Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id EA317431FB6 for ; Wed, 1 May 2013 14:34:03 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -2.299 X-Spam-Level: X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPKT6fppHipA for ; Wed, 1 May 2013 14:33:59 -0700 (PDT) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 4EA5C431FAF for ; Wed, 1 May 2013 14:33:59 -0700 (PDT) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r41LXuA4020955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 1 May 2013 21:33:57 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r41LXusY009397 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 1 May 2013 21:33:57 GMT Received: from abhmt114.oracle.com (abhmt114.oracle.com [141.146.116.66]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r41LXu54019922; Wed, 1 May 2013 21:33:56 GMT Received: from tbd.cz.oracle.com (/10.163.101.124) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 01 May 2013 14:33:55 -0700 From: Vladimir.Marek@oracle.com To: notmuch@notmuchmail.org Subject: [PATCH 01/24] lib/message.cc: stale pointer bug Date: Wed, 1 May 2013 23:33:41 +0200 Message-Id: <1367444021-2757-1-git-send-email-Vladimir.Marek@oracle.com> X-Mailer: git-send-email 1.7.9.2 X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Cc: Vladimir Marek X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2013 21:34:04 -0000 From: Vladimir Marek Xapian::TermIterator::operator* returns std::string which is destroyed as soon as (*i).c_str() finishes. The remembered pointer 'term' then references invalid memory. Signed-off-by: Vladimir Marek --- lib/message.cc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/message.cc b/lib/message.cc index 8720c1b..a890550 100644 --- a/lib/message.cc +++ b/lib/message.cc @@ -266,18 +266,19 @@ _notmuch_message_get_term (notmuch_message_t *message, const char *prefix) { int prefix_len = strlen (prefix); - const char *term = NULL; + std::string term; char *value; i.skip_to (prefix); - if (i != end) - term = (*i).c_str (); + if (i == end) + return NULL; - if (!term || strncmp (term, prefix, prefix_len)) + term = *i; + if (strncmp (term.c_str(), prefix, prefix_len)) return NULL; - value = talloc_strdup (message, term + prefix_len); + value = talloc_strdup (message, term.c_str() + prefix_len); #if DEBUG_DATABASE_SANITY i++; -- 1.7.9.2