GNOME Bugzilla – Bug 726788
Crash on malformed vCard
Last modified: 2014-03-24 14:53:50 UTC
Created attachment 272512 [details] Test case Here is a really simple test case that lead to a crash. I know that's not a valid vcard, but that's not a reason to crash.
Note that you need G_SLICE=always-malloc to make it crash. Running it with valgrind shows that it's reading freed memory.
Created attachment 272514 [details] [review] EVCard: Fix possible crash when parsing invalid vcard If the vcard is "END:VCARD" then the attribute is added to the list, then freed. So next time we iterate on attributes it will read freed memory and crash.
I'd prefer it if strcmp()-style calls explicitly check the return value for equality or inequality with 0. It makes the code more readable. Otherwise the patch looks okay to me. Can commit after the code freeze ends next week.
Right, I hate if(strcmp()) as well. Was unsure because that file often doesn't comparent to 0.
Created attachment 272518 [details] [review] EVCard: Fix possible crash when parsing invalid vcard If the vcard is "END:VCARD" then the attribute is added to the list, then freed. So next time we iterate on attributes it will read freed memory and crash.
Created commit 7d6f05a in eds master (3.13.1+) [1] Created commit c79455a in eds evolution-data-server-3-12 (3.12.1+) [1] https://git.gnome.org/browse/evolution-data-server/commit/?id=c79455a