Use-after-free in 2.0.0 under icalrecur_iterator_new()
Ken Murchison
murch at andrew.cmu.edu
Thu Feb 18 14:01:32 PST 2016
On 02/11/2016 09:11 AM, Milan Crha wrote:
> On Wed, 2016-02-10 at 18:48 +0100, Milan Crha wrote:
>> I'm using libical 2.0.0 for testing and such and I realized that it's
>> easy to let the application
> Hi,
> please find the attached proposed patch for the issue.
>
> It defines a new private pool of strings being used
> for icalrecurrencetype::rscale. As the pool is shared by all threads,
> it is safe to pass the values between them.
Rather than creating a shared pool, wouldn't it be easier to just
dynamically allocate rscale for each icalrecurrencetype (not out of the
shared icalmemory pool)? Or rscale could just be a fixed length buffer,
assuming that the name from ICU have a documented maximum length.
--
Kenneth Murchison
Principal Systems Software Engineeer
Carnegie Mellon University
More information about the libical-devel
mailing list