From 63a3a2b6284b2f47826688a31ce9005c2eaa8a5a Mon Sep 17 00:00:00 2001 From: David Bremner Date: Fri, 26 Dec 2014 23:03:13 +0100 Subject: [PATCH] Re: BUG: Using pointer that points to a destructed string's content --- 1e/80eccd42bc5d50d7d2ddbbb1603889c93185cc | 84 +++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 1e/80eccd42bc5d50d7d2ddbbb1603889c93185cc diff --git a/1e/80eccd42bc5d50d7d2ddbbb1603889c93185cc b/1e/80eccd42bc5d50d7d2ddbbb1603889c93185cc new file mode 100644 index 000000000..3c99a02e7 --- /dev/null +++ b/1e/80eccd42bc5d50d7d2ddbbb1603889c93185cc @@ -0,0 +1,84 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 1801F431FCF + for ; Fri, 26 Dec 2014 14:03:25 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id KcCTnRPUcB45 for ; + Fri, 26 Dec 2014 14:03:21 -0800 (PST) +Received: from yantan.tethera.net (yantan.tethera.net [199.188.72.155]) + (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id E091C431FAF + for ; Fri, 26 Dec 2014 14:03:21 -0800 (PST) +Received: from remotemail by yantan.tethera.net with local (Exim 4.80) + (envelope-from ) + id 1Y4cyc-0007qM-Vs; Fri, 26 Dec 2014 18:03:18 -0400 +Received: (nullmailer pid 3992 invoked by uid 1000); Fri, 26 Dec 2014 + 22:03:13 -0000 +From: David Bremner +To: Tamas Szakaly , notmuch@notmuchmail.org +Subject: Re: BUG: Using pointer that points to a destructed string's content +In-Reply-To: <20141226113755.GA64154@pamparam> +References: <20141226113755.GA64154@pamparam> +User-Agent: Notmuch/0.19+7~g5d7f7a6 (http://notmuchmail.org) Emacs/24.4.1 + (x86_64-pc-linux-gnu) +Date: Fri, 26 Dec 2014 23:03:13 +0100 +Message-ID: <87oaqqf4ri.fsf@maritornes.cs.unb.ca> +MIME-Version: 1.0 +Content-Type: text/plain +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Fri, 26 Dec 2014 22:03:25 -0000 + +Tamas Szakaly writes: + +> The following line is from _notmuch_message_add_directory_terms in +> lib/message.cc (line 652 in HEAD): +> +> direntry = (*i).c_str (); +> +> 'i' is a Xapian::TermIterator, whose operator* returns a std::string by value. +> This means that c_str() is called on a temporary, which is destructed after the +> full expression (essentially the particular line in this case), so 'direntry' +> will point to a destructed std::string's data. +> (See https://gcc.gnu.org/onlinedocs/gcc/Temporaries.html) + +Does the following patch fix it for you? I have to double check that +direntry wasn't needed for something, but the test suite passes ;). + +diff --git a/lib/message.cc b/lib/message.cc +index a7a13cc..24d0d5b 100644 +--- a/lib/message.cc ++++ b/lib/message.cc +@@ -649,10 +649,8 @@ _notmuch_message_add_directory_terms (void *ctx, notmuch_message_t *message) + /* Indicate that there are filenames remaining. */ + status = NOTMUCH_STATUS_DUPLICATE_MESSAGE_ID; + +- direntry = (*i).c_str (); +- direntry += direntry_prefix_len; +- +- directory_id = strtol (direntry, &colon, 10); ++ directory_id = strtol ( ++ (*i).c_str () + direntry_prefix_len, &colon, 10); + + if (colon == NULL || *colon != ':') + INTERNAL_ERROR ("malformed direntry"); -- 2.26.2