Segmentation fault in notmuch search --format=json

Mark Walters markwalters1009 at gmail.com
Tue Aug 7 00:07:14 PDT 2012


On Tue, 07 Aug 2012, Ben Gamari <bgamari.foss at gmail.com> wrote:
> It seems some messages trigger a segmentation fault in
> `do_search_threads()`. It appears the problem occurs (at least) when
> `authors` is NULL.

Hi thanks for the bug report and detailed debugging. I think I can see
the problem and there is a test patch to fix it below, and this does
appear to be a regression.

In json.c the function json_quote_str explicitly checks/allows for a
NULL pointer passed as a string and pretends it is just an empty
string. That behaviour was lost in the move to structured formatters.

A simple fix is to put this check for a null pointer in json_string in
sprinter-json.c which is what this patch does.

Incidentally this is the second time this bug has appeared: 

        commit cacefbf3d6dd5bce0b60b3cdfce29bfa371dfaea
        Author: David Edmondson <dme at dme.org>
        Date:   Tue Apr 6 08:24:00 2010 +0100

            json: Avoid calling strlen(NULL)
                
                    MIME parts may have no filename, which previously resulted in calling
                        strlen(NULL).

so it really might be worth having a test for it!

Finally, I think nothing in json.c is used anymore so perhaps it
 could be removed.


diff --git a/sprinter-json.c b/sprinter-json.c
index c9b6835..0a07790 100644
--- a/sprinter-json.c
+++ b/sprinter-json.c
@@ -118,6 +118,8 @@ json_string_len (struct sprinter *sp, const char *val, size_t len)
 static void
 json_string (struct sprinter *sp, const char *val)
 {
+    if (val == NULL)
+	val = "";
     json_string_len (sp, val, strlen (val));
 }
 



More information about the notmuch mailing list