has bare '+' characters
3. Causes UTF-7 decoder buffer overflow in charset-iconv.c:83

The base64 content decodes to C source code with expressions like:

• argc + 4
• state++
• state--

These '+' characters in UTF-7 context cause the decoder's pending buffer to exceed CHARSET_MAX_PENDING_BUF_SIZE, triggering the assertion failure.

Alex

---

dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org