Bug #628485 - Accessing freed memory in EContactStore::dispose

diff --git a/libedataserverui/e-contact-store.c b/libedataserverui/e-contact-store.c
index 21fd677..de98248 100644 (file)
--- a/libedataserverui/e-contact-store.c
+++ b/libedataserverui/e-contact-store.c
@@ -112,8 +112,9 @@ contact_store_dispose (GObject *object)
        for (ii = 0; ii < priv->contact_sources->len; ii++) {
                ContactSource *source;
 
+               /* clear from back, because clear_contact_source can later access freed memory */
                source = &g_array_index (
-                       priv->contact_sources, ContactSource, ii);
+                       priv->contact_sources, ContactSource, priv->contact_sources->len - ii - 1);
 
                clear_contact_source (E_CONTACT_STORE (object), source);
                free_contact_ptrarray (source->contacts);