Re: [evolution-patches] fix for a crash in connector [exchange]

From: pchenthill <pchenthill novell com>
To: Harish Krishnaswamy <kharish novell com>
Cc: patches <evolution-patches gnome org>
Subject: Re: [evolution-patches] fix for a crash in connector [exchange]
Date: Wed, 22 Feb 2006 14:09:07 +0530

Hi harish,

On Wed, 2006-02-22 at 13:30 +0530, Harish Krishnaswamy wrote:

754: folder = subtrees->data;
<== it is reassigned here before being used again.

If you see

if (hwd->priv->deep_searchable &&
e_folder_exchange_get_has_subfolders (folder)) {
e_folder_exchange_set_has_subfolders (folder, FALSE);
729: subtrees = g_slist_prepend (subtrees, folder); <<<<<<<< Added to the subtrees GList
}
731: exchange_hierarchy_new_folder (hier, folder);
732: g_object_unref (folder);
Here its freed.

Then later ,
while (subtrees) {
folder = subtrees->data; <<<<< accessing the same GList from line no : 729
subtrees = g_slist_remove (subtrees, folder);
/* Dont scan the subtree for deleteditems folder */
757: int_uri = e_folder_exchange_get_internal_uri (folder); << folder is invalid memory (already freed at line no: 732)

We are trying to access a freed memory location which causes the crash.

thanks, Chenthill.

Follow-Ups:
- Re: [evolution-patches] fix for a crash in connector [exchange]
  - From: Harish Krishnaswamy

References:
- [evolution-patches] fix for a crash in connector [exchange]
  - From: pchenthill
- Re: [evolution-patches] fix for a crash in connector [exchange]
  - From: Harish Krishnaswamy

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]