--- /dev/null
+Return-Path: <todd@electricoding.com>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 0F739431FC2\r
+ for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 07:52:33 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 2.438\r
+X-Spam-Level: **\r
+X-Spam-Status: No, score=2.438 tagged_above=-999 required=5\r
+ tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 2j-YysQZrD1X for <notmuch@notmuchmail.org>;\r
+ Sat, 17 Jan 2015 07:52:29 -0800 (PST)\r
+Received: from s75.web-hosting.com (s75.web-hosting.com [198.187.31.9])\r
+ (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))\r
+ (No client certificate requested)\r
+ by olra.theworths.org (Postfix) with ESMTPS id 2C6A5431FD7\r
+ for <notmuch@notmuchmail.org>; Sat, 17 Jan 2015 07:52:26 -0800 (PST)\r
+Received: from user-69-73-37-128.knology.net ([69.73.37.128]:46357\r
+ helo=localhost.localdomain)\r
+ by server75.web-hosting.com with esmtpsa (UNKNOWN:AES128-SHA256:128)\r
+ (Exim 4.82) (envelope-from <todd@electricoding.com>)\r
+ id 1YCVfl-00164v-Ap; Sat, 17 Jan 2015 10:52:25 -0500\r
+From: Todd <todd@electricoding.com>\r
+To: notmuch@notmuchmail.org\r
+Subject: [PATCH v1 2/2] lib: Fix use after free\r
+Date: Sat, 17 Jan 2015 09:51:46 -0600\r
+Message-Id: <1421509906-2153-3-git-send-email-todd@electricoding.com>\r
+X-Mailer: git-send-email 1.9.1\r
+In-Reply-To: <1421509906-2153-1-git-send-email-todd@electricoding.com>\r
+References: <1421509906-2153-1-git-send-email-todd@electricoding.com>\r
+X-AntiAbuse: This header was added to track abuse,\r
+ please include it with any abuse report\r
+X-AntiAbuse: Primary Hostname - server75.web-hosting.com\r
+X-AntiAbuse: Original Domain - notmuchmail.org\r
+X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]\r
+X-AntiAbuse: Sender Address Domain - electricoding.com\r
+X-Get-Message-Sender-Via: server75.web-hosting.com: authenticated_id:\r
+ todd@electricoding.com\r
+X-Source: \r
+X-Source-Args: \r
+X-Source-Dir: \r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sat, 17 Jan 2015 15:52:33 -0000\r
+\r
+_thread_set_subject_from_message sometimes replaces the subject, making the\r
+cur_subject point to free'd memory\r
+\r
+==6550== ERROR: AddressSanitizer: heap-use-after-free on address 0x601a0000bec0 at pc 0x4464a4 bp 0x7fffa40be910 sp 0x7fffa40be908\r
+READ of size 1 at 0x601a0000bec0 thread T0\r
+ #0 0x4464a3 in _thread_add_matched_message /home/todd/.apps/notmuch/lib/thread.cc:369\r
+ #1 0x443c2c in notmuch_threads_get /home/todd/.apps/notmuch/lib/query.cc:496\r
+ #2 0x41d947 in do_search_threads /home/todd/.apps/notmuch/notmuch-search.c:131\r
+ #3 0x40a3fe in main /home/todd/.apps/notmuch/notmuch.c:345\r
+ #4 0x7f4e535b4ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287\r
+ #5 0x40abe6 in _start ??:?\r
+0x601a0000bec0 is located 96 bytes inside of 134-byte region [0x601a0000be60,0x601a0000bee6)\r
+freed by thread T0 here:\r
+ #0 0x7f4e54e6933a in __interceptor_free ??:?\r
+ #1 0x7f4e54482fab in _talloc_free ??:?\r
+previously allocated by thread T0 here:\r
+ #0 0x7f4e54e6941a in malloc ??:?\r
+ #1 0x7f4e54485b5d in talloc_strdup ??:?\r
+---\r
+ lib/thread.cc | 3 +--\r
+ 1 file changed, 1 insertion(+), 2 deletions(-)\r
+\r
+diff --git a/lib/thread.cc b/lib/thread.cc\r
+index 4c49f98..9847cf8 100644\r
+--- a/lib/thread.cc\r
++++ b/lib/thread.cc\r
+@@ -353,10 +353,8 @@ _thread_add_matched_message (notmuch_thread_t *thread,\r
+ {\r
+ time_t date;\r
+ notmuch_message_t *hashed_message;\r
+- const char *cur_subject;\r
+ \r
+ date = notmuch_message_get_date (message);\r
+- cur_subject = notmuch_thread_get_subject(thread);\r
+ \r
+ if (date < thread->oldest || ! thread->matched_messages) {\r
+ thread->oldest = date;\r
+@@ -366,6 +364,7 @@ _thread_add_matched_message (notmuch_thread_t *thread,\r
+ \r
+ if (date > thread->newest || ! thread->matched_messages) {\r
+ thread->newest = date;\r
++ const char *cur_subject = notmuch_thread_get_subject(thread);\r
+ if (sort != NOTMUCH_SORT_OLDEST_FIRST || EMPTY_STRING(cur_subject))\r
+ _thread_set_subject_from_message (thread, message);\r
+ }\r
+-- \r
+1.9.1\r
+\r
projects / notmuch-archives.git / commitdiff