[Freeassociation-devel] [PATCH] Fix for invalid read in icaltzutil_fetch_timezone

Allen Winter winter at kde.org
Tue Mar 8 14:55:02 PST 2011 

On Tuesday 08 March 2011 4:59:25 pm Sean Finney wrote:
> Hi,
> 
> Are we looking at the same code?
> 
> "./trunk/libical/src/libical/icaltz-util.c" line 339
> 
> looks like it still applies to me...
> 
Whoopsie.. I was looking at a locally patched version
that someone sent me months ago and I never committed.

There's lots of catching up to do in libical.

> 
> 	Sean
> 
> 
> On Tue, 2011-03-08 at 16:28 -0500, Allen Winter wrote:
> > Very strange.
> > I don't see the code you are patching in the svn repo version of icaltz-util.c
> > Well.. I see the EREAD() code, but the other code you are fixing
> > doesn't exist in the svn repo and the code that does exist looks ok.
> > 
> > Additionally, I ran Milan's test program through valgrind and don't see the invalid read.
> > 
> > So I need to reject this patch -- the code that exists already in trunk looks fine to me.
> > 
> > 
> > On Wednesday, February 16, 2011 08:44:00 am sean finney wrote:
> > > note that the calloc calls are still done when num_trans is 0, but this
> > > is legal to do and the returned pointers should be safe to pass to
> > > free() in such a case.  the dereferencing/reading/writing, however,
> > > is not, and that is what is fixed here.
> > > --- ./src/libical/icaltz-util.c	2009-01-08 16:50:21.000000000 +0000
> > > +++ ./src/libical/icaltz-util.c.new	2011-02-16 13:36:03.231178557 +0000
> > > @@ -297,10 +297,10 @@ icaltzutil_fetch_timezone (const char *l
> > >  
> > >  	transitions = calloc (num_trans, sizeof (time_t));
> > >  	r_trans = calloc (num_trans, 4);
> > > -	EFREAD(r_trans, 4, num_trans, f);
> > >  	temp = r_trans;	
> > >  
> > >  	if (num_trans) {
> > > +		EFREAD(r_trans, 4, num_trans, f);
> > >  		trans_idx = calloc (num_trans, sizeof (int));
> > >  		for (i = 0; i < num_trans; i++) {
> > >  			trans_idx [i] = fgetc (f);
> > > @@ -389,7 +389,10 @@ icaltzutil_fetch_timezone (const char *l
> > >  		icalprop = icalproperty_new_tzname (types [zidx].zname);
> > >  		icalcomponent_add_property (std_comp, icalprop);
> > >  
> > > -		trans = transitions [stdidx] + types [zidx].gmtoff;
> > > +		if (num_trans)
> > > +			trans = transitions [stdidx] + types [zidx].gmtoff;
> > > +		else
> > > +			trans = 0;
> > >  		icaltime = icaltime_from_timet (trans, 0);
> > >  		dtstart = icaltime;
> > >  		dtstart.year = 1970;
> > > 
> > > 
> > > ------------------------------------------------------------------------------
> > > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> > > Pinpoint memory and threading errors before they happen.
> > > Find and fix more than 250 security defects in the development cycle.
> > > Locate bottlenecks in serial and parallel code that limit performance.
> > > http://p.sf.net/sfu/intel-dev2devfeb
> > > _______________________________________________
> > > Freeassociation-devel mailing list
> > > Freeassociation-devel at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/freeassociation-devel
> > >
> > 
> 
> 

-- 
Allen Winter | allen at kdab.net | Software Engineer
KDAB (USA), LLC, a KDAB Group company
Tel. USA +1-866-777-KDAB(5322), Sweden (HQ) +46-563-540090
KDAB - Qt Experts - Platform-independent software solutions

More information about the libical-devel mailing list