Re: [Evolution-hackers] Memory corruption bug in timezone handling

From: Matthew Barnes <mbarnes redhat com>
To: Robie Basak <robie basak canonical com>
Cc: evolution-hackers gnome org
Subject: Re: [Evolution-hackers] Memory corruption bug in timezone handling
Date: Thu, 29 Mar 2012 06:16:14 -0400

On Thu, 2012-03-29 at 10:33 +0100, Robie Basak wrote:
> I've been investigating a memory corruption issue in evolution which
> causes a crash on my system. I think the problem crosses an API boundary
> and resolving it is non-trivial, so I'd like to better understand what
> is supposed to happen. Any insight into this would be appreciated.
> 
> The problem seems to be that
> icaltimezone.c:icaltimezone_get_builtin_timezone calls icalarray_append,
> which moves the entire array to grow it. But an ECalShellView is
> maintaining a pointer inside that array (via a very long chain of
> indirection) which becomes invalid as the array is moved. This causes
> later corruption, invalid reads from freed memory, and eventually
> segfaults from both the corruption (which appear quite random).

I thought this was solved already by:
http://git.gnome.org/browse/evolution/tree/modules/calendar/e-cal-shell-backend.c#n863

Matthew Barnes

Follow-Ups:
- Re: [Evolution-hackers] Memory corruption bug in timezone handling
  - From: Robie Basak

References:
- [Evolution-hackers] Memory corruption bug in timezone handling
  - From: Robie Basak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]