read after free in notmuch new
David Bremner
david at tethera.net
Tue Feb 21 17:05:44 PST 2017
Tomi Ollila <tomi.ollila at iki.fi> writes:
> To me it looks like replacing g_hash_table_insert() with
> g_hash_table_replace() would do the trick.
>
> (or even g_hash_table_add()!)
>
> One has to read the documentation a bit (and compare the docstrings of
> these 2 functions to guess the missing pieces) to get some understanding to
> this...
>
Hi Tomi;
Thanks for the suggestion. Unfortunately in my experiments it just
shifts the invalid memory access to a different piece of memory. I think
the problem is that a pointer to the previous copy of that key also
leaked a reference via last_ref, so when we kill that via
g_hash_table_replace it causes the same problem.
d
More information about the notmuch
mailing list