Patch: camel_mime_message_set_subject() memory corruption

From: Murray Cumming <murrayc murrayc com>
To: tinymail-devel-list <tinymail-devel-list gnome org>
Subject: Patch: camel_mime_message_set_subject() memory corruption
Date: Wed, 16 May 2007 15:05:24 +0200

valgrind showed me that camel_mime_message_set_subject() is not really
taking a copy, though it thinks it is. This patch fixes it. Permission
to commit?

I will see if it's necessary in the regular camel source code and
resubmit it there if necessary.

-- 
Murray Cumming
murrayc murrayc com
www.murrayc.com
www.openismus.com

Index: libtinymail-camel/camel-lite/camel/camel-mime-message.c
===================================================================
--- libtinymail-camel/camel-lite/camel/camel-mime-message.c	(revision 1965)
+++ libtinymail-camel/camel-lite/camel/camel-mime-message.c	(working copy)
@@ -399,13 +399,21 @@
 void
 camel_mime_message_set_subject (CamelMimeMessage *mime_message, const char *subject)
 {
-	char *text;
+	char *text = NULL;
 	
 	g_assert(mime_message);
 	
 	g_free (mime_message->subject);
-	mime_message->subject = g_strstrip (g_strdup (subject));
-	text = camel_header_encode_string((unsigned char *)mime_message->subject);
+	mime_message->subject = NULL;
+	
+	if (subject) {
+		mime_message->subject = g_strdup (subject);
+		g_strstrip (mime_message->subject);
+	}
+	
+	if (mime_message->subject)
+		text = camel_header_encode_string((unsigned char *)mime_message->subject);
+		
 	CAMEL_MEDIUM_CLASS(parent_class)->set_header(CAMEL_MEDIUM (mime_message), "Subject", text);
 	g_free (text);
 }
Index: libtinymail-camel/camel-lite/ChangeLog
===================================================================
--- libtinymail-camel/camel-lite/ChangeLog	(revision 1965)
+++ libtinymail-camel/camel-lite/ChangeLog	(working copy)
@@ -1,3 +1,10 @@
+2007-05-16  Murray Cumming  <murrayc murrayc com>
+
+	* camel/camel-mime-message.c: (camel_mime_message_set_subject):
+	Prevent memory corruption. g_strstrip() does not return a newly 
+	allocated string. Also, camel_header_encode_string() doesn't seem to like 
+	being given NULL.
+
 2006-10-17  Philip Van Hoof  <pvanhoof gnome org>
 
 	* Merged a lot code. Synced with latest version in CVS

Follow-Ups:
- Re: Patch: camel_mime_message_set_subject() memory corruption
  - From: Philip Van Hoof

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]