As suggested by David Bremner in
https://notmuchmail.org/pipermail/notmuch/2020/029288.html
here is a separate patch for bug #2: calling gzerror() (indirectly via
gzerror_str()) after gzclose_r is a use after free, according to zlib's manual.
diff --git a/notmuch-restore.c b/notmuch-restore.c
index 9a8b7fb5..e2dc3d45 100644
--- a/notmuch-restore.c
+++ b/notmuch-restore.c
@@ -237,6 +237,7 @@ notmuch_restore_command (notmuch_config_t *config, int
argc, char *argv[])
int opt_index;
int include = 0;
int input_format = DUMP_FORMAT_AUTO;
+int errnum;
if (notmuch_database_open (notmuch_config_get_database_path (config),
NOTMUCH_DATABASE_MODE_READ_WRITE, ))
@@ -448,10 +449,13 @@ notmuch_restore_command (notmuch_config_t *config, int
argc, char *argv[])
if (notmuch)
notmuch_database_destroy (notmuch);
-if (input && gzclose_r (input)) {
- fprintf (stderr, "Error closing %s: %s\n",
-name_for_error, gzerror_str (input));
- ret = EXIT_FAILURE;
+if (input) {
+ errnum = gzclose_r (input);
+ if (errnum) {
+ fprintf (stderr, "Error closing %s: %d\n",
+name_for_error, errnum);
+ ret = EXIT_FAILURE;
+ }
}
return ret ? EXIT_FAILURE : EXIT_SUCCESS;
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch
