Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 7815A431FAF for ; Sat, 17 Jan 2015 07:52:29 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 2.438 X-Spam-Level: ** X-Spam-Status: No, score=2.438 tagged_above=-999 required=5 tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZUCpbMXJrov for ; Sat, 17 Jan 2015 07:52:26 -0800 (PST) Received: from s75.web-hosting.com (s75.web-hosting.com [198.187.31.9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 2732D431FC2 for ; Sat, 17 Jan 2015 07:52:26 -0800 (PST) Received: from user-69-73-37-128.knology.net ([69.73.37.128]:46357 helo=localhost.localdomain) by server75.web-hosting.com with esmtpsa (UNKNOWN:AES128-SHA256:128) (Exim 4.82) (envelope-from ) id 1YCVfk-00164v-PJ; Sat, 17 Jan 2015 10:52:24 -0500 From: Todd To: notmuch@notmuchmail.org Subject: [PATCH v1 1/2] lib: Fix potential invalid read past an empty string Date: Sat, 17 Jan 2015 09:51:45 -0600 Message-Id: <1421509906-2153-2-git-send-email-todd@electricoding.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1421509906-2153-1-git-send-email-todd@electricoding.com> References: <1421509906-2153-1-git-send-email-todd@electricoding.com> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server75.web-hosting.com X-AntiAbuse: Original Domain - notmuchmail.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - electricoding.com X-Get-Message-Sender-Via: server75.web-hosting.com: authenticated_id: todd@electricoding.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2015 15:52:29 -0000 ==22884== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x601600008291 at pc 0x7ff6295680e5 bp 0x7fff4ab9aa40 sp 0x7fff4ab9aa08 READ of size 1 at 0x601600008291 thread T0 #0 0x7ff6295680e4 in __interceptor_strcmp ??:? #1 0x44763b in _thread_add_message /home/todd/.apps/notmuch/lib/thread.cc:255 #2 0x4459e8 in notmuch_threads_get /home/todd/.apps/notmuch/lib/query.cc:496 #3 0x41e2a7 in do_search_threads /home/todd/.apps/notmuch/notmuch-search.c:131 #4 0x40a408 in main /home/todd/.apps/notmuch/notmuch.c:345 #5 0x7ff627cb9ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287 #6 0x40abf3 in _start ??:? 0x601600008291 is located 0 bytes to the right of 97-byte region [0x601600008230,0x601600008291) allocated by thread T0 here: #0 0x7ff62956e41a in malloc ??:? #1 0x7ff628b8ab5d in talloc_strdup ??:? --- lib/thread.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/thread.cc b/lib/thread.cc index 4542505..4c49f98 100644 --- a/lib/thread.cc +++ b/lib/thread.cc @@ -251,8 +251,8 @@ _thread_add_message (notmuch_thread_t *thread, term != NULL; term = term->next) { - /* We ignore initial 'K'. */ - if (strcmp(tag, (term->string + 1)) == 0) { + /* Check for an empty string, and then ignore initial 'K'. */ + if (*(term->string) && strcmp(tag, (term->string + 1)) == 0) { message_excluded = TRUE; break; } -- 1.9.1