Re: read after free in notmuch new

Subject: Re: read after free in notmuch new

Date: Tue, 21 Feb 2017 21:05:44 -0400

To: Tomi Ollila, notmuch@notmuchmail.org

Cc:

Tomi Ollila <tomi.ollila@iki.fi> writes:

> To me it looks like replacing g_hash_table_insert() with 
> g_hash_table_replace() would do the trick.
>
> (or even g_hash_table_add()!)
>
> One has to read the documentation a bit (and compare the docstrings of
> these 2 functions to guess the missing pieces) to get some understanding to
> this...
>

Hi Tomi;

Thanks for the suggestion. Unfortunately in my experiments it just
shifts the invalid memory access to a different piece of memory. I think
the problem is that a pointer to the previous copy of that key also
leaked a reference via last_ref, so when we kill that via
g_hash_table_replace it causes the same problem.

d

Previous message (by thread): Re: read after free in notmuch new

Thread:

David Bremner—read after free in notmuch new [attachment, inbox, unread]
- David Bremner—Re: read after free in notmuch new [attachment, inbox, notmuch::bug, notmuch::fixed, unread]
  - David Bremner—Re: read after free in notmuch new [inbox, unread]
    - Tomi Ollila—Re: read after free in notmuch new [inbox, unread]
      - David Bremner—Re: read after free in notmuch new [inbox, unread]
        David Bremner—Re: read after free in notmuch new [inbox, unread]
        David Bremner—[PATCH] lib: fix g_hash_table related read-after-free bug [inbox, notmuch::needs-review, notmuch::patch, notmuch::pushed, unread]
        Tomi Ollila—Re: [PATCH] lib: fix g_hash_table related read-after-free bug [inbox, unread]
        David Bremner—Re: [PATCH] lib: fix g_hash_table related read-after-free bug [inbox, unread]
  - David Bremner—Re: read after free in notmuch new [inbox, unread]