From: Art Cancro Date: Sun, 27 Aug 2023 04:17:42 +0000 (-0400) Subject: Found a place where CM_SetAsField() was owning db memory. X-Git-Tag: v989~35 X-Git-Url: https://code.citadel.org/?a=commitdiff_plain;h=4e50ea876297b86665b9cc1017e987fe629458c8;p=citadel.git Found a place where CM_SetAsField() was owning db memory. Changed that, of course. It was causing a double free. --- diff --git a/citadel/server/internet_addressing.c b/citadel/server/internet_addressing.c index e2bdd6ecf..4108b41f1 100644 --- a/citadel/server/internet_addressing.c +++ b/citadel/server/internet_addressing.c @@ -1006,8 +1006,7 @@ struct CtdlMessage *convert_internet_message(char *rfc822) { } -struct CtdlMessage *convert_internet_message_buf(StrBuf **rfc822) -{ +struct CtdlMessage *convert_internet_message_buf(StrBuf **rfc822) { struct CtdlMessage *msg; const char *pos, *beg, *end, *totalend; int done, alldone = 0; @@ -1034,26 +1033,18 @@ struct CtdlMessage *convert_internet_message_buf(StrBuf **rfc822) */ end = beg = pos; - while ((end < totalend) && - (end == beg) && - (done == 0) ) - { + while ((end < totalend) && (end == beg) && (done == 0) ) { - if ( (*pos=='\n') && ((*(pos+1))!=0x20) && ((*(pos+1))!=0x09) ) - { + if ( (*pos=='\n') && ((*(pos+1))!=0x20) && ((*(pos+1))!=0x09) ) { end = pos; } /* done with headers? */ - if ((*pos=='\n') && - ( (*(pos+1)=='\n') || - (*(pos+1)=='\r')) ) - { + if ((*pos=='\n') && ( (*(pos+1)=='\n') || (*(pos+1)=='\r')) ) { alldone = 1; } - if (pos >= (totalend - 1) ) - { + if (pos >= (totalend - 1) ) { end = pos; done = 1; } diff --git a/citadel/server/modules/wiki/serv_wiki.c b/citadel/server/modules/wiki/serv_wiki.c index d7d579742..bf18afd48 100644 --- a/citadel/server/modules/wiki/serv_wiki.c +++ b/citadel/server/modules/wiki/serv_wiki.c @@ -332,8 +332,7 @@ int wiki_upload_beforesave(struct CtdlMessage *msg, struct recptypes *recp) { free(MsgText); CM_SetAsFieldSB(history_msg, eMesageText, &NewMsgText); } - else - { + else { CM_SetAsField(history_msg, eMesageText, &MsgText, MsgTextLen); } diff --git a/citadel/server/msgbase.c b/citadel/server/msgbase.c index 7ed1b8c36..22d9d84c5 100644 --- a/citadel/server/msgbase.c +++ b/citadel/server/msgbase.c @@ -229,7 +229,7 @@ void CM_PrependToField(struct CtdlMessage *Msg, eMsgField which, const char *buf } -// wtf? +// This is like CM_SetField() except the caller is transferring ownership of the supplied memory to the message void CM_SetAsField(struct CtdlMessage *Msg, eMsgField which, char **buf, long length) { if (Msg->cm_fields[which] != NULL) { free (Msg->cm_fields[which]); @@ -1122,7 +1122,7 @@ struct CtdlMessage *CtdlFetchMessage(long msgnum, int with_body) { if ( (CM_IsEmpty(ret, eMesageText)) && (with_body) ) { dmsgtext = cdb_fetch(CDB_BIGMSGS, &msgnum, sizeof(long)); if (dmsgtext.ptr != NULL) { - CM_SetAsField(ret, eMesageText, &dmsgtext.ptr, dmsgtext.len - 1); + CM_SetField(ret, eMesageText, dmsgtext.ptr); } } if (CM_IsEmpty(ret, eMesageText)) { diff --git a/citadel/utils/loadtest.c b/citadel/utils/loadtest.c index dff616940..c9cfba56d 100644 --- a/citadel/utils/loadtest.c +++ b/citadel/utils/loadtest.c @@ -229,7 +229,7 @@ void perform_random_thing(void) { serv_gets(buf); if (buf[0] == '4') { - bigness = random() % 10; + bigness = random() % 500; strcpy(buf, ""); for (i=0; i