xiehuc / pidgin-lwqq

a pidgin plugin based on lwqq, a excellent safe useful library for webqq protocol
GNU General Public License v3.0
660 stars 185 forks source link

启动时崩溃 @a0fa8bf #621

Closed felixonmars closed 9 years ago

felixonmars commented 9 years ago

有较高概率重现. 如果启动时没崩溃, 则运行中没有再遇到崩溃.

(gdb) bt
#0  0x00007ffff499920a in strlen () from /usr/lib/libc.so.6
#1  0x00007ffff4998f2e in strdup () from /usr/lib/libc.so.6
#2  0x00007fffd4019042 in lwqq_js_enc_pwd () from /usr/lib/liblwqq.so.0
#3  0x00007fffd3ffb22f in ?? () from /usr/lib/liblwqq.so.0
#4  0x00007fffd4010da9 in vp_func_2p () from /usr/lib/liblwqq.so.0
#5  0x00007fffd4010a56 in vp_do () from /usr/lib/liblwqq.so.0
#6  0x00007fffd40130d0 in lwqq_async_event_finish () from /usr/lib/liblwqq.so.0
#7  0x00007fffd4014d7b in ?? () from /usr/lib/liblwqq.so.0
#8  0x00007fffd4010a56 in vp_do () from /usr/lib/liblwqq.so.0
#9  0x00007fffd4266edc in ?? () from /usr/lib/purple-2/libwebqq.so
#10 0x00007ffff55633c3 in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00007ffff556291d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff5562cf8 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0x00007ffff5563022 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x00007ffff68233f7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x0000000000431a1b in main ()
xiehuc commented 9 years ago

我没崩过,把全部清理了重新编译下?

Felix Yan notifications@github.com于2015年2月8日星期日写道:

有较高概率重现. 如果启动时没崩溃, 则运行中没有再遇到崩溃.

(gdb) bt

0 0x00007ffff499920a in strlen () from /usr/lib/libc.so.6

1 0x00007ffff4998f2e in strdup () from /usr/lib/libc.so.6

2 0x00007fffd4019042 in lwqq_js_enc_pwd () from /usr/lib/liblwqq.so.0

3 0x00007fffd3ffb22f in ?? () from /usr/lib/liblwqq.so.0

4 0x00007fffd4010da9 in vp_func_2p () from /usr/lib/liblwqq.so.0

5 0x00007fffd4010a56 in vp_do () from /usr/lib/liblwqq.so.0

6 0x00007fffd40130d0 in lwqq_async_event_finish () from /usr/lib/liblwqq.so.0

7 0x00007fffd4014d7b in ?? () from /usr/lib/liblwqq.so.0

8 0x00007fffd4010a56 in vp_do () from /usr/lib/liblwqq.so.0

9 0x00007fffd4266edc in ?? () from /usr/lib/purple-2/libwebqq.so

10 0x00007ffff55633c3 in ?? () from /usr/lib/libglib-2.0.so.0

11 0x00007ffff556291d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0

12 0x00007ffff5562cf8 in ?? () from /usr/lib/libglib-2.0.so.0

13 0x00007ffff5563022 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0

14 0x00007ffff68233f7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0

15 0x0000000000431a1b in main ()

— Reply to this email directly or view it on GitHub https://github.com/xiehuc/pidgin-lwqq/issues/621.

felixonmars commented 9 years ago

是在干净的 chroot 里编译的. 我试试打个 debug 包来增强一下错误信息

felixonmars commented 9 years ago

开启调试信息后中间一部分的信息更多了:

#2  0x00007fffd4019042 in lwqq_js_enc_pwd (pwd=<optimized out>, salt=<optimized out>, vcode=0x1820d9f0 "!SUN", js=js@entry=0xd665be0)
    at /build/lwqq/src/lwqq/lib/lwjs.c:123
#3  0x00007fffd3ffb22f in login_stage_4 (lc=0x75deb00, lc@entry=<error reading variable: value has been optimized out>, ec=0x0,
    ec@entry=<error reading variable: value has been optimized out>) at /build/lwqq/src/lwqq/lib/login.c:611
#4  0x00007fffd4010da9 in vp_func_2p (func=<optimized out>, vp=<optimized out>, q=<optimized out>) at /build/lwqq/src/lwqq/lib/vplist.c:167
#5  0x00007fffd4010a56 in vp_do (cmd=..., retval=retval@entry=0x0) at /build/lwqq/src/lwqq/lib/vplist.c:44
#6  0x00007fffd40130d0 in lwqq_async_event_finish (event=0x1ffd410) at /build/lwqq/src/lwqq/lib/async.c:145
#7  0x00007fffd4014d7b in async_complete (conn=0x18269380) at /build/lwqq/src/lwqq/lib/http.c:623
#8  0x00007fffd4010a56 in vp_do (cmd=..., retval=<optimized out>) at /build/lwqq/src/lwqq/lib/vplist.c:44
felixonmars commented 9 years ago
(gdb) p res_
$2 = 0x0
(gdb) p js->context
$3 = (JSContext *) 0x1476800
(gdb) p res
$4 = {asBits = 408011616, s = {payload = {i32 = 408011616, u32 = 408011616, why = 408011616}}, asDouble = 2.0158452256977068e-315, asPtr = 0x1851c360,
  asWord = 408011616, asUIntPtr = 408011616}

大致是因为 res_ 是 0x0

felixonmars commented 9 years ago

继续贴一下我测试的结果:

(gdb) p JS_free(js->context,res_)
[Feb 08 22:16:18] ERROR[24159]: http.c:907 lwqq_http_do_request:
        do_request fail curlcode:28

手动调用失败的语句后面的 JS_free 会出现 curlcode:28, 不知是不是意味着出现超时才能触发这个崩溃?

felixonmars commented 9 years ago

上面的推论好像是错的. 每次触发崩溃其实是在距离尝试登陆非常短的时间, 而且每次 segfault 之前都有下面的日志, 应该有关:

<no filename>:1407:SyntaxError: illegal character

<no filename>:0:undefined is not a function

<no filename>:0:out of memory

我准备尝试检查这个方法的返回值, 试试能不能绕过这个问题.

lainme commented 9 years ago

我试了两个号。不需要验证码的那个似乎会一直崩溃,在显示Verify code: !WIU Get verify code OK之后就是<no filename>xxx的信息。另一个需要输入验证码则没有崩溃现象

felixonmars commented 9 years ago

我卡在一个奇怪的问题半个小时了...

添加我的 diff 前, 每次都是 JS_EncodeString 返回空指针, 而添加我的 diff 后, 每次都会 segfault 在 JS_EncodeString () from /usr/lib/libmozjs-17.0.so 里, 根本不会执行到我添加的那一行, 求指导...

我的 diff 是:

diff --git a/lib/lwjs.c b/lib/lwjs.c
index 878b6c8..e892471 100644
--- a/lib/lwjs.c
+++ b/lib/lwjs.c
@@ -97,6 +97,7 @@ char* lwqq_js_hash(const char* uin,const char* ptwebqq,lwqq_js_t* js)
        JS_CallFunctionName(js->context, global, "P", 2, argv, &res);

        res_ = JS_EncodeString(js->context,JSVAL_TO_STRING(res));
+       if(!res_) return 0;
        char* ret = strdup(res_);
        JS_free(js->context,res_);

@@ -120,6 +121,7 @@ char* lwqq_js_enc_pwd(const char* pwd, const char* salt, const char* vcode, lwqq
        JS_CallFunctionName(js->context, global, "encryption", 3, argv, &res);

        res_ = JS_EncodeString(js->context,JSVAL_TO_STRING(res));
+       if(!res_) return 0;
        char* ret = strdup(res_);
        JS_free(js->context,res_);
felixonmars commented 9 years ago

https://github.com/xiehuc/lwqq/pull/28 鼓捣出了一个虽然不知道为什么但是自己测试无问题版, 欢迎测试 :P

xiehuc commented 9 years ago

可能是,我帐号都需要输入验证码,所以还没办法重现

xiehuc commented 9 years ago

function xyz(x,y,z){ return x+y+z; } �T�������qI [New Thread 0x7fffb6aff700 (LWP 28322)] $14 = 40492 我觉得还是最后的 '\0' 被吃掉了, 所以现在在load_res函数,多加了1位,保存成 '\0' 保证字符串结束。

Zhangbinbin commented 9 years ago

恩,我的也崩溃了 archlinux + Pidgin 2.10.11 (libpurple 2.10.11) + pidgin-lwqq-0.4.1.20150208-1

EricInBj commented 9 years ago

奇怪,我这边不管有没有验证码都没crash掉。。。

lainme commented 9 years ago

@Zhangbinbin @EricInBj 用lwqq的dev分支试试

jiajunhuang commented 9 years ago

archlinux 上登录一次, 退出, 以后打开pidgin就会崩溃

lainme commented 9 years ago

@gansteed 自己编译一下吧,arch源里的应该没更新

felixonmars commented 9 years ago

诶,我更新过的呀。。。

xiehuc commented 9 years ago

请贴backtrace。

El Psy Congroo

在 2015年2月26日,11:49,gansteed notifications@github.com 写道:

archlinux 上登录一次, 退出, 以后打开pidgin就会崩溃

— Reply to this email directly or view it on GitHub.