12512 – [patch] Another stale data/memory corruption crash

Bug 12512 - [patch] Another stale data/memory corruption crash

Summary: [patch] Another stale data/memory corruption crash

Status:	RESOLVED FIXED

Alias:	None

Product:	xdgmime
Classification:	Unclassified
Component:	xdgmime (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	highest critical
Assignee:	Jonathan Blandford
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-09-21 12:21 UTC by Joe Shaw
Modified:	2008-04-18 09:11 UTC (History)
CC List:	2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
patch which fixes the crash (410 bytes, patch) 2007-09-21 12:22 UTC, Joe Shaw	Details \| Splinter Review
View All

Description Joe Shaw 2007-09-21 12:21:44 UTC

Similar to bug #6824, private code in the cache can trigger a reload of the MIME caches, causing memory corruption and a crash.  I'm attaching a patch which fixes this.

The reason why I am seeing this now, however, is because of another bug: if XDG_DATA_DIRS contains the same directory twice, the second pass through the directory is declared invalid and the caches reloaded every time.  I'll open a separate bug about that.

Comment 1 Joe Shaw 2007-09-21 12:22:29 UTC

Created attachment 11670 [details] [review]
patch which fixes the crash

Comment 2 Joe Shaw 2007-09-21 12:34:33 UTC

See also bug #12513

Comment 3 Federico Mena-Quintero 2008-04-08 14:15:02 UTC

We are hitting this bug frequently, which causes rather major memory leaks:
https://bugzilla.novell.com/show_bug.cgi?id=364186

Comment 4 Bastien Nocera 2008-04-08 14:22:16 UTC

Never saw that bug before, and Alex is on parental leave. Christian?

Comment 5 Federico Mena-Quintero 2008-04-08 14:39:48 UTC

It looks like someone forgot to implement _xdg_mime_media_type_equal(), too. 
It is declared in xdgmime.h, but not implemented anywhere.

Also, _xdg_mime_cache_mime_type_subclass() needs to use
_xdg_mime_media_type_equal(), not the version without the underscore.

Comment 6 Matthias Clasen 2008-04-16 09:29:33 UTC

Patch is correct, and Federicos comment is true, too.

Comment 7 Bastien Nocera 2008-04-18 07:33:31 UTC

(In reply to comment #5)
> It looks like someone forgot to implement _xdg_mime_media_type_equal(), too. 
> It is declared in xdgmime.h, but not implemented anywhere.

_xdg_mime_media_type_equal seems to be in xdgmime.c line 680.
Please file a new bug if it's actually a problem.

> Also, _xdg_mime_cache_mime_type_subclass() needs to use
> _xdg_mime_media_type_equal(), not the version without the underscore.

Fixed as well.

* src/xdgmimecache.c (cache_magic_lookup_data),
(_xdg_mime_cache_mime_type_subclass): Fix possible crasher when
XDG_DATA_DIRS contains the same directory twice, patch by Joe Shaw
<joeshaw@novell.com> (#12512)
Make _xdg_mime_cache_mime_type_subclass use the internal version of
xdg_mime_media_type_equal(), spotted by Federico Mena-Quintero
<federico@ximian.com>

Comment 8 Federico Mena-Quintero 2008-04-18 09:11:50 UTC

Woot.  Thanks, Matthias, for committing to gnome-vfs as well; and thanks, Bastien, for taking care of this module :)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.