* [PATCH 01/24] lib/message.cc: stale pointer bug
@ 2013-05-01 21:33 Vladimir.Marek
2013-05-01 21:43 ` Vladimir Marek
2013-05-02 10:01 ` Tomi Ollila
0 siblings, 2 replies; 6+ messages in thread
From: Vladimir.Marek @ 2013-05-01 21:33 UTC (permalink / raw)
To: notmuch; +Cc: Vladimir Marek
From: Vladimir Marek <vlmarek@volny.cz>
Xapian::TermIterator::operator* returns std::string which is destroyed
as soon as (*i).c_str() finishes. The remembered pointer 'term' then
references invalid memory.
Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
---
lib/message.cc | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lib/message.cc b/lib/message.cc
index 8720c1b..a890550 100644
--- a/lib/message.cc
+++ b/lib/message.cc
@@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
const char *prefix)
{
int prefix_len = strlen (prefix);
- const char *term = NULL;
+ std::string term;
char *value;
i.skip_to (prefix);
- if (i != end)
- term = (*i).c_str ();
+ if (i == end)
+ return NULL;
- if (!term || strncmp (term, prefix, prefix_len))
+ term = *i;
+ if (strncmp (term.c_str(), prefix, prefix_len))
return NULL;
- value = talloc_strdup (message, term + prefix_len);
+ value = talloc_strdup (message, term.c_str() + prefix_len);
#if DEBUG_DATABASE_SANITY
i++;
--
1.7.9.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 01/24] lib/message.cc: stale pointer bug
2013-05-01 21:33 [PATCH 01/24] lib/message.cc: stale pointer bug Vladimir.Marek
@ 2013-05-01 21:43 ` Vladimir Marek
2013-05-02 10:01 ` Tomi Ollila
1 sibling, 0 replies; 6+ messages in thread
From: Vladimir Marek @ 2013-05-01 21:43 UTC (permalink / raw)
To: notmuch; +Cc: Vladimir Marek
Uh, oh, it's patch 01/01 actually. There's 23 other patches waiting but
will be submitted separately.
> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.
I reworded the comment and I changed the fix slightly.
Thank you
--
Vlad
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 01/24] lib/message.cc: stale pointer bug
2013-05-01 21:33 [PATCH 01/24] lib/message.cc: stale pointer bug Vladimir.Marek
2013-05-01 21:43 ` Vladimir Marek
@ 2013-05-02 10:01 ` Tomi Ollila
2013-05-02 13:45 ` Vladimir Marek
1 sibling, 1 reply; 6+ messages in thread
From: Tomi Ollila @ 2013-05-02 10:01 UTC (permalink / raw)
To: Vladimir.Marek, notmuch; +Cc: Vladimir Marek
On Thu, May 02 2013, Vladimir.Marek@oracle.com wrote:
> From: Vladimir Marek <vlmarek@volny.cz>
>
> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.
Looks to me like a good solution...
Tomi
>
> Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
> ---
> lib/message.cc | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/lib/message.cc b/lib/message.cc
> index 8720c1b..a890550 100644
> --- a/lib/message.cc
> +++ b/lib/message.cc
> @@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
> const char *prefix)
> {
> int prefix_len = strlen (prefix);
> - const char *term = NULL;
> + std::string term;
> char *value;
>
> i.skip_to (prefix);
>
> - if (i != end)
> - term = (*i).c_str ();
> + if (i == end)
> + return NULL;
>
> - if (!term || strncmp (term, prefix, prefix_len))
> + term = *i;
... hmm, a raii(?) solution above would be std::string term = *i;
> + if (strncmp (term.c_str(), prefix, prefix_len))
> return NULL;
>
> - value = talloc_strdup (message, term + prefix_len);
> + value = talloc_strdup (message, term.c_str() + prefix_len);
>
> #if DEBUG_DATABASE_SANITY
> i++;
> --
> 1.7.9.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 01/24] lib/message.cc: stale pointer bug
2013-05-02 10:01 ` Tomi Ollila
@ 2013-05-02 13:45 ` Vladimir Marek
2013-05-02 18:03 ` Tomi Ollila
0 siblings, 1 reply; 6+ messages in thread
From: Vladimir Marek @ 2013-05-02 13:45 UTC (permalink / raw)
To: Tomi Ollila; +Cc: notmuch, Vladimir Marek
> > int prefix_len = strlen (prefix);
> > - const char *term = NULL;
> > + std::string term;
> > char *value;
> >
> > i.skip_to (prefix);
> >
> > - if (i != end)
> > - term = (*i).c_str ();
> > + if (i == end)
> > + return NULL;
> >
> > - if (!term || strncmp (term, prefix, prefix_len))
> > + term = *i;
>
> ... hmm, a raii(?) solution above would be std::string term = *i;
I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
mean to use 'std::string term = *i;' to avoid copy constructor. That
surely is a good idea. Let me rework the patch!
--
Vlad
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 01/24] lib/message.cc: stale pointer bug
2013-05-02 13:45 ` Vladimir Marek
@ 2013-05-02 18:03 ` Tomi Ollila
2013-05-02 20:36 ` Jani Nikula
0 siblings, 1 reply; 6+ messages in thread
From: Tomi Ollila @ 2013-05-02 18:03 UTC (permalink / raw)
To: Vladimir Marek; +Cc: notmuch, Vladimir Marek
On Thu, May 02 2013, Vladimir Marek <Vladimir.Marek@Oracle.COM> wrote:
>> > int prefix_len = strlen (prefix);
>> > - const char *term = NULL;
>> > + std::string term;
>> > char *value;
>> >
>> > i.skip_to (prefix);
>> >
>> > - if (i != end)
>> > - term = (*i).c_str ();
>> > + if (i == end)
>> > + return NULL;
>> >
>> > - if (!term || strncmp (term, prefix, prefix_len))
>> > + term = *i;
>>
>> ... hmm, a raii(?) solution above would be std::string term = *i;
>
> I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
> mean to use 'std::string term = *i;' to avoid copy constructor. That
> surely is a good idea. Let me rework the patch!
I am not that smart (i.e. avoid copy constructor it might be, I don't
know...) I am lousy in c++. I attempter to mean
http://en.wikipedia.org/wiki/Resource_Acquisition_Is_Initialization
in a sense that when variable is introduced it is also initialized
to useful value (so that no-one accidentally add code between introduction
and initialization).
Anyway, if you rework the patch then we can vote which version to
apply (yeah, sure >;)
> --
> Vlad
Tomi
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 01/24] lib/message.cc: stale pointer bug
2013-05-02 18:03 ` Tomi Ollila
@ 2013-05-02 20:36 ` Jani Nikula
0 siblings, 0 replies; 6+ messages in thread
From: Jani Nikula @ 2013-05-02 20:36 UTC (permalink / raw)
To: Tomi Ollila, Vladimir Marek; +Cc: notmuch, Vladimir Marek
On Thu, 02 May 2013, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Thu, May 02 2013, Vladimir Marek <Vladimir.Marek@Oracle.COM> wrote:
>
>>> > int prefix_len = strlen (prefix);
>>> > - const char *term = NULL;
>>> > + std::string term;
>>> > char *value;
>>> >
>>> > i.skip_to (prefix);
>>> >
>>> > - if (i != end)
>>> > - term = (*i).c_str ();
>>> > + if (i == end)
>>> > + return NULL;
>>> >
>>> > - if (!term || strncmp (term, prefix, prefix_len))
>>> > + term = *i;
>>>
>>> ... hmm, a raii(?) solution above would be std::string term = *i;
>>
>> I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
>> mean to use 'std::string term = *i;' to avoid copy constructor. That
>> surely is a good idea. Let me rework the patch!
>
> I am not that smart (i.e. avoid copy constructor it might be, I don't
> know...) I am lousy in c++. I attempter to mean
> http://en.wikipedia.org/wiki/Resource_Acquisition_Is_Initialization
> in a sense that when variable is introduced it is also initialized
> to useful value (so that no-one accidentally add code between introduction
> and initialization).
>
> Anyway, if you rework the patch then we can vote which version to
> apply (yeah, sure >;)
I already dropped needs-review from the latest version [1]. I'm curious
about patches 2-24, let's not stall here. ;)
Jani.
[1] id:1367505102-12860-1-git-send-email-Vladimir.Marek@oracle.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-05-02 20:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-01 21:33 [PATCH 01/24] lib/message.cc: stale pointer bug Vladimir.Marek
2013-05-01 21:43 ` Vladimir Marek
2013-05-02 10:01 ` Tomi Ollila
2013-05-02 13:45 ` Vladimir Marek
2013-05-02 18:03 ` Tomi Ollila
2013-05-02 20:36 ` Jani Nikula
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).