Psi+ crashes when receiving message from Pidgin (OTR enabled)

psi-plus / main

Main repository with patches and required resources

https://psi-plus.com/

GNU Lesser General Public License v2.1

68 stars 20 forks source link

Psi+ crashes when receiving message from Pidgin (OTR enabled) #663

Closed xdp0 closed 7 years ago

xdp0 commented 7 years ago

Hello. To reproduce that bug you must follow next steps:

Set up Psi+ and Pidgin.
Start private conversation with OTR.
Send formatted message from Pidgin to Psi+ (for example, a hyperlink).
Get crash in libtidy.

Psi+ version: v0.16.563.582-webkit (22-08-2016)

Ri0n commented 7 years ago

I believe we should replace libtidy with something.

rapgro commented 7 years ago

Psi+ plugin does not work at all with OTR from Pidgin.

xdp0 commented 7 years ago

No, it works. Right now I am using it, it shows me that conversation is encrypted and verified. Maybe in fact it does not work on the wire, I do not know.

xdp0 commented 7 years ago

Bug is really annoying and it is critical vulnerability I think. It can also crash even without OTR. That's why I want to ask: is there a temporary workaround for it? Maybe I need to disable some option in my Psi+, maybe my companion has to disable something in his Pidgin? It is REALLY annoying to get crashes and to restart client & conversations.

wadealer commented 7 years ago

Try to disable this option: http://pix.academ.info/img/2016/11/01/0ad99eb5e5f1c58e7ae4e8945ba49975.png

xdp0 commented 7 years ago

Already disabled. Maybe disable something in Pidgin too?

tehnick commented 7 years ago

Do you use http upload plugin? Problem may be related with recent changes in processing of chat messages. But I haven't looked at code yet.

xdp0 commented 7 years ago

No, I do not use it.

Ri0n commented 7 years ago

Just tried OTR between pidgin and psi+ on Gentoo Linux and it works good regardless of formatting of messages

xdp0 commented 7 years ago

Psi+ version is the same? Try it on Windows (I am using Windows 10). Try to copy & paste something in Pidgin chat window.

Ri0n commented 7 years ago

So we need

versions of everything (OS and every dependency).
full backtrace
a way to reproduce

Vitozz commented 7 years ago

OS Windows 8.1, Psi+ v0.16.568.607-webkit (31-10-2016) (OTR 1.0.2) with Pidgin 2.11.0 (libpurple 2.11.0) (OTR 4.0.2) works perfectly

xdp0 commented 7 years ago

OS Windows 10 x64, Psi+ v0.16.563.582-webkit (22-08-2016) (OTR 1.0.2) with Pidgin 2.11.0 (libpurple 2.11.0) (OTR 4.0.2) on Windows 7 x64 crashes. To get it crashed, just start private conversation and copy something (for example, hyperlink) in the Pidgin chat window and send. Crash context (CPU, registers and stack): http://take.ms/T2NHE Call stack (I know it's not OK because StackWalk64 does not work OK): http://take.ms/OQEUs

xdp0 commented 7 years ago

Still unreproducible? Maybe some more info? Caught that with Gajim with OTR too.

Vitozz commented 7 years ago

Yes, really it crashes when psi+ received multi-line message (win32)

Vitozz commented 7 years ago

Fixed

tehnick commented 4 years ago

https://github.com/psi-im/plugins/commit/d410168acc7c188ebf2b1f27759cc610896f0613