From 930920d5106e01d511dc339171ec3254e3d8771e Mon Sep 17 00:00:00 2001 From: Tomi Ollila Date: Sat, 18 Mar 2017 00:28:48 +0200 Subject: [PATCH 1/1] lib/message.cc: fix Coverity finding (use after free) The object where pointer to `data` was received was deleted before it was used in _notmuch_string_list_append(). Relevant Coverity messages follow: 3: extract Assigning: data = std::__cxx11::string(message->doc.()).c_str(), which extracts wrapped state from temporary of type std::__cxx11::string. 4: dtor_free The internal representation of temporary of type std::__cxx11::string is freed by its destructor. 5: use after free: Wrapper object use after free (WRAPPER_ESCAPE) Using internal representation of destroyed object local data. (cherry picked from commit 06adc276682d1d5f73d78df2e898ad4191eb4499) --- lib/message.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/message.cc b/lib/message.cc index 9d3e8071..a91e69e0 100644 --- a/lib/message.cc +++ b/lib/message.cc @@ -849,9 +849,9 @@ _notmuch_message_ensure_filename_list (notmuch_message_t *message) * * It would be nice to do the upgrade of the document directly * here, but the database is likely open in read-only mode. */ - const char *data; - data = message->doc.get_data ().c_str (); + std::string datastr = message->doc.get_data (); + const char *data = datastr.c_str (); if (data == NULL) INTERNAL_ERROR ("message with no filename"); -- 2.43.0