From 31b54bc78735c628035a046e526ac4c596d830cf Mon Sep 17 00:00:00 2001 From: Carl Worth Date: Fri, 20 Nov 2009 12:06:11 +0100 Subject: [PATCH] Avoid access of a Xapian iterator's object when there's nothing there. This eliminates a crash when a message (either corrupted or a non-mail file that wasn't properly detected as not being mail) has no In-Reply-To header, (and so few terms that trying to skip to the prefix of the In-Reply-To terms actually brings us to the end of the termlist). --- lib/message.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/message.cc b/lib/message.cc index 9488fb66..41dddd07 100644 --- a/lib/message.cc +++ b/lib/message.cc @@ -285,7 +285,8 @@ _notmuch_message_get_in_reply_to (notmuch_message_t *message) i = message->doc.termlist_begin (); i.skip_to (prefix); - in_reply_to = *i; + if (i != message->doc.termlist_end ()) + in_reply_to = *i; /* It's perfectly valid for a message to have no In-Reply-To * header. For these cases, we return an empty string. */ @@ -332,10 +333,10 @@ notmuch_message_get_thread_id (notmuch_message_t *message) return message->thread_id; i = message->doc.termlist_begin (); - i.skip_to (prefix); - id = *i; + if (i != message->doc.termlist_end ()) + id = *i; if (i == message->doc.termlist_end () || id[0] != *prefix) INTERNAL_ERROR ("Message with document ID of %d has no thread ID.\n", @@ -466,7 +467,7 @@ notmuch_message_get_tags (notmuch_message_t *message) i.skip_to (prefix); - while (1) { + while (i != end) { tag = *i; if (tag.empty () || tag[0] != *prefix)