search

EionRobb / purple-mattermost

A libpurple/Pidgin plugin for Mattermost
GNU General Public License v3.0
93 stars 23 forks source link

Crash when trailing slash is added to server URL #140

Open jengelh opened 3 years ago

jengelh commented 3 years ago

pidgin 2.13.0, purple-mattermost-2.0

In the “Modify Account” dialog, my server line is mail.grammm.com/chat. This works, login succeeds. If, however, I use mail.grammm.com/chat/ (trailing slash), the program crashes with what appears to be the end result of uninitialized memory:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  purple_account_get_proxy_info (account=account@entry=0x1) at account.c:2359
2359            return account->proxy_info;

(gdb) bt
#0  purple_account_get_proxy_info (account=account@entry=0x1) at account.c:2359
#1  0x00007ffff5cee404 in purple_proxy_get_setup (account=0x1) at proxy.c:2236
#2  0x00007fffe2498751 in _purple_http_gen_headers (hc=0x55555639b920)
    at purple2compat/http.c:738
#3  _purple_http_send
    (_hc=0x55555639b920, fd=<optimized out>, cond=cond@entry=PURPLE_INPUT_WRITE) at purple2compat/http.c:1329
#4  0x000055555547876e in pidgin_io_invoke
    (source=<optimized out>, condition=<optimized out>, data=0x55555633bc60)
    at gtkeventloop.c:73
#5  0x00007ffff519d624 in g_main_context_dispatch ()
    at /usr/lib64/libglib-2.0.so.0
#6  0x00007ffff519d9c0 in  () at /usr/lib64/libglib-2.0.so.0
#7  0x00007ffff519dc82 in g_main_loop_run () at /usr/lib64/libglib-2.0.so.0
#8  0x00007ffff6d5d6d7 in gtk_main () at /usr/lib64/libgtk-x11-2.0.so.0
#9  0x00005555554401b8 in main (argc=<optimized out>, argv=<optimized out>)
    at gtkmain.c:939

(gdb) up
#1  0x00007ffff5cee404 in purple_proxy_get_setup (account=0x1) at proxy.c:2236
2236            if (account && purple_account_get_proxy_info(account) != NULL) {
(gdb) 
#2  0x00007fffe2498751 in _purple_http_gen_headers (hc=0x55555639b920)
    at purple2compat/http.c:738
738             proxy = purple_proxy_get_setup(hc->gc ?
739                     purple_connection_get_account(hc->gc) : NULL);

(gdb) p *hc
$4 = {gc = 0x55555590a130, callback = 0x7fffe2487480 <mm_response_callback>, 
  user_data = 0x55555634d300, is_reading = 1, is_keepalive = 1, 
  is_cancelling = 0, url = 0x55555639baf0, request = 0x55555634d320, 
  response = 0x55555639ba20, socket_request = 0x0, connection_set = 0x0, 
  socket = 0x555556350510, request_header = 0x0, request_header_written = 244, 
  request_contents_written = 0, main_header_got = 0, headers_got = 0, 
  response_buffer = 0x555555bea2e0, gz_stream = 0x0, 
  contents_reader_buffer = 0x0, contents_reader_requested = 0, 
  redirects_count = 1, length_expected = -1, length_got = 0, 
  length_got_decompressed = 0, is_chunked = 0, in_chunk = 0, chunks_done = 0, 
  chunk_length = 0, chunk_got = 0, link_global = 0x555555b4ff60 = {
    0x55555639b920, 0x555556333fe0}, link_gc = 0x555555be7ee0 = {
    0x55555639b920, 0x555556333fe0}, timeout_handle = 224, watcher = 0x0, 
  watcher_user_data = 0x0, watcher_interval_threshold = 0, 
  watcher_last_call = 0, watcher_delayed_handle = 0}
(gdb) p *hc->url
$7 = {protocol = 0x55555639bb70 "https", username = 0x0, password = 0x0, 
  host = 0x55555639bc30 "mail.grammm.com", port = 443, 
  path = 0x55555634d530 "/chat/api/v4/users/me/teams", fragment = 0x0}
(gdb) p *hc->gc
$5 = {prpl = 0x100000000, flags = PURPLE_CONNECTION_HTML, 
  state = PURPLE_CONNECTED, account = 0x1, 
  password = 0x100000001 <error: Cannot access memory at address 0x100000001>, 
  inpa = 0, buddy_chats = 0x31 = {<error reading variable>

My hypothesis is that prpl-mm was unable to deal with the trailing slash, and might not have constructed the PurpleConnection object the right way.

EionRobb commented 3 years ago

Can you also attach the debug lines from before the crash, when running pidgin from a terminal with the --debug flag?

My guess is that it's aborting the connection, but not closing off in-progress connections, maybe?