* [PATCH] lib/message.cc: stale pointer bug (v3)
@ 2013-05-02 14:31 Vladimir.Marek
2013-05-02 16:20 ` Jani Nikula
2013-05-04 0:28 ` David Bremner
0 siblings, 2 replies; 3+ messages in thread
From: Vladimir.Marek @ 2013-05-02 14:31 UTC (permalink / raw)
To: notmuch; +Cc: Vladimir Marek
From: Vladimir Marek <vlmarek@volny.cz>
Xapian::TermIterator::operator* returns std::string which is destroyed
as soon as (*i).c_str() finishes. The remembered pointer 'term' then
references invalid memory.
Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
---
lib/message.cc | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/message.cc b/lib/message.cc
index 8720c1b..c4261e6 100644
--- a/lib/message.cc
+++ b/lib/message.cc
@@ -266,18 +266,18 @@ _notmuch_message_get_term (notmuch_message_t *message,
const char *prefix)
{
int prefix_len = strlen (prefix);
- const char *term = NULL;
char *value;
i.skip_to (prefix);
- if (i != end)
- term = (*i).c_str ();
+ if (i == end)
+ return NULL;
- if (!term || strncmp (term, prefix, prefix_len))
+ std::string term = *i;
+ if (strncmp (term.c_str(), prefix, prefix_len))
return NULL;
- value = talloc_strdup (message, term + prefix_len);
+ value = talloc_strdup (message, term.c_str() + prefix_len);
#if DEBUG_DATABASE_SANITY
i++;
--
1.7.9.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] lib/message.cc: stale pointer bug (v3)
2013-05-02 14:31 [PATCH] lib/message.cc: stale pointer bug (v3) Vladimir.Marek
@ 2013-05-02 16:20 ` Jani Nikula
2013-05-04 0:28 ` David Bremner
1 sibling, 0 replies; 3+ messages in thread
From: Jani Nikula @ 2013-05-02 16:20 UTC (permalink / raw)
To: Vladimir.Marek, notmuch; +Cc: Vladimir Marek
LGTM
On Thu, 02 May 2013, Vladimir.Marek@oracle.com wrote:
> From: Vladimir Marek <vlmarek@volny.cz>
>
> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.
>
> Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
> ---
> lib/message.cc | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/lib/message.cc b/lib/message.cc
> index 8720c1b..c4261e6 100644
> --- a/lib/message.cc
> +++ b/lib/message.cc
> @@ -266,18 +266,18 @@ _notmuch_message_get_term (notmuch_message_t *message,
> const char *prefix)
> {
> int prefix_len = strlen (prefix);
> - const char *term = NULL;
> char *value;
>
> i.skip_to (prefix);
>
> - if (i != end)
> - term = (*i).c_str ();
> + if (i == end)
> + return NULL;
>
> - if (!term || strncmp (term, prefix, prefix_len))
> + std::string term = *i;
> + if (strncmp (term.c_str(), prefix, prefix_len))
> return NULL;
>
> - value = talloc_strdup (message, term + prefix_len);
> + value = talloc_strdup (message, term.c_str() + prefix_len);
>
> #if DEBUG_DATABASE_SANITY
> i++;
> --
> 1.7.9.2
>
> _______________________________________________
> notmuch mailing list
> notmuch@notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] lib/message.cc: stale pointer bug (v3)
2013-05-02 14:31 [PATCH] lib/message.cc: stale pointer bug (v3) Vladimir.Marek
2013-05-02 16:20 ` Jani Nikula
@ 2013-05-04 0:28 ` David Bremner
1 sibling, 0 replies; 3+ messages in thread
From: David Bremner @ 2013-05-04 0:28 UTC (permalink / raw)
To: Vladimir.Marek, notmuch; +Cc: Vladimir Marek
Vladimir.Marek@oracle.com writes:
> From: Vladimir Marek <vlmarek@volny.cz>
>
> Xapian::TermIterator::operator* returns std::string which is destroyed
> as soon as (*i).c_str() finishes. The remembered pointer 'term' then
> references invalid memory.
Pushed,
d
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-05-04 0:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-02 14:31 [PATCH] lib/message.cc: stale pointer bug (v3) Vladimir.Marek
2013-05-02 16:20 ` Jani Nikula
2013-05-04 0:28 ` David Bremner
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).