Re: read after free in notmuch new

Subject:Re: read after free in notmuch new

Date:Tue, 21 Feb 2017 21:05:44 -0400

To:Tomi Ollila ,notmuch@notmuchmail.org

Cc:

From:David Bremner


Tomi Ollila <tomi.ollila@iki.fi> writes:

> To me it looks like replacing g_hash_table_insert() with 
> g_hash_table_replace() would do the trick.
>
> (or even g_hash_table_add()!)
>
> One has to read the documentation a bit (and compare the docstrings of
> these 2 functions to guess the missing pieces) to get some understanding to
> this...
>

Hi Tomi;

Thanks for the suggestion. Unfortunately in my experiments it just
shifts the invalid memory access to a different piece of memory. I think
the problem is that a pointer to the previous copy of that key also
leaked a reference via last_ref, so when we kill that via
g_hash_table_replace it causes the same problem.

d

Thread: