From 9cdfc3409d7a1d2636705d90b391b0b62c2e8b8a Mon Sep 17 00:00:00 2001
From: holger krekel <holger@merlinux.eu>
Date: Wed, 30 Oct 2019 17:19:37 +0100
Subject: [PATCH] systematically ignore invalid message ids when passed in
 through CFFI

---
 deltachat-ffi/src/lib.rs | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/deltachat-ffi/src/lib.rs b/deltachat-ffi/src/lib.rs
index 6f0c33b75..e4564d023 100644
--- a/deltachat-ffi/src/lib.rs
+++ b/deltachat-ffi/src/lib.rs
@@ -1280,8 +1280,7 @@ pub unsafe extern "C" fn dc_delete_msgs(
         return;
     }
     let ffi_context = &*context;
-    let ids = std::slice::from_raw_parts(msg_ids, msg_cnt as usize);
-    let msg_ids: Vec<MsgId> = ids.iter().map(|id| MsgId::new(*id)).collect();
+    let msg_ids = convert_and_prune_message_ids(msg_ids, msg_cnt);
     ffi_context
         .with_inner(|ctx| message::delete_msgs(ctx, &msg_ids[..]))
         .unwrap_or(())
@@ -1314,8 +1313,7 @@ pub unsafe extern "C" fn dc_forward_msgs(
         eprintln!("ignoring careless call to dc_forward_msgs()");
         return;
     }
-    let ids = std::slice::from_raw_parts(msg_ids, msg_cnt as usize);
-    let msg_ids: Vec<MsgId> = ids.iter().map(|id| MsgId::new(*id)).collect();
+    let msg_ids = convert_and_prune_message_ids(msg_ids, msg_cnt);
     let ffi_context = &*context;
     ffi_context
         .with_inner(|ctx| {
@@ -1347,12 +1345,7 @@ pub unsafe extern "C" fn dc_markseen_msgs(
         eprintln!("ignoring careless call to dc_markseen_msgs()");
         return;
     }
-    let ids = std::slice::from_raw_parts(msg_ids, msg_cnt as usize);
-    let msg_ids: Vec<MsgId> = ids
-        .iter()
-        .filter(|id| **id > DC_MSG_ID_LAST_SPECIAL)
-        .map(|id| MsgId::new(*id))
-        .collect();
+    let msg_ids = convert_and_prune_message_ids(msg_ids, msg_cnt);
     let ffi_context = &*context;
     ffi_context
         .with_inner(|ctx| message::markseen_msgs(ctx, &msg_ids[..]))
@@ -1370,8 +1363,7 @@ pub unsafe extern "C" fn dc_star_msgs(
         eprintln!("ignoring careless call to dc_star_msgs()");
         return;
     }
-    let ids = std::slice::from_raw_parts(msg_ids, msg_cnt as usize);
-    let msg_ids: Vec<MsgId> = ids.iter().map(|id| MsgId::new(*id)).collect();
+    let msg_ids = convert_and_prune_message_ids(msg_ids, msg_cnt);
     let ffi_context = &*context;
     ffi_context
         .with_inner(|ctx| message::star_msgs(ctx, &msg_ids[..], star == 1))
@@ -1390,7 +1382,7 @@ pub unsafe extern "C" fn dc_get_msg(context: *mut dc_context_t, msg_id: u32) ->
             let message = match message::Message::load_from_db(ctx, MsgId::new(msg_id)) {
                 Ok(msg) => msg,
                 Err(e) => {
-                    error!(ctx, "Error getting msg #{}: {}", msg_id, e);
+                    warn!(ctx, "Error getting msg #{}: {}", msg_id, e);
                     return ptr::null_mut();
                 }
             };
@@ -3019,3 +3011,15 @@ impl<T, E> ResultNullableExt<T> for Result<T, E> {
         }
     }
 }
+
+fn convert_and_prune_message_ids(msg_ids: *const u32, msg_cnt: libc::c_int) -> Vec<MsgId> {
+    let ids = unsafe { std::slice::from_raw_parts(msg_ids, msg_cnt as usize) };
+    let msg_ids: Vec<MsgId> = ids
+        .iter()
+        .filter(|id| **id > DC_MSG_ID_LAST_SPECIAL)
+        .map(|id| MsgId::new(*id))
+        .collect();
+
+    msg_ids
+}
+