[evolution-patches] seeking review for bug 46706 :Evolution - 1.4 Evo hangs when forward one contact.

From: Gilbert Fang <gilbert fang sun com>
To: Chris Toshok <toshok ximian com>
Cc: "evolution-patches ximian com" <evolution-patches ximian com>
Subject: [evolution-patches] seeking review for bug 46706 :Evolution - 1.4 Evo hangs when forward one contact.
Date: 11 Aug 2003 14:54:57 +0800

Hi, Chris

  The bug will hang/crash the evolution. It  exists on Suse(SLEC-GM) but
not in RH8.

  I find  it is because the mem aollocation error. The patch works well
in my Suse workspace. 

here is my comments on the patch 
-		attach_data->_maximum = attach_data->_length = strlen (tempstr);
+		attach_data->_maximum = attach_data->_length = strlen (tempstr) + 1;
 		attach_data->_buffer = CORBA_sequence_CORBA_char_allocbuf
(attach_data->_length);
 		strcpy (attach_data->_buffer, tempstr);

Since attach_data is not a Corba string, it is only a sequence of
char, the allocbuf will not be sure to allocate the extra space for
the terminated byte '\0'. Thus the strcpy would be  easily beyond
the memory boundry and evolution will hang or crash some lines later.

But what confused me is the orginial code can work well in RH8. I
guess RH8 has added some  protection codes to avoid such errors. 
Anyway, the patch will not have any harm to other platform and really
fix the bug on SLEC(Suse Linux Enterprise Client). 


Please review it for Evolution 1.4 branch.

Thanks 
Gilbert

Index: addressbook/gui/widgets/e-addressbook-util.c
===================================================================
RCS file: /cvs/gnome/evolution/addressbook/gui/widgets/e-addressbook-util.c,v
retrieving revision 1.26
diff -u -r1.26 e-addressbook-util.c
--- addressbook/gui/widgets/e-addressbook-util.c	14 Jun 2003 04:34:19 -0000	1.26
+++ addressbook/gui/widgets/e-addressbook-util.c	8 Aug 2003 06:10:21 -0000
@@ -532,7 +532,7 @@
 
 		tempstr = e_card_list_get_vcard (cards);
 		attach_data = GNOME_Evolution_Composer_AttachmentData__alloc();
-		attach_data->_maximum = attach_data->_length = strlen (tempstr);
+		attach_data->_maximum = attach_data->_length = strlen (tempstr) + 1;
 		attach_data->_buffer = CORBA_sequence_CORBA_char_allocbuf (attach_data->_length);
 		strcpy (attach_data->_buffer, tempstr);
 		g_free (tempstr);

Follow-Ups:
- Re: [evolution-patches] seeking review for bug 46706 :Evolution - 1.4 Evo hangs when forward one contact.
  - From: Not Zed

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]