From: Todd <todd@electricoding.com>
Date: Sat, 17 Jan 2015 15:51:46 +0000 (-0600)
Subject: lib: Fix use after free
X-Git-Tag: 0.20~88
X-Git-Url: https://git.notmuchmail.org/git?a=commitdiff_plain;h=ef5b4947d8eaea745764e11fe346f67ca2e4a988;hp=ef5b4947d8eaea745764e11fe346f67ca2e4a988;p=notmuch

lib: Fix use after free

_thread_set_subject_from_message sometimes replaces the subject, making the
cur_subject point to free'd memory

==6550== ERROR: AddressSanitizer: heap-use-after-free on address 0x601a0000bec0 at pc 0x4464a4 bp 0x7fffa40be910 sp 0x7fffa40be908
READ of size 1 at 0x601a0000bec0 thread T0
    #0 0x4464a3 in _thread_add_matched_message /home/todd/.apps/notmuch/lib/thread.cc:369
    #1 0x443c2c in notmuch_threads_get /home/todd/.apps/notmuch/lib/query.cc:496
    #2 0x41d947 in do_search_threads /home/todd/.apps/notmuch/notmuch-search.c:131
    #3 0x40a3fe in main /home/todd/.apps/notmuch/notmuch.c:345
    #4 0x7f4e535b4ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #5 0x40abe6 in _start ??:?
0x601a0000bec0 is located 96 bytes inside of 134-byte region [0x601a0000be60,0x601a0000bee6)
freed by thread T0 here:
    #0 0x7f4e54e6933a in __interceptor_free ??:?
    #1 0x7f4e54482fab in _talloc_free ??:?
previously allocated by thread T0 here:
    #0 0x7f4e54e6941a in malloc ??:?
    #1 0x7f4e54485b5d in talloc_strdup ??:?
---