diff -urp mutt-1.4.2.1.orig/handler.c mutt-1.4.2.1/handler.c
--- mutt-1.4.2.1.orig/handler.c	Tue Mar 26 09:49:51 2002
+++ mutt-1.4.2.1/handler.c	Wed Aug 24 22:30:20 2005
@@ -23,6 +23,8 @@
 #include <sys/wait.h>
 #include <sys/stat.h>
 
+#include <assert.h>
+
 #include "mutt.h"
 #include "mutt_curses.h"
 #include "rfc1524.h"
@@ -113,6 +115,16 @@ static void convert_to_state(iconv_t cd,
   }
   memmove (bufi, ib, ibl);
   *l = ibl;
+  /*
+   * Make sure we succeeded in doing what we were supposed to.  If not, it's
+   * probably a Mutt bug and reasonable error recovery might not be possible,
+   * hence the assertion.  In non-debugging builds, just abort() to ensure
+   * our caller won't overflow bufi[] because of our fault.
+   *
+   * Yes, this is dirty.
+   */
+  assert(ibl < BUFI_SIZE / 2 && ibl < STRING / 2);
+  if (ibl >= BUFI_SIZE / 2 || ibl >= STRING / 2) abort();
 }
 
 void mutt_decode_xbit (STATE *s, long len, int istext, iconv_t cd)