GNOME Bugzilla – Bug 607024
Invalid read in soup-cookie.c
Last modified: 2010-01-23 20:35:38 UTC
From valgrind: ==4749== Invalid read of size 1 ==4749== at 0x6587559: soup_cookie_applies_to_uri (soup-cookie.c:929) ==4749== by 0x6588065: soup_cookie_jar_get_cookies (soup-cookie-jar.c:333) ==4749== by 0x658873C: request_started (soup-cookie-jar.c:497) ==4749== by 0x65A1B1E: request_started (soup-session-feature.c:106) ==4749== by 0x6576813: soup_marshal_VOID__OBJECT_OBJECT (soup-marshal.c:90) ==4749== by 0x67C8991: g_closure_invoke (gclosure.c:767) ==4749== by 0x67DE51C: signal_emit_unlocked_R (gsignal.c:3243) ==4749== by 0x67DFA93: g_signal_emit_valist (gsignal.c:2976) ==4749== by 0x67E01B5: g_signal_emit (gsignal.c:3033) ==4749== by 0x659EA6A: soup_session_send_queue_item (soup-session.c:1160) ==4749== by 0x65A13DA: run_queue (soup-session-async.c:347) ==4749== by 0x65A15CD: idle_run_queue (soup-session-async.c:400) ==4749== Address 0xa9ae7af is 1 bytes before a block of size 1 alloc'd ==4749== at 0x4005BDC: malloc (vg_replace_malloc.c:195) ==4749== by 0x6842823: g_malloc (gmem.c:131) ==4749== by 0x685B138: g_strdup (gstrfuncs.c:102) ==4749== by 0x6586A65: cookie_new_internal (soup-cookie.c:333) ==4749== by 0x6586B63: soup_cookie_new (soup-cookie.c:382) ==4749== by 0x4E3037A: callback (soup-cookie-jar-sqlite.c:213) ==4749== by 0x26318DF: sqlite3_exec (sqlite3.c:75328) ==4749== by 0x4E30494: exec_query_with_try_create_table (soup-cookie-jar-sqlite.c:246) ==4749== by 0x4E3066A: load (soup-cookie-jar-sqlite.c:295) ==4749== by 0x4E30084: set_property (soup-cookie-jar-sqlite.c:117) ==4749== by 0x67CE8E5: g_object_constructor (gobject.c:973) ==4749== by 0x67CFCA1: g_object_newv (gobject.c:1261) AFAICT this means that the path in the cookie is the empty string "" and we are reading one byte before it begins.
fixed, thanks