© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Summary:
This is a heap corruption bug in libical. This has been acknowledged in the libical upstream development mailing list. Fixing this is not trivial, as the problem is architectural and crosses an API boundary.
The problem occurs when an array grows, causing it to be moved, which the API does not consider possible. This invalidates previous pointers issued by the API and causes later heap corruption.
A simple workaround is to make the array bigger to start with. It contains only timezone entries, of which there is expected to only be a limited number anyway. The attached patch increases the default size from 32 to 1024, which should be more than enough. The extra memory this would take is negligible.
Impact: this bug causes evolution calendar to crash on my machine, and I suspect that the instability I've seen in evolution's calendar over the past year or so stems from this root cause. I think that the bug 900534, bug 951201, bug 952368 and bug 954220 are also caused by this same issue. Applying this workaround will provide a significant improvement to evolution's stability.