@@ -649,8 +649,8 @@ static char *cabd_read_string(struct mspack_system *sys,

       return NULL;

   }

-  /* search for a null terminator in the buffer. accept empty strings */

-  for (i = 0, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; }

+  /* search for a null terminator in the buffer. reject empty strings */

+  for (i = 1, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; }

   if (!ok) {

     *error = MSPACK_ERR_DATAFORMAT;

     sys->message(NULL, "Unable to find null terminator for string read in buffer of len %d", len);

@@ -2351,8 +2351,9 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re

 		/*

 		 * Look for uu-encoded main file

 		 */

-		if((encodingLine(mainMessage) != NULL) &&

-		   ((t_line = bounceBegin(mainMessage)) != NULL))

+		if(mainMessage->body_first != NULL &&

+			(encodingLine(mainMessage) != NULL) &&

+			((t_line = bounceBegin(mainMessage)) != NULL))

 			rc = (exportBounceMessage(mctx, t_line) == CL_VIRUS) ? VIRUS : OK;

 		else {

 			bool saveIt;

@@ -2365,7 +2366,7 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re

 				 * bother saving to scan, it's safe

 				 */

 				saveIt = (bool)(encodingLine(mainMessage) != NULL);

-			else if((t_line = encodingLine(mainMessage)) != NULL) {

+			else if(mainMessage->body_last != NULL && (t_line = encodingLine(mainMessage)) != NULL) {

 				/*

 				 * Some bounces include the message

 				 * body without the headers.

@@ -3138,13 +3139,17 @@ rfc2047(const char *in)

 				break;

 		}

 		b = messageToBlob(m, 1);

+                if (b == NULL) {

+                    messageDestroy(m);

+                    break;

+                }

 		len = blobGetDataSize(b);

 		cli_dbgmsg("Decoded as '%*.*s'\n", (int)len, (int)len,

 			(const char *)blobGetData(b));

 		memcpy(pout, blobGetData(b), len);

 		blobDestroy(b);

 		messageDestroy(m);

-		if(pout[len - 1] == '\n')

+		if(len > 0 && pout[len - 1] == '\n')

 			pout += len - 1;

 		else

 			pout += len;

@@ -1075,8 +1075,10 @@ messageMoveText(message *m, text *t, message *old_message)

 			for(u = old_message->body_first; u != t;) {

 				text *next;

-				if(u->t_line)

+				if(u->t_line) {

 					lineUnlink(u->t_line);

+					u->t_line = NULL;

+				}

 				next = u->t_next;

 				free(u);

@@ -1237,7 +1237,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch

     }

     /* record filter order */

-    if ((*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS))

+    if (obj->numfilters < PDF_FILTERLIST_MAX && (*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS))

         obj->filterlist[obj->numfilters++] = act->set_objflag;

     if ((act->nameflags & NAMEFLAG_HEURISTIC) && escapes) {

@@ -1255,7 +1255,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch

     if (act->from_state == *state || act->from_state == STATE_ANY) {

         *state = act->to_state;

-        if (*state == STATE_FILTER && act->set_objflag !=OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {

+        if (*state == STATE_FILTER && act->set_objflag != OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {

             cli_dbgmsg("cli_pdf: duplicate stream filter %s\n", pdfname);

             pdfobj_flag(pdf, obj, BAD_STREAM_FILTERS);

         }

@@ -124,8 +124,10 @@ textDestroy(text *t_head)

 {

 	while(t_head) {

 		text *t_next = t_head->t_next;

-		if(t_head->t_line)

-			(void)lineUnlink(t_head->t_line);

+		if(t_head->t_line) {

+			lineUnlink(t_head->t_line);

+			t_head->t_line = NULL;

+		}

 		free(t_head);

 		t_head = t_next;

 	}

@@ -146,12 +148,14 @@ textCopy(const text *t_head)

 		}

 		if(last == NULL) {

-            cli_errmsg("textCopy: Unable to allocate memory to clone object\n");

+			cli_errmsg("textCopy: Unable to allocate memory to clone object\n");

 			if(first)

 				textDestroy(first);

 			return NULL;

 		}

+		last->t_next = NULL;

+

 		if(t_head->t_line)

 			last->t_line = lineLink(t_head->t_line);

 		else