Use-after-free under icaltimezone_convert_time()
Robert Stepanek
rsto at fastmailteam.com
Tue Oct 17 06:34:26 PDT 2017
On Tue, Oct 10, 2017, at 08:58, Milan Crha wrote:
> I think the best would be to add some thread safety around
> icaltimezone::changes
Two questions:
Do I understand correctly that *all* timezone structs returned currently
by libical (with get_builtin_timezone) are not thread-safe? That is,
it's not just an effect of the special way how Evolution interacts with
libical? That would be important to know for developers, shouldn't we
put that in the documentation?
As to the patch: Couldn't we just rewrite libical to return a
copy of its internal builtin timezone, created with icaltimezone_copy?
E.g, each instance of a icaltime struct would maintain its own changes
array, and there would be no need for locking? Obviously, callers would
need to take care of freeing the timezone, so we might define this as
icaltimezone_get_builtin_r or the like.
Cheers,
Robert
More information about the libical-devel
mailing list