d5ebfafa1c
memory corruption (may fix kde#363881) OBS-URL: https://build.opensuse.org/package/show/KDE:Applications/akonadi-server?expand=0&rev=46
66 lines
2.4 KiB
Diff
66 lines
2.4 KiB
Diff
From: Daniel Vrátil <dvratil@kde.org>
|
|
Date: Tue, 21 Jun 2016 09:54:43 +0000
|
|
Subject: Fix read-after-free in CollectionStatistics
|
|
X-Git-Url: http://quickgit.kde.org/?p=akonadi.git&a=commitdiff&h=6f32336be990362c7f74d17f6225bc7345242f6c
|
|
---
|
|
Fix read-after-free in CollectionStatistics
|
|
|
|
CollectionStatistics lives in a separate thread. Returning the Statistics
|
|
structure as a reference to other threads than means that the structure
|
|
can be deleted in the CollectionStatistics thread while other threads
|
|
are still holding a reference. We now return a copy of the Statistics
|
|
struct instead, it's just four ints.
|
|
|
|
Thanks to Andreas Schneider for pointing out the issue.
|
|
---
|
|
|
|
|
|
--- a/src/server/handler/status.cpp
|
|
+++ b/src/server/handler/status.cpp
|
|
@@ -39,7 +39,7 @@
|
|
return failureResponse("No status for this folder");
|
|
}
|
|
|
|
- const CollectionStatistics::Statistics &stats = CollectionStatistics::self()->statistics(col);
|
|
+ const CollectionStatistics::Statistics stats = CollectionStatistics::self()->statistics(col);
|
|
if (stats.count == -1) {
|
|
return failureResponse("Failed to query statistics.");
|
|
}
|
|
|
|
--- a/src/server/handlerhelper.cpp
|
|
+++ b/src/server/handlerhelper.cpp
|
|
@@ -123,7 +123,7 @@
|
|
response.setIsVirtual(col.isVirtual());
|
|
|
|
if (includeStatistics) {
|
|
- const CollectionStatistics::Statistics &stats = CollectionStatistics::self()->statistics(col);
|
|
+ const CollectionStatistics::Statistics stats = CollectionStatistics::self()->statistics(col);
|
|
if (stats.count > -1) {
|
|
Protocol::FetchCollectionStatsResponse statsResponse(stats.count,
|
|
stats.count - stats.read,
|
|
|
|
--- a/src/server/storage/collectionstatistics.cpp
|
|
+++ b/src/server/storage/collectionstatistics.cpp
|
|
@@ -45,7 +45,7 @@
|
|
mCache.remove(col.id());
|
|
}
|
|
|
|
-const CollectionStatistics::Statistics &CollectionStatistics::statistics(const Collection &col)
|
|
+const CollectionStatistics::Statistics CollectionStatistics::statistics(const Collection &col)
|
|
{
|
|
QMutexLocker lock(&mCacheLock);
|
|
auto it = mCache.find(col.id());
|
|
|
|
--- a/src/server/storage/collectionstatistics.h
|
|
+++ b/src/server/storage/collectionstatistics.h
|
|
@@ -53,7 +53,7 @@
|
|
|
|
static CollectionStatistics *self();
|
|
|
|
- const Statistics &statistics(const Collection &col);
|
|
+ const Statistics statistics(const Collection &col);
|
|
void invalidateCollection(const Collection &col);
|
|
|
|
private:
|
|
|