[balsa/wip/gmime3: 152/197] Fix a use-after-free bug



commit 345d9837df45394f5d24f37b7477d1cafa9cfe49
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date:   Thu Jan 4 17:25:04 2018 -0500

    Fix a use-after-free bug
    
    The format string for message dates is saved and restored between
    sessions, but the string is freed if any preference is changed in the
    preferences window. To avoid using it after it is freed, get the current
    string indirectly from balsa_app.date_string.
    
        * libbalsa/mailbox.c (mbox_model_get_value): get the date format
        string indirectly through balsa_app.date_string.
        * libbalsa/mailbox.h: declare libbalsa_mailbox_date_format as
        gchar **.
        * src/main.c (real_main): initialize it here
        * src/save-restore.c (config_global_load): ...not here.

 ChangeLog          |   11 +++++++++++
 libbalsa/mailbox.c |    4 ++--
 libbalsa/mailbox.h |    2 +-
 src/main.c         |    2 ++
 src/save-restore.c |    1 -
 5 files changed, 16 insertions(+), 4 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 29aea63..f2a7dea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-01-04  Peter Bloomfield  <pbloomfield bellsouth net>
+
+       Fix a use-after-free bug
+
+       * libbalsa/mailbox.c (mbox_model_get_value): get the date format
+       string indirectly through balsa_app.date_string.
+       * libbalsa/mailbox.h: declare libbalsa_mailbox_date_format as
+       gchar **.
+       * src/main.c (real_main): initialize it here
+       * src/save-restore.c (config_global_load): ...not here.
+
 2017-12-11  Peter Bloomfield  <pbloomfield bellsouth net>
 
        Avoid possible repeated dynamic cast
diff --git a/libbalsa/mailbox.c b/libbalsa/mailbox.c
index 51c57ac..a9b08a1 100644
--- a/libbalsa/mailbox.c
+++ b/libbalsa/mailbox.c
@@ -2922,7 +2922,7 @@ lbm_get_index_entry(LibBalsaMailbox * lmm, guint msgno)
     return entry;
 }
 
-gchar *libbalsa_mailbox_date_format;
+gchar **libbalsa_mailbox_date_format;
 static void
 mbox_model_get_value(GtkTreeModel *tree_model,
                      GtkTreeIter  *iter,
@@ -2972,7 +2972,7 @@ mbox_model_get_value(GtkTreeModel *tree_model,
     case LB_MBOX_DATE_COL:
         if(msg) {
             tmp = libbalsa_date_to_utf8(msg->msg_date,
-                                       libbalsa_mailbox_date_format);
+                                       *libbalsa_mailbox_date_format);
             g_value_take_string(value, tmp);
         }
         break;
diff --git a/libbalsa/mailbox.h b/libbalsa/mailbox.h
index 7920399..58b6ba9 100644
--- a/libbalsa/mailbox.h
+++ b/libbalsa/mailbox.h
@@ -671,6 +671,6 @@ typedef enum {
     LB_MBOX_N_COLS
 } LibBalsaMailboxColumn;
 
-extern gchar *libbalsa_mailbox_date_format;
+extern gchar **libbalsa_mailbox_date_format;
 
 #endif                         /* __LIBBALSA_MAILBOX_H__ */
diff --git a/src/main.c b/src/main.c
index 6f60f30..77eb9dd 100644
--- a/src/main.c
+++ b/src/main.c
@@ -540,6 +540,8 @@ real_main(int argc, char *argv[])
     libbalsa_progress_set_fraction = balsa_progress_set_fraction;
     libbalsa_progress_set_activity = balsa_progress_set_activity;
 
+    libbalsa_mailbox_date_format = &balsa_app.date_string;
+
     /* checking for valid config files */
     config_init(cmd_get_stats);
 
diff --git a/src/save-restore.c b/src/save-restore.c
index 24a9e62..50e0243 100644
--- a/src/save-restore.c
+++ b/src/save-restore.c
@@ -668,7 +668,6 @@ config_global_load(void)
     g_free(balsa_app.date_string);
     balsa_app.date_string =
        libbalsa_conf_get_string("DateFormat=" DEFAULT_DATE_FORMAT);
-    libbalsa_mailbox_date_format = balsa_app.date_string;
 
     /* ... Headers to show */
     balsa_app.shown_headers = d_get_gint("ShownHeaders", HEADERS_SELECTED);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]