GNOME Bugzilla – Bug 331208
[PATCH] e-d-s may take up all available memory and/or crash
Last modified: 2013-09-14 16:49:10 UTC
Please describe the problem: There is some strange code in camel-object.c (see attached patch) that can cause e-d-s to take up all available memory (if count < CAMEL_ARGV_MAX) or crash on a segfault (since cobject_state_write() tries to dereference argv and arggetv which are NULL). The attached patch is a proposed fix to the first problem, but this code just seems strange, and I'm not sure where exactly it's used. I think it should either be taken out, or reworked. Steps to reproduce: Not exactly sure. One of our amd64 users encountered the out-of-memory problem everytime he started up Evo. This was with Evo 2.4, and e-d-s 1.4. Since these functions read/write to a file, I imagine he had some corrupt configuration files. However, a crash or memory hog problem should not occur if it can be avoided. Actual results: Depending on which function is called, e-d-s will either take up all available memory or crash. Expected results: e-d-s should not try to allocate 4 GB of memory, and it should not crash. Does this happen every time? No, unfortunately. Other information:
Created attachment 59378 [details] [review] Fix memory hog problem in e-d-s
This is the same as bug #331099, though our patches are different. My note on this patch (which I haven't tested) is that count should always be < CAMEL_ARGV_MAX, and sizeof(*argv) includes space for CAMEL_ARGV_MAX entries. That's why the at-first-glance strange subtraction of size is happening. So adding more to the allocation seems wrong to me.
*** This bug has been marked as a duplicate of 331099 ***