Differential D14554

Fix array access bounds in IMAP resource
ClosedPublic
Actions

Authored by gkowal on Aug 2 2018, 12:41 PM.

Details

Reviewers
dvratil
Group Reviewers
KDE PIM
Commits
R44:c9254f3497e0: Fix array access bounds in IMAP resource
Summary

ImapQuotaAttribute::serialized() processes IMAP roots assigning corresponding QUOTA and USAGE attributes to each root. It uses three dictionaries: mRoots, mLimits, and mUsages assuming that these dictionaries always have the same number of elements. In a case when mRoots contains more elements than other two dictionaries, this causes referencing to non-existent elements in mLimits and mUsages and segfaults.

Fix this by using mLimits.size() and mUsages.size() in corresponding loops.

BUG: 396980

Diff Detail

Repository
R44 KDE PIM Runtime
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
gkowal created this revision.Aug 2 2018, 12:41 PM
Restricted Application added a project: KDE PIM. · View Herald TranscriptAug 2 2018, 12:41 PM
Restricted Application added a subscriber: kde-pim. · View Herald Transcript
gkowal requested review of this revision.Aug 2 2018, 12:41 PM
cfeck retitled this revision from Fix segfaults in libsinglefileresource.so to Fix array access bounds in IMAP resource.Aug 2 2018, 1:22 PM
cfeck edited the summary of this revision. (Show Details)
cfeck added a subscriber: cfeck.Aug 2 2018, 1:26 PM

The question is, were these arrays really expected to have the same sizes, and if yes, why could they differ?

The patch still makes sense, though, because it fixes the crash. Code is also in 18.08 branch.

mlaurent added a subscriber: mlaurent.Aug 2 2018, 2:08 PM

I spoke with Kevin Ottens, he didn't remember about Quota RFC but he told me that better to use this patch so the imap resource will not crash against a buggy server :)

+1 for me too.

dvratil accepted this revision.Aug 3 2018, 8:04 AM
This revision is now accepted and ready to land.Aug 3 2018, 8:04 AM
dvratil added a comment.Aug 10 2018, 8:41 AM

@gkowal do you have commit access? If not, please give me your email address and I'll commit the patches in your name.

gkowal added a comment.Aug 10 2018, 9:15 AM

I don't think I have commit access. You can use custos.mentis@gmail.com. Thanks!

Closed by commit R44:c9254f3497e0: Fix array access bounds in IMAP resource (authored by gkowal, committed by dvratil). · Explain WhyAug 10 2018, 9:22 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 39389

View Options

resources/shared/singlefileresource/imapquotaattribute.cpp

Loading...