[Freeassociation-devel] [PATCH] Fix for invalid read in icaltzutil_fetch_timezone

Allen Winter winter at kde.org
Tue Mar 8 13:28:38 PST 2011 

Very strange.
I don't see the code you are patching in the svn repo version of icaltz-util.c
Well.. I see the EREAD() code, but the other code you are fixing
doesn't exist in the svn repo and the code that does exist looks ok.

Additionally, I ran Milan's test program through valgrind and don't see the invalid read.

So I need to reject this patch -- the code that exists already in trunk looks fine to me.


On Wednesday, February 16, 2011 08:44:00 am sean finney wrote:
> note that the calloc calls are still done when num_trans is 0, but this
> is legal to do and the returned pointers should be safe to pass to
> free() in such a case.  the dereferencing/reading/writing, however,
> is not, and that is what is fixed here.
> --- ./src/libical/icaltz-util.c	2009-01-08 16:50:21.000000000 +0000
> +++ ./src/libical/icaltz-util.c.new	2011-02-16 13:36:03.231178557 +0000
> @@ -297,10 +297,10 @@ icaltzutil_fetch_timezone (const char *l
>  
>  	transitions = calloc (num_trans, sizeof (time_t));
>  	r_trans = calloc (num_trans, 4);
> -	EFREAD(r_trans, 4, num_trans, f);
>  	temp = r_trans;	
>  
>  	if (num_trans) {
> +		EFREAD(r_trans, 4, num_trans, f);
>  		trans_idx = calloc (num_trans, sizeof (int));
>  		for (i = 0; i < num_trans; i++) {
>  			trans_idx [i] = fgetc (f);
> @@ -389,7 +389,10 @@ icaltzutil_fetch_timezone (const char *l
>  		icalprop = icalproperty_new_tzname (types [zidx].zname);
>  		icalcomponent_add_property (std_comp, icalprop);
>  
> -		trans = transitions [stdidx] + types [zidx].gmtoff;
> +		if (num_trans)
> +			trans = transitions [stdidx] + types [zidx].gmtoff;
> +		else
> +			trans = 0;
>  		icaltime = icaltime_from_timet (trans, 0);
>  		dtstart = icaltime;
>  		dtstart.year = 1970;
> 
> 
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Freeassociation-devel mailing list
> Freeassociation-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/freeassociation-devel
>

More information about the libical-devel mailing list