diff options
| author | Todd <todd@electricoding.com> | 2015-01-17 09:51:45 -0600 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2015-01-19 08:15:05 +0100 |
| commit | 0fc788460276f0e08c3ccae0a779f96125624a8d (patch) | |
| tree | a6f3399e98474678814716ae984db7472e6f138a /lib/thread.cc | |
| parent | 2a0a13a433e24076453da38f18d7d6053af34287 (diff) | |
lib: Fix potential invalid read past an empty string
==22884== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x601600008291 at pc 0x7ff6295680e5 bp 0x7fff4ab9aa40 sp 0x7fff4ab9aa08
READ of size 1 at 0x601600008291 thread T0
#0 0x7ff6295680e4 in __interceptor_strcmp ??:?
#1 0x44763b in _thread_add_message /home/todd/.apps/notmuch/lib/thread.cc:255
#2 0x4459e8 in notmuch_threads_get /home/todd/.apps/notmuch/lib/query.cc:496
#3 0x41e2a7 in do_search_threads /home/todd/.apps/notmuch/notmuch-search.c:131
#4 0x40a408 in main /home/todd/.apps/notmuch/notmuch.c:345
#5 0x7ff627cb9ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
#6 0x40abf3 in _start ??:?
0x601600008291 is located 0 bytes to the right of 97-byte region [0x601600008230,0x601600008291)
allocated by thread T0 here:
#0 0x7ff62956e41a in malloc ??:?
#1 0x7ff628b8ab5d in talloc_strdup ??:?
Diffstat (limited to 'lib/thread.cc')
| -rw-r--r-- | lib/thread.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/thread.cc b/lib/thread.cc index 45425056..4c49f980 100644 --- a/lib/thread.cc +++ b/lib/thread.cc @@ -251,8 +251,8 @@ _thread_add_message (notmuch_thread_t *thread, term != NULL; term = term->next) { - /* We ignore initial 'K'. */ - if (strcmp(tag, (term->string + 1)) == 0) { + /* Check for an empty string, and then ignore initial 'K'. */ + if (*(term->string) && strcmp(tag, (term->string + 1)) == 0) { message_excluded = TRUE; break; } |