Patch: avoid doublefree of imap_store->namespace

From: José Dapena Paz <jdapena igalia com>
To: tinymail-devel-list <tinymail-devel-list gnome org>
Subject: Patch: avoid doublefree of imap_store->namespace
Date: Wed, 28 Jan 2009 10:39:54 +0100

	Hi,

	This patch avoids a double space that could happen sometimes, as we're
doing g_free on namespace free when this could be just a reference copy
of imap_store->namespace->prefix. This can cause sometimes crashes,
specially on copy/move/rename operations.

Changelog entry:
* libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c:
  imap_store->namespace should always own a copy of the string, to
  avoid some double frees causing crashes
-- 
José Dapena Paz <jdapena igalia com>
Igalia

diff --git a/ChangeLog b/ChangeLog
index 2b41fd7..da71dd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2009-01-28  Jose Dapena Paz  <jdapena igalia com>
+
+	* libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c:
+	imap_store->namespace should always own a copy of the string, to
+	avoid some double frees causing crashes.
+
 2009-01-23  Sergio Villar Senin  <svillar igalia com>
 
 	* libtinymailui-gtk/tny-gtk-folder-list-store.c (deleter): Remove
diff --git a/libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c b/libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c
index 882ec1d..f9fa800 100644
--- a/libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c
+++ b/libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-store.c
@@ -616,6 +616,9 @@ camel_imap_store_finalize (CamelObject *object)
 		disco->diary = NULL;
 	}
 
+	g_free (imap_store->namespace);
+	imap_store->namespace = NULL;
+
 	if (imap_store->namespaces)
 		imap_namespaces_destroy (imap_store->namespaces);
 
@@ -703,6 +706,11 @@ camel_imap_store_init (gpointer object, gpointer klass)
 	imap_store->tag_prefix = imap_tag_prefix++;
 	if (imap_tag_prefix > 'Z')
 		imap_tag_prefix = 'A';
+
+	imap_store->namespaces = NULL;
+	imap_store->namespace = NULL;
+	imap_store->base_url = NULL;
+	imap_store->storage_path = NULL;
 }
 
 CamelType
@@ -832,8 +840,10 @@ construct (CamelService *service, CamelSession *session,
 				lst = lst->next;
 			}
 
+			if (imap_store->namespace)
+				g_free (imap_store->namespace);
 			if (imap_store->namespaces && imap_store->namespaces->personal) {
-				imap_store->namespace = imap_store->namespaces->personal->prefix;
+				imap_store->namespace = g_strdup (imap_store->namespaces->personal->prefix);
 				imap_store->dir_sep = imap_store->namespaces->personal->delim;
 			} else {
 				imap_store->namespace = NULL;
@@ -847,6 +857,8 @@ construct (CamelService *service, CamelSession *session,
 			if (imap_store->namespace && strcmp(imap_store->namespace, is->namespace->full_name) != 0) {
 				camel_store_summary_clear((CamelStoreSummary *)is);
 			} else {
+				if (imap_store->namespace)
+					g_free (imap_store->namespace);
 				imap_store->namespace = g_strdup(is->namespace->full_name);
 				imap_store->dir_sep = is->namespace->sep;
 			}
@@ -2236,8 +2248,10 @@ imap_connect_online (CamelService *service, CamelException *ex)
 		store->namespaces = imap_parse_namespace_response (result);
 		namespaces = store->namespaces;
 
+		if (store->namespace)
+			g_free (store->namespace);
 		if (namespaces && namespaces->personal) {
-			store->namespace = namespaces->personal->prefix;
+			store->namespace = g_strdup (namespaces->personal->prefix);
 			store->dir_sep = namespaces->personal->delim;
 		} else {
 			store->namespace = NULL;
@@ -2256,8 +2270,10 @@ imap_connect_online (CamelService *service, CamelException *ex)
 		camel_imap_store_summary_namespace_add(store->summary,ns);
 	}
 
-	if (store->namespace && strlen (store->namespace) == 0)
+	if (store->namespace && strlen (store->namespace) == 0) {
+		g_free (store->namespace);
 		store->namespace = NULL;
+	}
 
 	if (store->namespace && !store->dir_sep) {
 		if (FALSE && store->server_level >= IMAP_LEVEL_IMAP4REV1) {
@@ -2422,8 +2438,10 @@ imap_disconnect_offline (CamelService *service, gboolean clean, CamelException *
 		store->authtypes = NULL;
 	}
 
-	if (store->namespace && !(store->parameters & IMAP_PARAM_OVERRIDE_NAMESPACE))
+	if (store->namespace && !(store->parameters & IMAP_PARAM_OVERRIDE_NAMESPACE)) {
+		g_free (store->namespace);
 		store->namespace = NULL;
+	}
 
 	return TRUE;
 }

Follow-Ups:
- Re: Patch: avoid doublefree of imap_store->namespace
  - From: Philip Van Hoof

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]