projects / platform / upstream / evolution-data-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f8e6e4f)
Fix some crashes in imapx_command_start_next().
authorMatthew Barnes <mbarnes@redhat.com>
Fri, 16 Mar 2012 19:30:32 +0000 (15:30 -0400)
committerMatthew Barnes <mbarnes@redhat.com>
Fri, 16 Mar 2012 19:34:51 +0000 (15:34 -0400)
Start the next CamelIMAPXCommand before unreferencing the current one.

imapx_command_start() calls camel_imapx_command_close() on the current
command before initiating the next command, but imapx_command_start()
is being handed a potentially dangling CamelIMAPXCommand pointer.

This is most certainly causing of all the camel_imapx_command_close()
crashes, and likely a good number of memory corruption crashes as well.

camel/providers/imapx/camel-imapx-server.c patch | blob | history

diff --git a/camel/providers/imapx/camel-imapx-server.c b/camel/providers/imapx/camel-imapx-server.c
index eb50101..13a4bc1 100644 (file)
--- a/camel/providers/imapx/camel-imapx-server.c
+++ b/camel/providers/imapx/camel-imapx-server.c
@@ -637,8 +637,8 @@ imapx_command_start_next (CamelIMAPXServer *is,
                /* Start the tagged commands. */
                while ((link = g_queue_pop_head (&start)) != NULL) {
                        CamelIMAPXCommand *ic = link->data;
-                       camel_imapx_command_queue_delete_link (is->queue, link);
                        imapx_command_start (is, ic, cancellable, error);
+                       camel_imapx_command_queue_delete_link (is->queue, link);
                }
 
                return;
@@ -727,8 +727,8 @@ imapx_command_start_next (CamelIMAPXServer *is,
                /* Start the tagged commands. */
                while ((link = g_queue_pop_head (&start)) != NULL) {
                        CamelIMAPXCommand *ic = link->data;
-                       camel_imapx_command_queue_delete_link (is->queue, link);
                        imapx_command_start (is, ic, cancellable, error);
+                       camel_imapx_command_queue_delete_link (is->queue, link);
                        commands_started = TRUE;
                }
 
@@ -778,8 +778,8 @@ imapx_command_start_next (CamelIMAPXServer *is,
                /* Start the tagged commands. */
                while ((link = g_queue_pop_head (&start)) != NULL) {
                        CamelIMAPXCommand *ic = link->data;
-                       camel_imapx_command_queue_delete_link (is->queue, link);
                        imapx_command_start (is, ic, cancellable, error);
+                       camel_imapx_command_queue_delete_link (is->queue, link);
                }
        }
 }
Domain: Service Framework / Uncategorized;