[evolution-patches] fix for bug #55280 (camel-object)

From: Jeffrey Stedfast <fejj ximian com>
To: evolution-patches ximian com
Subject: [evolution-patches] fix for bug #55280 (camel-object)
Date: Wed, 10 Mar 2004 14:04:00 -0500

http://bugzilla.ximian.com/show_bug.cgi?id=55280

The g_try_malloc() replacement is just so that if the count value is too high (corrupt?) that we don't abort(), especially since it's not a major deal if we can't set the meta data on the object.

I'm not sure what (count - CAMEL_ARGV_MAX) was supposed to do? if count was less than 20, then we'd end up trying to malloc a negative amount of memory (or, rather, a really large amount of memory). If count == 20, then we'd malloc just enough space for the containing struct, but none of the args. And finally, if count was > 20, we'd malloc 20 fewer args than we'd need...

or, at least that's what it looked like to me. From what I could tell, CAMEL_ARGV_MAX was meant to be a limiter when setting a bunch of args. Maybe that malloc call was copy/paste-o'd from somewhere else where it was valid.

Jeff

? 55280.patch
? ChangeLog.nonximian
? body
? body.c
? body.txt
? camel-namespace.patch
? charset-map.c
? charset-map.diff
? class.sh
? cmsutil.c
? date.patch
? flags
? gw-body.txt
? imap
? invalid-content-id.patch
? iso
? iso.c
? namespace.sh
? pop3-uidl.patch
? smime
? uid-cache.patch
? providers/local/camel-mozilla-folder.c
? providers/local/camel-mozilla-folder.h
? providers/local/camel-mozilla-store.c
? providers/local/camel-mozilla-store.h
? tests/data/camel-mime-tests.tar.gz
Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/evolution/camel/ChangeLog,v
retrieving revision 1.2029
diff -u -r1.2029 ChangeLog
--- ChangeLog	4 Mar 2004 02:00:26 -0000	1.2029
+++ ChangeLog	10 Mar 2004 18:42:50 -0000
@@ -1,3 +1,11 @@
+2004-03-10  Jeffrey Stedfast  <fejj ximian com>
+
+	Fix for bug #55280.
+
+	* camel-object.c (cobject_state_read): Don't malloc (count -
+	CAMEL_ARGV_MAX) args, we want to malloc count args. Also, use
+	g_try_malloc so that if it fails, we can recover.
+
 2004-03-04  Not Zed  <NotZed Ximian com>
 
 	** See bug #53355.
Index: camel-object.c
===================================================================
RCS file: /cvs/gnome/evolution/camel/camel-object.c,v
retrieving revision 1.45
diff -u -r1.45 camel-object.c
--- camel-object.c	4 Feb 2004 05:57:19 -0000	1.45
+++ camel-object.c	10 Mar 2004 18:42:50 -0000
@@ -438,9 +438,11 @@
 			/* maybe it was just version 0 afterall */
 			return 0;
 		}
-
+		
 		/* we batch up the properties and set them in one go */
-		argv = g_malloc(sizeof(*argv) + (count - CAMEL_ARGV_MAX) * sizeof(argv->argv[0]));
+		if (!(argv = g_try_malloc (sizeof (*argv) + count * sizeof (argv->argv[0]))))
+			return -1;
+		
 		argv->argc = 0;
 		for (i=0;i<count;i++) {
 			if (camel_file_util_decode_uint32(fp, &argv->argv[argv->argc].tag) == -1)

Follow-Ups:
- Re: [evolution-patches] fix for bug #55280 (camel-object)
  - From: Not Zed

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]