From: Tamas Szakaly <sghctoma@gmail.com>
To: notmuch@notmuchmail.org
Subject: BUG: Using pointer that points to a destructed string's content
Date: Fri, 26 Dec 2014 12:37:55 +0100 [thread overview]
Message-ID: <20141226113755.GA64154@pamparam> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear notmuch developers,
The following line is from _notmuch_message_add_directory_terms in
lib/message.cc (line 652 in HEAD):
direntry = (*i).c_str ();
'i' is a Xapian::TermIterator, whose operator* returns a std::string by value.
This means that c_str() is called on a temporary, which is destructed after the
full expression (essentially the particular line in this case), so 'direntry'
will point to a destructed std::string's data.
(See https://gcc.gnu.org/onlinedocs/gcc/Temporaries.html)
One possible modification to correct this issue is using strdup:
direntry = strdup((*i).c_str ());
Note:
Despite the fact that it is wrong, it *generally* works, because delete[]-ing
the underlying character array in the destructor of std::string does not really
touch the memory content, and there is only a minor chance that this memory area
will be allocated again (e.g. from another thread). This caused me some headache
though with 'notmuch new' on FreeBSD 11-CURRENT, where jemalloc is configured so
that freed memory will be filled with 0x5a's.
Best regards,
sghctoma
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUnUiQAAoJEE8tbNCQOSmESAsH/ih+EFx0WJEzImBkNe4I4H+0
Wj9u/ymmpgLwWnV0rg0oxnYoX5T6zT2e1jwTD73H7N4A2Xf2Susjbr6csTP2YyQB
aUbZ5/Ajq+COgpoEXTQUbrIPcIbdl0X05/k9f/OdNqZMHVK6j08hw2oqtpsq6v1+
PiuAa7kKrMda5rzLk08z1/qmJ6D7G2Trl6r5LPfytZhPwrphAJ9bWBofIIJLBQ0R
RdeTmGuzc7FBw1a1JqJWkDL1lI91VTD49Wr/VqYXPbfcWbaHhVYSklDshyEYaK/+
skemzV+aIWJiNHpkALdh3t+070caXlv5hwa826Q4kB0FMmkNlShjFqpXLJToEWo=
=hshP
-----END PGP SIGNATURE-----
next reply other threads:[~2014-12-26 11:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-26 11:37 Tamas Szakaly [this message]
2014-12-26 22:03 ` BUG: Using pointer that points to a destructed string's content David Bremner
2014-12-26 23:06 ` Tamas Szakaly
2014-12-28 10:45 ` [PATCH] lib: another iterator-temporary/stale-pointer bug David Bremner
2015-01-01 14:49 ` Jani Nikula
2015-01-02 16:20 ` [PATCH] lib: convert two "iterator copy strings" into references David Bremner
2015-01-02 17:52 ` Jani Nikula
2015-01-02 20:07 ` Tomi Ollila
2015-01-03 9:03 ` David Bremner
2014-12-27 8:33 ` [PATCH] lib: collapse computation of directory_id into a single expression David Bremner
2015-01-03 13:30 ` BUG: Using pointer that points to a destructed string's content David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141226113755.GA64154@pamparam \
--to=sghctoma@gmail.com \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).