[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] Possible memory leak in last git mailutils
From: |
Sergey Poznyakoff |
Subject: |
Re: [bug-mailutils] Possible memory leak in last git mailutils |
Date: |
Thu, 12 Aug 2010 17:01:28 +0300 |
Thank you. I have installed the attached patch.
Regards,
Sergey
>From bf0d23962442075cf16eab955435de99bea961de Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <address@hidden>
Date: Thu, 12 Aug 2010 16:34:49 +0300
Subject: [PATCH] Bugfixes.
* mailbox/mime.c (mu_mime_get_num_parts): Assume MIME message
is not scanned if nmtp_parts are 0 and boundary is NULL.
* mailbox/rfc2047.c (mu_rfc2047_decode): Free the buffer prior
to returning a non-zero status.
* mailbox/message.c (mu_message_destroy): Install a kludge
to work over the slopy ref semantics.
* mailbox/auth.c (mu_authority_destroy): Free auth_methods
list.
* mailbox/locker.c (destroy_dotlock): Free data.dot.nfslock.
---
mailbox/auth.c | 1 +
mailbox/locker.c | 3 ++-
mailbox/message.c | 17 ++++++++++++++---
mailbox/mime.c | 3 ++-
mailbox/rfc2047.c | 7 +++++--
5 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/mailbox/auth.c b/mailbox/auth.c
index 7975050..95f5faf 100644
--- a/mailbox/auth.c
+++ b/mailbox/auth.c
@@ -69,6 +69,7 @@ mu_authority_destroy (mu_authority_t *pauthority, void *owner)
if (authority->owner == owner)
{
mu_ticket_destroy (&authority->ticket);
+ mu_list_destroy (&authority->auth_methods);
free (authority);
}
*pauthority = NULL;
diff --git a/mailbox/locker.c b/mailbox/locker.c
index bbe41f9..f752c16 100644
--- a/mailbox/locker.c
+++ b/mailbox/locker.c
@@ -701,6 +701,7 @@ static void
destroy_dotlock (mu_locker_t locker)
{
free (locker->data.dot.dotlock);
+ free (locker->data.dot.nfslock);
}
#ifndef MAXHOSTNAMELEN
@@ -721,7 +722,7 @@ lock_dotlock (mu_locker_t locker, enum mu_locker_mode mode)
{
unlink (locker->data.dot.nfslock);
free (locker->data.dot.nfslock);
- locker->data.dot.nfslock = 0;
+ locker->data.dot.nfslock = NULL;
}
expire_stale_lock (locker);
diff --git a/mailbox/message.c b/mailbox/message.c
index 33730a5..b05d2dd 100644
--- a/mailbox/message.c
+++ b/mailbox/message.c
@@ -105,7 +105,18 @@ mu_message_destroy (mu_message_t *pmsg, void *owner)
int destroy_lock = 0;
mu_monitor_wrlock (monitor);
- msg->ref--;
+ /* Note: msg->ref may be incremented by mu_message_ref without
+ additional checking for its owner, therefore decrementing
+ it must also occur independently of the owner checking. Due
+ to this inconsistency ref may reach negative values, which
+ is very unfortunate.
+
+ The `owner' stuff is a leftover from older mailutils versions.
+ There is an ongoing attempt to remove it in the stream-cleanup
+ branch. When it is ready, it will be merged to the HEAD and this
+ will finally resolve this issue. */
+ if (msg->ref > 0)
+ msg->ref--;
if ((msg->owner && msg->owner == owner)
|| (msg->owner == NULL && msg->ref <= 0))
{
@@ -155,8 +166,8 @@ mu_message_destroy (mu_message_t *pmsg, void *owner)
if (msg->floating_mailbox && msg->mailbox)
mu_mailbox_destroy (&(msg->mailbox));
*/
-
- if (msg->ref == 0)
+
+ if (msg->ref <= 0)
free (msg);
}
mu_monitor_unlock (monitor);
diff --git a/mailbox/mime.c b/mailbox/mime.c
index 33186d9..d2f6aab 100644
--- a/mailbox/mime.c
+++ b/mailbox/mime.c
@@ -930,7 +930,8 @@ mu_mime_get_num_parts (mu_mime_t mime, size_t *nmtp_parts)
{
int ret = 0;
- if (mime->nmtp_parts == 0 || mime->flags & MIME_PARSER_ACTIVE)
+ if ((mime->nmtp_parts == 0 && !mime->boundary)
+ || mime->flags & MIME_PARSER_ACTIVE)
{
if (mu_mime_is_multipart (mime))
{
diff --git a/mailbox/rfc2047.c b/mailbox/rfc2047.c
index bc6972b..9e043d6 100644
--- a/mailbox/rfc2047.c
+++ b/mailbox/rfc2047.c
@@ -224,8 +224,11 @@ mu_rfc2047_decode (const char *tocode, const char *input,
char **ptostr)
free (fromcode);
free (encoding_type);
free (encoded_text);
-
- *ptostr = realloc (buffer, bufpos);
+
+ if (status)
+ free (buffer);
+ else
+ *ptostr = realloc (buffer, bufpos);
return status;
}
--
1.6.0.3