#80 Recursive crash in icaltimezone_load_builtin_timezone

open
nobody
None
9
2011-11-01
2011-11-01
Antony
No

When converting a time to a time with zone, the code will incorrectly recuse causing a crash. Logic when the recursion starts is shown in the call stack below

icaltime_convert_to_zone
icaltimezone_convert_time
icaltimezone_get_utc_offset_of_utc_time
icaltimezone_ensure_coverage
icaltimezone_load_builtin_timezone
icalcomponent_remove_component
icaltimezone_get_component
icaltimezone_load_builtin_timezone
...

So, the problem is that during the icalcomponent_remove_component() call it will call the icaltimezone_load_builtin_timezone again.

Discussion

  • Antony
    Antony
    2011-11-01

    • priority: 5 --> 9
     
  • Antony
    Antony
    2011-11-01

    libical is built with -DUSE_BUILTIN_TZDATA and it's running on Windows

     
  • Allen Winter
    Allen Winter
    2012-03-13

    Antony,

    Does commenting out the icalcomponent_remove_component(comp,subcomp) on line1831 help?

     
  • Antony
    Antony
    2012-03-14

    Allen, not sure about that as I implemented something back in November that I posted on the list. In icaltimezone_load_builtin_timezone, I added the lines below with >>>>>

    #ifdef HAVE_PTHREAD
    pthread_mutex_lock(&builtin_mutex);
    if (zone->component)
    goto out;
    >>>>>#else
    >>>>>#ifdef USE_BUILTIN_TZDATA
    >>>>> if (zone->component)
    >>>>> return;
    >>>>>#endif
    #endif

    That seemed to work and it's in use in production now and we've not had any problems. At least in the debugger, it appeared to work in a sensible way.