Re: read after free in notmuch new

Subject: Re: read after free in notmuch new

Date: Tue, 21 Feb 2017 21:05:44 -0400

To: Tomi Ollila,


From: David Bremner

Tomi Ollila <> writes:

> To me it looks like replacing g_hash_table_insert() with 
> g_hash_table_replace() would do the trick.
> (or even g_hash_table_add()!)
> One has to read the documentation a bit (and compare the docstrings of
> these 2 functions to guess the missing pieces) to get some understanding to
> this...

Hi Tomi;

Thanks for the suggestion. Unfortunately in my experiments it just
shifts the invalid memory access to a different piece of memory. I think
the problem is that a pointer to the previous copy of that key also
leaked a reference via last_ref, so when we kill that via
g_hash_table_replace it causes the same problem.