diff --git a/akonadi-server.changes b/akonadi-server.changes index 3510899..3c0f150 100644 --- a/akonadi-server.changes +++ b/akonadi-server.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 29 05:34:57 UTC 2016 - lbeltrame@kde.org + +- Add fix-read-after-free-collectionstatistics.diff: fix occasional + memory corruption (may fix kde#363881) + ------------------------------------------------------------------- Tue Jun 14 21:24:55 UTC 2016 - wbauer@tmo.at diff --git a/akonadi-server.spec b/akonadi-server.spec index 5541845..84973ca 100644 --- a/akonadi-server.spec +++ b/akonadi-server.spec @@ -26,6 +26,8 @@ Group: System/GUI/KDE Url: http://akonadi-project.org Source: %{rname}-%{version}.tar.xz Source99: akonadi-server-rpmlintrc +# PATCH-FIX-UPSTREAM fix-read-after-free-collectionstatistics.diff -- fix memory corruption issues +Patch1: fix-read-after-free-collectionstatistics.diff BuildRequires: boost-devel BuildRequires: cmake >= 2.8.9 BuildRequires: extra-cmake-modules @@ -120,6 +122,7 @@ service. %prep %setup -q -n %{rname}-%{version} +%patch1 -p1 %build %cmake_kf5 -d build -- -DINSTALL_QSQLITE_IN_QT_PREFIX=TRUE -DQT_PLUGINS_DIR=%{_kf5_plugindir} diff --git a/fix-read-after-free-collectionstatistics.diff b/fix-read-after-free-collectionstatistics.diff new file mode 100644 index 0000000..c739605 --- /dev/null +++ b/fix-read-after-free-collectionstatistics.diff @@ -0,0 +1,65 @@ +From: Daniel Vrátil +Date: Tue, 21 Jun 2016 09:54:43 +0000 +Subject: Fix read-after-free in CollectionStatistics +X-Git-Url: http://quickgit.kde.org/?p=akonadi.git&a=commitdiff&h=6f32336be990362c7f74d17f6225bc7345242f6c +--- +Fix read-after-free in CollectionStatistics + +CollectionStatistics lives in a separate thread. Returning the Statistics +structure as a reference to other threads than means that the structure +can be deleted in the CollectionStatistics thread while other threads +are still holding a reference. We now return a copy of the Statistics +struct instead, it's just four ints. + +Thanks to Andreas Schneider for pointing out the issue. +--- + + +--- a/src/server/handler/status.cpp ++++ b/src/server/handler/status.cpp +@@ -39,7 +39,7 @@ + return failureResponse("No status for this folder"); + } + +- const CollectionStatistics::Statistics &stats = CollectionStatistics::self()->statistics(col); ++ const CollectionStatistics::Statistics stats = CollectionStatistics::self()->statistics(col); + if (stats.count == -1) { + return failureResponse("Failed to query statistics."); + } + +--- a/src/server/handlerhelper.cpp ++++ b/src/server/handlerhelper.cpp +@@ -123,7 +123,7 @@ + response.setIsVirtual(col.isVirtual()); + + if (includeStatistics) { +- const CollectionStatistics::Statistics &stats = CollectionStatistics::self()->statistics(col); ++ const CollectionStatistics::Statistics stats = CollectionStatistics::self()->statistics(col); + if (stats.count > -1) { + Protocol::FetchCollectionStatsResponse statsResponse(stats.count, + stats.count - stats.read, + +--- a/src/server/storage/collectionstatistics.cpp ++++ b/src/server/storage/collectionstatistics.cpp +@@ -45,7 +45,7 @@ + mCache.remove(col.id()); + } + +-const CollectionStatistics::Statistics &CollectionStatistics::statistics(const Collection &col) ++const CollectionStatistics::Statistics CollectionStatistics::statistics(const Collection &col) + { + QMutexLocker lock(&mCacheLock); + auto it = mCache.find(col.id()); + +--- a/src/server/storage/collectionstatistics.h ++++ b/src/server/storage/collectionstatistics.h +@@ -53,7 +53,7 @@ + + static CollectionStatistics *self(); + +- const Statistics &statistics(const Collection &col); ++ const Statistics statistics(const Collection &col); + void invalidateCollection(const Collection &col); + + private: +