[PATCH 01/24] lib/message.cc: stale pointer bug

unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed

From: Vladimir.Marek@oracle.com
To: notmuch@notmuchmail.org
Cc: Vladimir Marek <vlmarek@volny.cz>
Subject: [PATCH 01/24] lib/message.cc: stale pointer bug
Date: Wed,  1 May 2013 23:33:41 +0200	[thread overview]
Message-ID: <1367444021-2757-1-git-send-email-Vladimir.Marek@oracle.com> (raw)

From: Vladimir Marek <vlmarek@volny.cz>

Xapian::TermIterator::operator* returns std::string which is destroyed
as soon as (*i).c_str() finishes. The remembered pointer 'term' then
references invalid memory.

Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
---
 lib/message.cc |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/message.cc b/lib/message.cc
index 8720c1b..a890550 100644
--- a/lib/message.cc
+++ b/lib/message.cc
@@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
 			   const char *prefix)
 {
     int prefix_len = strlen (prefix);
-    const char *term = NULL;
+    std::string term;
     char *value;
 
     i.skip_to (prefix);
 
-    if (i != end)
-	term = (*i).c_str ();
+    if (i == end)
+	return NULL;
 
-    if (!term || strncmp (term, prefix, prefix_len))
+    term = *i;
+    if (strncmp (term.c_str(), prefix, prefix_len))
 	return NULL;
 
-    value = talloc_strdup (message, term + prefix_len);
+    value = talloc_strdup (message, term.c_str() + prefix_len);
 
 #if DEBUG_DATABASE_SANITY
     i++;
-- 
1.7.9.2

next             reply	other threads:[~2013-05-01 21:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-01 21:33 Vladimir.Marek [this message]
2013-05-01 21:43 ` [PATCH 01/24] lib/message.cc: stale pointer bug Vladimir Marek
2013-05-02 10:01 ` Tomi Ollila
2013-05-02 13:45   ` Vladimir Marek
2013-05-02 18:03     ` Tomi Ollila
2013-05-02 20:36       ` Jani Nikula

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8720c1b dfblob:a890550 )
 OR (
bs:"[PATCH 01/24] lib/message.cc: stale pointer bug" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1367444021-2757-1-git-send-email-Vladimir.Marek@oracle.com \
    --to=vladimir.marek@oracle.com \
    --cc=notmuch@notmuchmail.org \
    --cc=vlmarek@volny.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).