After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 494096 - acess the element beyond the bounds of an array cause evolution to crash
acess the element beyond the bounds of an array cause evolution to crash
Status: RESOLVED DUPLICATE of bug 492426
Product: evolution-data-server
Classification: Platform
Component: libical
unspecified
Other opensolaris
: High major
: ---
Assigned To: evolution-calendar-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2007-11-06 10:41 UTC by Wang Xin
Modified: 2007-11-13 16:29 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
patch to fix the bug (315 bytes, patch)
2007-11-06 10:42 UTC, Wang Xin 		none Details | Review

Description Wang Xin 2007-11-06 10:41:39 UTC 
In the code of libical/src/libical/icaltz-util.c:find_transidx, there is a possibility of acessing the element beyond the bounds of the trans_idx.
134	  	 for (i = 0; i < num_trans; i++) {
135 	  	  	if (now < transitions [i]) {
136 	  	  	found = 1;
137 	  	  	break;
138 	  	  	}
139 	  	  }
Assume num_trans is 4, and if the now < transitions[i] is true when i is 3, in the code
147 	  	  idx = trans_idx [i];
148 	  	  types [idx].isdst ? (*dstidx = i) : (*stdidx = i);
149 	  	  	
150 	  	  if (i >= num_trans)
151 	  	  	i--;
152 	  	  else
153 	  	  	i++;
154 	  	  	
155 	  	  idx = trans_idx [i];
156 	  	  types [idx].isdst ? (*dstidx = i) : (*stdidx = i);

line 153 will be executed and then i will be 4 which is invalid and trans_idx[i](trans_idx[4]) is not a valid element in the trans_idx array.
Comment 1 Wang Xin 2007-11-06 10:42:22 UTC 
Created attachment 98646 [details] [review]
patch to fix the bug
Comment 2 Milan Crha 2007-11-13 16:29:06 UTC 

*** This bug has been marked as a duplicate of 492426 ***