BUG: Using pointer that points to a destructed string's content

diff --git a/a4/5fa5f486be1e1b3b9615fff7acc2a77170ab2e b/a4/5fa5f486be1e1b3b9615fff7acc2a77170ab2e
new file mode 100644 (file)
index 0000000..ea8c62d
--- /dev/null
+++ b/a4/5fa5f486be1e1b3b9615fff7acc2a77170ab2e
@@ -0,0 +1,107 @@
+Return-Path: <sghctoma@gmail.com>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 82D15431FDB\r
+       for <notmuch@notmuchmail.org>; Fri, 26 Dec 2014 03:38:05 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.799\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5\r
+       tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\r
+       FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id Zv8QeDvOO4qp for <notmuch@notmuchmail.org>;\r
+       Fri, 26 Dec 2014 03:38:02 -0800 (PST)\r
+Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com\r
+       [209.85.212.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id E5437431FC0\r
+       for <notmuch@notmuchmail.org>; Fri, 26 Dec 2014 03:38:01 -0800 (PST)\r
+Received: by mail-wi0-f171.google.com with SMTP id bs8so16923699wib.10\r
+       for <notmuch@notmuchmail.org>; Fri, 26 Dec 2014 03:37:59 -0800 (PST)\r
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;\r
+       h=date:from:to:subject:message-id:mime-version:content-type\r
+       :user-agent; bh=70cLSIBqN+X/A8WumNs+2QVtTW8mNSU+0DvpD4KhkS0=;\r
+       b=nzX8pL3KTGQ5YZmnWR/uo4JUCoWDSwQtl1pi3qvgBXJY4Xegjj2FWjp7QoI4Op0EyI\r
+       JYI23NACQHkrK4NPhGaSWp0iCHOC4orof7GfENSflKAtcB8sZfnrM1J7KKZ9I+97Uaur\r
+       DNAszUFoim6TkxkryWASlujgc4POFyKZ3lSDez+MXAlkYxz6fppLQHGYzdOtAb68ns91\r
+       5TAJb53eBmfRNX13KaMG231qQ71sRy1+0JxnegJohNtishDVdaRXndlEWlktmV+bjVwx\r
+       xgB4MINXWss74tHHCcm60xf+GY9qkkCDZ4eNTut8CAoh1LzMZR8wG2FKR2FkvV2hwf3E\r
+       x9ZQ==\r
+X-Received: by 10.180.82.98 with SMTP id h2mr68946977wiy.7.1419593878557;\r
+       Fri, 26 Dec 2014 03:37:58 -0800 (PST)\r
+Received: from localhost (catv-37-191-19-235.catv.broadband.hu.\r
+       [37.191.19.235])\r
+       by mx.google.com with ESMTPSA id ep9sm27952918wid.3.2014.12.26.03.37.56\r
+       for <notmuch@notmuchmail.org>\r
+       (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\r
+       Fri, 26 Dec 2014 03:37:57 -0800 (PST)\r
+Date: Fri, 26 Dec 2014 12:37:55 +0100\r
+From: Tamas Szakaly <sghctoma@gmail.com>\r
+To: notmuch@notmuchmail.org\r
+Subject: BUG: Using pointer that points to a destructed string's content\r
+Message-ID: <20141226113755.GA64154@pamparam>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=utf-8; x-action=pgp-signed\r
+User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12)\r
+X-Mailman-Approved-At: Fri, 26 Dec 2014 12:08:53 -0800\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 26 Dec 2014 11:38:05 -0000\r
+\r
+-----BEGIN PGP SIGNED MESSAGE-----\r
+Hash: SHA1\r
+\r
+Dear notmuch developers,\r
+\r
+The following line is from _notmuch_message_add_directory_terms in\r
+lib/message.cc (line 652 in HEAD):\r
+\r
+direntry = (*i).c_str ();\r
+\r
+'i' is a Xapian::TermIterator, whose operator* returns a std::string by value.\r
+This means that c_str() is called on a temporary, which is destructed after the\r
+full expression (essentially the particular line in this case), so 'direntry'\r
+will point to a destructed std::string's data.\r
+(See https://gcc.gnu.org/onlinedocs/gcc/Temporaries.html)\r
+\r
+One possible modification to correct this issue is using strdup:\r
+\r
+direntry = strdup((*i).c_str ());\r
+\r
+Note:\r
+Despite the fact that it is wrong, it *generally* works, because delete[]-ing\r
+the underlying character array in the destructor of std::string does not really\r
+touch the memory content, and there is only a minor chance that this memory area\r
+will be allocated again (e.g. from another thread). This caused me some headache\r
+though with 'notmuch new' on FreeBSD 11-CURRENT, where jemalloc is configured so\r
+that freed memory will be filled with 0x5a's.\r
+\r
+Best regards,\r
+sghctoma\r
+\r
+- -- \r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v2\r
+\r
+iQEcBAEBAgAGBQJUnUiQAAoJEE8tbNCQOSmESAsH/ih+EFx0WJEzImBkNe4I4H+0\r
+Wj9u/ymmpgLwWnV0rg0oxnYoX5T6zT2e1jwTD73H7N4A2Xf2Susjbr6csTP2YyQB\r
+aUbZ5/Ajq+COgpoEXTQUbrIPcIbdl0X05/k9f/OdNqZMHVK6j08hw2oqtpsq6v1+\r
+PiuAa7kKrMda5rzLk08z1/qmJ6D7G2Trl6r5LPfytZhPwrphAJ9bWBofIIJLBQ0R\r
+RdeTmGuzc7FBw1a1JqJWkDL1lI91VTD49Wr/VqYXPbfcWbaHhVYSklDshyEYaK/+\r
+skemzV+aIWJiNHpkALdh3t+070caXlv5hwa826Q4kB0FMmkNlShjFqpXLJToEWo=\r
+=hshP\r
+-----END PGP SIGNATURE-----\r