From c1485563af90468704d835a5f9af506ead1de861 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Wed, 1 Nov 2017 18:14:23 +0100
Subject: [PATCH 3/3] Fix possible use-after-free in 'timezones' test

valgrind report of the use-after-free:
Invalid read of size 1
   at 0x4C31B82: strlen (vg_replace_strmem.c:458)
   by 0x510C484: vfprintf (in /usr/lib64/libc-2.25.so)
   by 0x5113425: printf (in /usr/lib64/libc-2.25.so)
   by 0x401116: main (timezones.c:116)
 Address 0x8431930 is 0 bytes inside a block of size 19 free'd
   at 0x4C2FD18: free (vg_replace_malloc.c:530)
   by 0x4E87B27: icaltimezone_get_vtimezone_properties (icaltimezone.c:321)
   by 0x4E8A6CA: icaltimezone_load_builtin_timezone (icaltimezone.c:1873)
   by 0x4E88148: icaltimezone_ensure_coverage (icaltimezone.c:483)
   by 0x4E88FAC: icaltimezone_get_utc_offset_of_utc_time (icaltimezone.c:1003)
   by 0x4E88ACF: icaltimezone_convert_time (icaltimezone.c:813)
   by 0x4E85548: icaltime_convert_to_zone (icaltime.c:981)
   by 0x400F2C: main (timezones.c:98)
 Block was alloc'd at
   at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
   by 0x514ECE9: strdup (in /usr/lib64/libc-2.25.so)
   by 0x4E8A31F: icaltimezone_parse_zone_tab (icaltimezone.c:1761)
   by 0x4E89C5F: icaltimezone_init_builtin_timezones (icaltimezone.c:1566)
   by 0x4E89757: icaltimezone_get_builtin_timezones (icaltimezone.c:1347)
   by 0x400DB4: main (timezones.c:53)

Which means that the 'zone_location' variable holds freed memory
from time of icaltimezone_load_builtin_timezone() within
icaltimezone_ensure_coverage().
---
 src/test/timezones.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/timezones.c b/src/test/timezones.c
index 4ccfdea7..98ba1c82 100644
--- a/src/test/timezones.c
+++ b/src/test/timezones.c
@@ -26,7 +26,7 @@ int main()
 {
     icalarray *timezones;
     icaltimezone *zone, *utc_zone;
-    char *zone_location;
+    const char *zone_location;
     size_t i;
     int ret = 0;
     unsigned int total_failed = 0;
@@ -56,7 +56,7 @@ int main()
     /* for all known time zones... */
     for (i = 0; i < timezones->num_elements; i++) {
         zone = (icaltimezone *)icalarray_element_at(timezones, i);
-        zone_location = (char *)icaltimezone_get_location(zone);
+        zone_location = icaltimezone_get_location(zone);
         zonedef_printed = 0;
         if (!zone_location)
             continue;
@@ -116,7 +116,7 @@ int main()
                 printf(
                     "%s: day %03d: %s: %04d-%02d-%02d %02d:%02d:%02d UTC = "
                     "libc %04d-%02d-%02d %02d:%02d:%02d dst %d",
-                    zone_location, day,
+                    icaltimezone_get_location(zone), day,
                     verbose ? (curr_failed ? "failed" : "okay") : (curr_failed ? "first failed" :
                                                                    "okay again"),
                     utc_tm.tm_year + 1900, utc_tm.tm_mon + 1, utc_tm.tm_mday, utc_tm.tm_hour,
-- 
2.13.5