[PATCH 01/24] lib/message.cc: stale pointer bug

[PATCH 01/24] lib/message.cc: stale pointer bug

[Vladimir.Marek]

From: Vladimir Marek <vlmarek@volny.cz>

Xapian::TermIterator::operator* returns std::string which is destroyed
as soon as (*i).c_str() finishes. The remembered pointer 'term' then
references invalid memory.

Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
---
 lib/message.cc |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/message.cc b/lib/message.cc
index 8720c1b..a890550 100644
--- a/lib/message.cc
+++ b/lib/message.cc
@@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
 			   const char *prefix)
 {
     int prefix_len = strlen (prefix);
-    const char *term = NULL;
+    std::string term;
     char *value;
 
     i.skip_to (prefix);
 
-    if (i != end)
-	term = (*i).c_str ();
+    if (i == end)
+	return NULL;
 
-    if (!term || strncmp (term, prefix, prefix_len))
+    term = *i;
+    if (strncmp (term.c_str(), prefix, prefix_len))
 	return NULL;
 
-    value = talloc_strdup (message, term + prefix_len);
+    value = talloc_strdup (message, term.c_str() + prefix_len);
 
 #if DEBUG_DATABASE_SANITY
     i++;
-- 
1.7.9.2

Re: [PATCH 01/24] lib/message.cc: stale pointer bug

[Vladimir Marek]

Uh, oh, it's patch 01/01 actually. There's 23 other patches waiting but
will be submitted separately.

> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.

I reworded the comment and I changed the fix slightly.

Thank you
-- 
	Vlad

Re: [PATCH 01/24] lib/message.cc: stale pointer bug

[Tomi Ollila]

On Thu, May 02 2013, Vladimir.Marek@oracle.com wrote:

> From: Vladimir Marek <vlmarek@volny.cz>
>
> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.

Looks to me like a good solution...


Tomi

>
> Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
> ---
>  lib/message.cc |   11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/lib/message.cc b/lib/message.cc
> index 8720c1b..a890550 100644
> --- a/lib/message.cc
> +++ b/lib/message.cc
> @@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
>  			   const char *prefix)
>  {
>      int prefix_len = strlen (prefix);
> -    const char *term = NULL;
> +    std::string term;
>      char *value;
>  
>      i.skip_to (prefix);
>  
> -    if (i != end)
> -	term = (*i).c_str ();
> +    if (i == end)
> +	return NULL;
>  
> -    if (!term || strncmp (term, prefix, prefix_len))
> +    term = *i;

... hmm, a raii(?) solution above would be std::string term = *i;

> +    if (strncmp (term.c_str(), prefix, prefix_len))
>  	return NULL;
>  
> -    value = talloc_strdup (message, term + prefix_len);
> +    value = talloc_strdup (message, term.c_str() + prefix_len);
>  
>  #if DEBUG_DATABASE_SANITY
>      i++;
> -- 
> 1.7.9.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch

Re: [PATCH 01/24] lib/message.cc: stale pointer bug

[Vladimir Marek]

> >      int prefix_len = strlen (prefix);
> > -    const char *term = NULL;
> > +    std::string term;
> >      char *value;
> >  
> >      i.skip_to (prefix);
> >  
> > -    if (i != end)
> > -	term = (*i).c_str ();
> > +    if (i == end)
> > +	return NULL;
> >  
> > -    if (!term || strncmp (term, prefix, prefix_len))
> > +    term = *i;
> 
> ... hmm, a raii(?) solution above would be std::string term = *i;

I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
mean to use 'std::string term = *i;' to avoid copy constructor. That
surely is a good idea. Let me rework the patch!

-- 
	Vlad

Re: [PATCH 01/24] lib/message.cc: stale pointer bug

[Tomi Ollila]

On Thu, May 02 2013, Vladimir Marek <Vladimir.Marek@Oracle.COM> wrote:

>> >      int prefix_len = strlen (prefix);
>> > -    const char *term = NULL;
>> > +    std::string term;
>> >      char *value;
>> >  
>> >      i.skip_to (prefix);
>> >  
>> > -    if (i != end)
>> > -	term = (*i).c_str ();
>> > +    if (i == end)
>> > +	return NULL;
>> >  
>> > -    if (!term || strncmp (term, prefix, prefix_len))
>> > +    term = *i;
>> 
>> ... hmm, a raii(?) solution above would be std::string term = *i;
>
> I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
> mean to use 'std::string term = *i;' to avoid copy constructor. That
> surely is a good idea. Let me rework the patch!

I am not that smart (i.e. avoid copy constructor it might be, I don't
know...) I am lousy in c++. I attempter to mean
http://en.wikipedia.org/wiki/Resource_Acquisition_Is_Initialization
in a sense that when variable is introduced it is also initialized
to useful value (so that no-one accidentally add code between introduction
and initialization). 
 
Anyway, if you rework the patch then we can vote which version to
apply (yeah, sure >;)

> -- 
> 	Vlad

Tomi

Re: [PATCH 01/24] lib/message.cc: stale pointer bug

[Jani Nikula]

On Thu, 02 May 2013, Tomi Ollila <tomi.ollila@iki.fi> wrote:
> On Thu, May 02 2013, Vladimir Marek <Vladimir.Marek@Oracle.COM> wrote:
>
>>> >      int prefix_len = strlen (prefix);
>>> > -    const char *term = NULL;
>>> > +    std::string term;
>>> >      char *value;
>>> >  
>>> >      i.skip_to (prefix);
>>> >  
>>> > -    if (i != end)
>>> > -	term = (*i).c_str ();
>>> > +    if (i == end)
>>> > +	return NULL;
>>> >  
>>> > -    if (!term || strncmp (term, prefix, prefix_len))
>>> > +    term = *i;
>>> 
>>> ... hmm, a raii(?) solution above would be std::string term = *i;
>>
>> I'm not sure what's raii (I'm not very good at c++ ...), but I guess you
>> mean to use 'std::string term = *i;' to avoid copy constructor. That
>> surely is a good idea. Let me rework the patch!
>
> I am not that smart (i.e. avoid copy constructor it might be, I don't
> know...) I am lousy in c++. I attempter to mean
> http://en.wikipedia.org/wiki/Resource_Acquisition_Is_Initialization
> in a sense that when variable is introduced it is also initialized
> to useful value (so that no-one accidentally add code between introduction
> and initialization). 
>  
> Anyway, if you rework the patch then we can vote which version to
> apply (yeah, sure >;)

I already dropped needs-review from the latest version [1]. I'm curious
about patches 2-24, let's not stall here. ;)

Jani.


[1] id:1367505102-12860-1-git-send-email-Vladimir.Marek@oracle.com