Seg fault on bad signal_emit call

[irssibot]

• • • Issue #653 opened by @Eviltwin

Irssi has a segmentation fault if a script calls signal_emit with a string in the place of the $server.

[irssibot]

• • • Comment 1008 by @coekie

Which irssi version?

The Perl interface doesn't even try to be really "safe". The most commonly used parts are relatively safe, but it's known that there are lots of ways for scripts to crash irssi, because it really exposes its internals in the Perl interface. Sending signals that are used by irssi with wrong parameters is just one such way. While we make it harder to write a script that crashes irssi, making it fully safe will never happen and is not our goal. For example sending of signals from Perl bindings has changed in the just-released 0.8.13-rc1, and might actually catch this issue; but sending a parameter of the right type but "bad" content will still crash it.

In other words, if you don't want script bugs to crash irssi, stick to the safe parts of the Perl interface. It's not really defined what that is exactly tough...

[irssibot]

• • • Comment 1052 by @mstaudinger

The bug appears to affect the SILC plugin. Upon joining a channel, irssi seg faults. Attached is a backtrace. This does not occur on 0.8.12, but does on 0.8.13 I have confirmed it occurs with silc-client versions 1.1.4 to 1.1.7, and two different silc-server versions, 1.1.7 and 1.1.16 OS versions tested are FreeBSD 6.2-RELEASE and 5.5-RELEASE-p2 Perl 5.5.8 and 5.5.9

It has also been reported on debian http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522080

[irssibot]

• • • Attachment 191 by @mstaudinger

bt.log

#0  0x00000000 in ?? ()
#1  0x080adc3b in channel_change_visible_name ()
#2  0x080c05db in signal_remove_full ()
#3  0x080c0713 in signal_emit ()
#4  0x28624bf9 in silc_connect_cb (client=0x8189060, conn=0x818e200, 
    status=677577518, error=0 '\0', message=0x0, context=0x818e200)
    at silc-servers.c:317
#5  0x286ed9c6 in silc_client_st_register_complete (fsm=0x8197a6c, 
    fsm_context=0x811ef00, state_context=0x0) at client_register.c:240
#6  0x28660157 in silc_fsm_run (schedule=0x811db00, app_context=0x8189060, 
    type=0, fd=0, context=0x8197a6c) at silcfsm.c:429
#7  0x28660214 in silc_fsm_continue_sync (fsm=0x8197a6c) at silcfsm.c:309
#8  0x286ed6c6 in silc_client_new_id (fsm=0x8192cc0, fsm_context=0x811ef00, 
    state_context=0x8192040) at client_register.c:135
#9  0x28660157 in silc_fsm_run (schedule=0x811db00, app_context=0x8189060, 
    type=0, fd=0, context=0x8192cc0) at silcfsm.c:429
#10 0x28660345 in silc_fsm_start_sync (fsm=0x8192cc0, start_state=0x4)
    at silcfsm.c:249
#11 0x286e2936 in silc_client_packet_receive (engine=0x811dc00, 
    stream=0x8139380, packet=0x8192040, callback_context=0x8189060, 
    stream_context=0x811ef00) at client.c:120
#12 0x2864d0c4 in silc_packet_dispatch (packet=0x8192040) at silcpacket.c:2017
#13 0x2864ed50 in silc_packet_read_process (stream=0x8139380)
    at silcpacket.c:2343
#14 0x2864f96f in silc_packet_stream_io (stream=0x8192280, status=136110080, 
    context=0x8139380) at silcpacket.c:436
#15 0x28653d75 in silc_socket_stream_io (schedule=0x811db00, 
    app_context=0x8189060, type=SILC_TASK_EXPIRE, fd=4, context=0x81a03c0)
    at silcunixsocketstream.c:40
#16 0x28659159 in silc_schedule_dispatch_fd (schedule=0x811db00)
    at silcschedule.c:61
#17 0x286597c2 in silc_schedule_iterate (schedule=0x811db00, timeout_usecs=0)
    at silcschedule.c:455
#18 0x286598b6 in silc_schedule_one (schedule=0x811db00, timeout_usecs=0)
    at silcschedule.c:484
#19 0x286e4365 in silc_client_run_one (client=0x8189060) at client.c:1095
#20 0x2861fea0 in my_silc_scheduler_fd (source=0x8192340, condition=G_IO_IN, 
    data=0x4) at silc-core.c:91
#21 0x2829c80b in g_vasprintf () from /usr/local/lib/libglib-2.0.so.0
#22 0x28278341 in g_main_context_dispatch ()
   from /usr/local/lib/libglib-2.0.so.0
#23 0x28279bf1 in g_main_context_acquire ()
   from /usr/local/lib/libglib-2.0.so.0
#24 0x2827a002 in g_main_context_iteration ()
   from /usr/local/lib/libglib-2.0.so.0
#25 0x08069de5 in main ()