dovecot-2.2: liblib: Fixed crash using str_c() in different stac...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/49c7cc58fb1b
changeset: 17204:49c7cc58fb1b
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Apr 08 17:07:31 2014 +0200
description:
liblib: Fixed crash using str_c() in different stack frame with str_new(0) allocated string.

diffstat:

 src/lib/str.c      |  5 ++++-
 src/lib/test-str.c |  5 +++++
 2 files changed, 9 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r 0cafeddf3bf0 -r 49c7cc58fb1b src/lib/str.c
--- a/src/lib/str.c	Tue Apr 08 08:49:53 2014 +0200
+++ b/src/lib/str.c	Tue Apr 08 17:07:31 2014 +0200
@@ -9,7 +9,10 @@
 
 string_t *str_new(pool_t pool, size_t initial_size)
 {
-	return buffer_create_dynamic(pool, initial_size);
+	/* never allocate a 0 byte size buffer. this is especially important
+	   when str_c() is called on an empty string from a different stack
+	   frame (see the comment in buffer.c about this). */
+	return buffer_create_dynamic(pool, I_MAX(initial_size, 1));
 }
 
 string_t *str_new_const(pool_t pool, const char *str, size_t len)
diff -r 0cafeddf3bf0 -r 49c7cc58fb1b src/lib/test-str.c
--- a/src/lib/test-str.c	Tue Apr 08 08:49:53 2014 +0200
+++ b/src/lib/test-str.c	Tue Apr 08 17:07:31 2014 +0200
@@ -9,6 +9,11 @@
 	unsigned int i, j;
 
 	test_begin("str_c()");
+	str = t_str_new(0);
+	T_BEGIN {
+		(void)str_c(str);
+	} T_END;
+
 	for (i = 0; i < 32; i++) T_BEGIN {
 		str = t_str_new(15);
 		for (j = 0; j < i; j++)