Re: [Tracker] [PATCH] trackerd null termination of tracker_db_search_text result
- From: Jamie McCracken <jamiemcc blueyonder co uk>
- To: Quirky <quirky zoom co uk>
- Cc: tracker-list gnome org
- Subject: Re: [Tracker] [PATCH] trackerd null termination of tracker_db_search_text result
- Date: Sun, 22 Oct 2006 21:40:25 +0100
Quirky wrote:
Please consider the attached patch that fixes a random crash when
performing a search but the returned hits ids are not all converted to
path results.
The crash was caused when freeing an out-of-bounds pointer or
dereferencing such a pointer in the function
tracker_dbus_method_search_text. Around tracker-dbus-search.c line 90,
the array "res" has its length determined by running through it until a
NULL is found. There is a possibility that the array returned from
tracker_db_search_text is not null terminated correctly. If this is the
case, then there could be a non null array entry that is not a valid
pointer, but random garbage memory.
For example, in tracker_db_search_text, str_id was "3101" and the
GetFileByID execution returned a "null" result. So out of 22 results,
only 20 were placed in the returned array. The null end was set at
res[21] (initial value of count). When dereferencing e.g. res[20] in the
caller function trackerd seg faults.
Not sure what caused this set up in the database, but it makes things a
bit more robust in this case.
thanks have applied - btw what name do you want me to use for the
ChangeLog entry? (surely not Quirky?)
--
Mr Jamie McCracken
http://jamiemcc.livejournal.com/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
