From b9d0fcf07bbf1474b44812bce114aeb1359d93ac Mon Sep 17 00:00:00 2001
From: "Vladimir.Marek" <Vladimir.Marek@oracle.com>
Date: Wed, 1 May 2013 23:33:41 +0200
Subject: [PATCH] [PATCH 01/24] lib/message.cc: stale pointer bug

---
 da/e89f8075d1d9c3df0f9925485ad26eae86032d | 103 ++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 da/e89f8075d1d9c3df0f9925485ad26eae86032d

diff --git a/da/e89f8075d1d9c3df0f9925485ad26eae86032d b/da/e89f8075d1d9c3df0f9925485ad26eae86032d
new file mode 100644
index 000000000..d622becc5
--- /dev/null
+++ b/da/e89f8075d1d9c3df0f9925485ad26eae86032d
@@ -0,0 +1,103 @@
+Return-Path: <Vladimir.Marek@oracle.com>
+X-Original-To: notmuch@notmuchmail.org
+Delivered-To: notmuch@notmuchmail.org
+Received: from localhost (localhost [127.0.0.1])
+	by olra.theworths.org (Postfix) with ESMTP id EA317431FB6
+	for <notmuch@notmuchmail.org>; Wed,  1 May 2013 14:34:03 -0700 (PDT)
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
+X-Spam-Flag: NO
+X-Spam-Score: -2.299
+X-Spam-Level: 
+X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5
+	tests=[RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001]
+	autolearn=disabled
+Received: from olra.theworths.org ([127.0.0.1])
+	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
+	with ESMTP id KPKT6fppHipA for <notmuch@notmuchmail.org>;
+	Wed,  1 May 2013 14:33:59 -0700 (PDT)
+Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81])
+	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
+	(No client certificate requested)
+	by olra.theworths.org (Postfix) with ESMTPS id 4EA5C431FAF
+	for <notmuch@notmuchmail.org>; Wed,  1 May 2013 14:33:59 -0700 (PDT)
+Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93])
+	by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with
+	ESMTP id r41LXuA4020955
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
+	Wed, 1 May 2013 21:33:57 GMT
+Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231])
+	by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
+	r41LXusY009397
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL);
+	Wed, 1 May 2013 21:33:57 GMT
+Received: from abhmt114.oracle.com (abhmt114.oracle.com [141.146.116.66])
+	by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
+	r41LXu54019922; Wed, 1 May 2013 21:33:56 GMT
+Received: from tbd.cz.oracle.com (/10.163.101.124)
+	by default (Oracle Beehive Gateway v4.0)
+	with ESMTP ; Wed, 01 May 2013 14:33:55 -0700
+From: Vladimir.Marek@oracle.com
+To: notmuch@notmuchmail.org
+Subject: [PATCH 01/24] lib/message.cc: stale pointer bug
+Date: Wed,  1 May 2013 23:33:41 +0200
+Message-Id: <1367444021-2757-1-git-send-email-Vladimir.Marek@oracle.com>
+X-Mailer: git-send-email 1.7.9.2
+X-Source-IP: ucsinet21.oracle.com [156.151.31.93]
+Cc: Vladimir Marek <vlmarek@volny.cz>
+X-BeenThere: notmuch@notmuchmail.org
+X-Mailman-Version: 2.1.13
+Precedence: list
+List-Id: "Use and development of the notmuch mail system."
+	<notmuch.notmuchmail.org>
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>
+List-Post: <mailto:notmuch@notmuchmail.org>
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
+X-List-Received-Date: Wed, 01 May 2013 21:34:04 -0000
+
+From: Vladimir Marek <vlmarek@volny.cz>
+
+Xapian::TermIterator::operator* returns std::string which is destroyed
+as soon as (*i).c_str() finishes. The remembered pointer 'term' then
+references invalid memory.
+
+Signed-off-by: Vladimir Marek <vlmarek@volny.cz>
+---
+ lib/message.cc |   11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/lib/message.cc b/lib/message.cc
+index 8720c1b..a890550 100644
+--- a/lib/message.cc
++++ b/lib/message.cc
+@@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message,
+ 			   const char *prefix)
+ {
+     int prefix_len = strlen (prefix);
+-    const char *term = NULL;
++    std::string term;
+     char *value;
+ 
+     i.skip_to (prefix);
+ 
+-    if (i != end)
+-	term = (*i).c_str ();
++    if (i == end)
++	return NULL;
+ 
+-    if (!term || strncmp (term, prefix, prefix_len))
++    term = *i;
++    if (strncmp (term.c_str(), prefix, prefix_len))
+ 	return NULL;
+ 
+-    value = talloc_strdup (message, term + prefix_len);
++    value = talloc_strdup (message, term.c_str() + prefix_len);
+ 
+ #if DEBUG_DATABASE_SANITY
+     i++;
+-- 
+1.7.9.2
+
-- 
2.26.2