Re: Patch: Avoid a crash iterating in imap summary if it's corrupted.
- From: Philip Van Hoof <spam pvanhoof be>
- To: José Dapena Paz <jdapena igalia com>
- Cc: tinymail-devel-list <tinymail-devel-list gnome org>
- Subject: Re: Patch: Avoid a crash iterating in imap summary if it's corrupted.
- Date: Sat, 25 Jul 2009 11:49:39 +0200
Approved, nice catch!
On Fri, 2009-07-24 at 17:52 +0200, José Dapena Paz wrote:
> Hi,
>
> Patch for avoiding a crash in the recovery code in imap summary. An
> example of loop that may fail there:
>
> curlen = 17, seq = 1
>
> It will iterate from curlen - 1 (16).
>
> When it finishes iteration with r = 0, it evaluates to true in for (r
> >= seq - 1, then 0 >= 0) and will decrease r and iterate again (with r =
> -1). This is a crash accessing the pointer array with a negative index.
>
> Changelog entry:
>
> * libtinymail-camel/camel-lite/camel/providers/imap/camel-imap-folder.c
> (imap_update_summary): if summary is bigger than the sequence number
> coming from server, summary is corrupt. We were iterating wrongly to
> remove the extra elements, and could cause a crash.
>
> _______________________________________________
> tinymail-devel-list mailing list
> tinymail-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/tinymail-devel-list
--
Philip Van Hoof, freelance software developer
home: me at pvanhoof dot be
gnome: pvanhoof at gnome dot org
http://pvanhoof.be/blog
http://codeminded.be
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]