mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-22 02:48:08 +01:00
lib/open: fix potential double-free, ensure *database=NULL on error
During refactoring for 0.32, the code that set notmuch=NULL on various errors was moved into _finish_open. This meant that the the code which relied on that to set *database to NULL on error was no longer correct. It also introduced a potential double free, since the notmuch struct was deallocated inside _finish_open (via n_d_destroy). In this commit we revert to "allocator frees", and leave any cleanup to the caller of _finish_open. This allows us to get back the behaviour of setting *database to NULL with a small change. Other callers of _finish_open will need free notmuch on errors.
This commit is contained in:
parent
a942cb8ee3
commit
74c4ce6d88
2 changed files with 5 additions and 10 deletions
13
lib/open.cc
13
lib/open.cc
|
@ -396,8 +396,6 @@ _finish_open (notmuch_database_t *notmuch,
|
||||||
" has a newer database format version (%u) than supported by this\n"
|
" has a newer database format version (%u) than supported by this\n"
|
||||||
" version of notmuch (%u).\n",
|
" version of notmuch (%u).\n",
|
||||||
database_path, version, NOTMUCH_DATABASE_VERSION));
|
database_path, version, NOTMUCH_DATABASE_VERSION));
|
||||||
notmuch_database_destroy (notmuch);
|
|
||||||
notmuch = NULL;
|
|
||||||
status = NOTMUCH_STATUS_FILE_ERROR;
|
status = NOTMUCH_STATUS_FILE_ERROR;
|
||||||
goto DONE;
|
goto DONE;
|
||||||
}
|
}
|
||||||
|
@ -414,8 +412,6 @@ _finish_open (notmuch_database_t *notmuch,
|
||||||
" requires features (%s)\n"
|
" requires features (%s)\n"
|
||||||
" not supported by this version of notmuch.\n",
|
" not supported by this version of notmuch.\n",
|
||||||
database_path, incompat_features));
|
database_path, incompat_features));
|
||||||
notmuch_database_destroy (notmuch);
|
|
||||||
notmuch = NULL;
|
|
||||||
status = NOTMUCH_STATUS_FILE_ERROR;
|
status = NOTMUCH_STATUS_FILE_ERROR;
|
||||||
goto DONE;
|
goto DONE;
|
||||||
}
|
}
|
||||||
|
@ -489,8 +485,6 @@ _finish_open (notmuch_database_t *notmuch,
|
||||||
} catch (const Xapian::Error &error) {
|
} catch (const Xapian::Error &error) {
|
||||||
IGNORE_RESULT (asprintf (&message, "A Xapian exception occurred opening database: %s\n",
|
IGNORE_RESULT (asprintf (&message, "A Xapian exception occurred opening database: %s\n",
|
||||||
error.get_msg ().c_str ()));
|
error.get_msg ().c_str ()));
|
||||||
notmuch_database_destroy (notmuch);
|
|
||||||
notmuch = NULL;
|
|
||||||
status = NOTMUCH_STATUS_XAPIAN_EXCEPTION;
|
status = NOTMUCH_STATUS_XAPIAN_EXCEPTION;
|
||||||
}
|
}
|
||||||
DONE:
|
DONE:
|
||||||
|
@ -559,10 +553,13 @@ notmuch_database_open_with_config (const char *database_path,
|
||||||
free (message);
|
free (message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (status && notmuch) {
|
||||||
|
notmuch_database_destroy (notmuch);
|
||||||
|
notmuch = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (database)
|
if (database)
|
||||||
*database = notmuch;
|
*database = notmuch;
|
||||||
else
|
|
||||||
talloc_free (notmuch);
|
|
||||||
|
|
||||||
if (notmuch)
|
if (notmuch)
|
||||||
notmuch->open = true;
|
notmuch->open = true;
|
||||||
|
|
|
@ -862,7 +862,6 @@ cat <<EOF > c_tail3
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
test_begin_subtest "open: database set to null on missing config"
|
test_begin_subtest "open: database set to null on missing config"
|
||||||
test_subtest_known_broken
|
|
||||||
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR}
|
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR}
|
||||||
notmuch_status_t st = notmuch_database_open_with_config(argv[1],
|
notmuch_status_t st = notmuch_database_open_with_config(argv[1],
|
||||||
NOTMUCH_DATABASE_MODE_READ_ONLY,
|
NOTMUCH_DATABASE_MODE_READ_ONLY,
|
||||||
|
@ -876,7 +875,6 @@ EOF
|
||||||
test_expect_equal_file EXPECTED OUTPUT
|
test_expect_equal_file EXPECTED OUTPUT
|
||||||
|
|
||||||
test_begin_subtest "open: database set to null on missing config (env)"
|
test_begin_subtest "open: database set to null on missing config (env)"
|
||||||
test_subtest_known_broken
|
|
||||||
old_NOTMUCH_CONFIG=${NOTMUCH_CONFIG}
|
old_NOTMUCH_CONFIG=${NOTMUCH_CONFIG}
|
||||||
NOTMUCH_CONFIG="/nonexistent"
|
NOTMUCH_CONFIG="/nonexistent"
|
||||||
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR}
|
cat c_head3 - c_tail3 <<'EOF' | test_C ${MAIL_DIR}
|
||||||
|
|
Loading…
Reference in a new issue