Hi,
found it, the PidLidTaskRole does this. It fails to read its value, but
the code doesn't know about it, and thus it crashes when using
uninitialized memory. Attached patch fixes the issue, though the real
issue can be hidden somewhere deeper.
Bye,
Milan
Index: libmapi/emsmdb.c
===================================================================
--- libmapi/emsmdb.c (revision 1775)
+++ libmapi/emsmdb.c (working copy)
@@ -564,22 +564,22 @@
DATA_BLOB *data)
{
struct ndr_pull *ndr;
- const char *pt_string8;
- const char *pt_unicode;
- uint16_t *pt_i2;
- uint64_t *pt_i8;
- uint32_t *pt_long;
- uint8_t *pt_boolean;
- struct FILETIME *pt_filetime;
- struct GUID *pt_clsid;
- struct SBinary_short pt_binary;
- struct Binary_r *sbin;
- struct mapi_SLPSTRArray pt_slpstr;
- struct StringArray_r *slpstr;
- struct mapi_MV_LONG_STRUCT pt_MVl;
- struct LongArray_r *MVl;
- struct mapi_SBinaryArray pt_MVbin;
- struct BinaryArray_r *MVbin;
+ const char *pt_string8 = NULL;
+ const char *pt_unicode = NULL;
+ uint16_t *pt_i2 = NULL;
+ uint64_t *pt_i8 = NULL;
+ uint32_t *pt_long = NULL;
+ uint8_t *pt_boolean = NULL;
+ struct FILETIME *pt_filetime = NULL;
+ struct GUID *pt_clsid = NULL;
+ struct SBinary_short pt_binary = { 0 };
+ struct Binary_r *sbin = NULL;
+ struct mapi_SLPSTRArray pt_slpstr = { 0 };
+ struct StringArray_r *slpstr = NULL;
+ struct mapi_MV_LONG_STRUCT pt_MVl = { 0 };
+ struct LongArray_r *MVl = NULL;
+ struct mapi_SBinaryArray pt_MVbin = { 0 };
+ struct BinaryArray_r *MVbin = NULL;
uint32_t i;
ndr = talloc_zero(mem_ctx, struct ndr_pull);
_______________________________________________
devel mailing list
devel@lists.openchange.org
http://mailman.openchange.org/listinfo/devel
