Re: [Evolution-hackers] Memory corruption bug in timezone handling

On Thu, 2012-03-29 at 10:33 +0100, Robie Basak wrote:
> I've been investigating a memory corruption issue in evolution which
> causes a crash on my system. I think the problem crosses an API boundary
> and resolving it is non-trivial, so I'd like to better understand what
> is supposed to happen. Any insight into this would be appreciated.
> The problem seems to be that
> icaltimezone.c:icaltimezone_get_builtin_timezone calls icalarray_append,
> which moves the entire array to grow it. But an ECalShellView is
> maintaining a pointer inside that array (via a very long chain of
> indirection) which becomes invalid as the array is moved. This causes
> later corruption, invalid reads from freed memory, and eventually
> segfaults from both the corruption (which appear quite random).

I thought this was solved already by:

Matthew Barnes

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]