From: David Bremner <david@tethera.net>
To: notmuch@notmuchmail.org
Cc: David Bremner <david@tethera.net>
Subject: [PATCH 2/6] lib/open: fix potential double-free, ensure *database=NULL on error
Date: Sat, 23 Oct 2021 10:22:34 -0300 [thread overview]
Message-ID: <20211023132238.1864400-3-david@tethera.net> (raw)
In-Reply-To: <20211023132238.1864400-1-david@tethera.net>
During refactoring for 0.32, the code that set notmuch=NULL on various
errors was moved into _finish_open. This meant that the the code which
relied on that to set *database to NULL on error was no longer
correct. It also introduced a potential double free, since the notmuch
struct was deallocated inside _finish_open (via n_d_destroy).
In this commit we revert to "allocator frees", and leave any cleanup
to the caller of _finish_open. This allows us to get back the
behaviour of setting *database to NULL with a small change. Other
callers of _finish_open will need free notmuch on errors.
---
lib/open.cc | 13 +++++--------
test/T590-libconfig.sh | 2 --
2 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/lib/open.cc b/lib/open.cc
index 8a835e98..77f01f72 100644
--- a/lib/open.cc
+++ b/lib/open.cc
@@ -396,8 +396,6 @@ _finish_open (notmuch_database_t *notmuch,
" has a newer database format version (%u) than supported by this\n"
" version of notmuch (%u).\n",
database_path, version, NOTMUCH_DATABASE_VERSION));
- notmuch_database_destroy (notmuch);
- notmuch = NULL;
status = NOTMUCH_STATUS_FILE_ERROR;
goto DONE;
}
@@ -414,8 +412,6 @@ _finish_open (notmuch_database_t *notmuch,
" requires features (%s)\n"
" not supported by this version of notmuch.\n",
database_path, incompat_features));
- notmuch_database_destroy (notmuch);
- notmuch = NULL;
status = NOTMUCH_STATUS_FILE_ERROR;
goto DONE;
}
@@ -489,8 +485,6 @@ _finish_open (notmuch_database_t *notmuch,
} catch (const Xapian::Error &error) {
IGNORE_RESULT (asprintf (&message, "A Xapian exception occurred opening database: %s\n",
error.get_msg ().c_str ()));
- notmuch_database_destroy (notmuch);
- notmuch = NULL;
status = NOTMUCH_STATUS_XAPIAN_EXCEPTION;
}
DONE:
@@ -559,10 +553,13 @@ notmuch_database_open_with_config (const char *database_path,
free (message);
}
+ if (status && notmuch) {
+ notmuch_database_destroy (notmuch);
+ notmuch = NULL;
+ }
+
if (database)
*database = notmuch;
- else
- talloc_free (notmuch);
if (notmuch)
notmuch->open = true;
diff --git a/test/T590-libconfig.sh b/test/T590-libconfig.sh
index ed12b005..a0d70080 100755
--- a/test/T590-libconfig.sh
+++ b/test/T590-libconfig.sh
@@ -862,7 +862,6 @@ cat <<EOF > c_tail3
EOF
test_begin_subtest "open: database set to null on missing config"
-test_subtest_known_broken
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR} "/nonexistent"
notmuch_status_t st = notmuch_database_open_with_config(argv[1],
NOTMUCH_DATABASE_MODE_READ_ONLY,
@@ -876,7 +875,6 @@ EOF
test_expect_equal_file EXPECTED OUTPUT
test_begin_subtest "open: database set to null on missing config (env)"
-test_subtest_known_broken
old_NOTMUCH_CONFIG=${NOTMUCH_CONFIG}
NOTMUCH_CONFIG="/nonexistent"
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR}
--
2.33.0
next prev parent reply other threads:[~2021-10-23 13:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-23 13:22 Clean up de-allocation / nulling of notmuch database structure David Bremner
2021-10-23 13:22 ` [PATCH 1/6] test: add two known broken tests for missing config files David Bremner
2021-10-23 13:22 ` David Bremner [this message]
2021-10-23 13:22 ` [PATCH 3/6] lib/create: document expectations for db on error, add tests David Bremner
2021-10-23 13:22 ` [PATCH 4/6] lib/create: fix memory leak, ensure *database=NULL on error David Bremner
2021-10-23 13:22 ` [PATCH 5/6] lib/load_config: document expectations for db on error, add tests David Bremner
2021-10-23 13:22 ` [PATCH 6/6] lib/load_config: deallocate / NULL database on fatal error David Bremner
2021-10-30 18:01 ` Clean up de-allocation / nulling of notmuch database structure David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211023132238.1864400-3-david@tethera.net \
--to=david@tethera.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).