[Pidgin] #398: Crash when updating a buddy's icon on MSN

Pidgin trac at pidgin.im
Wed May 2 13:47:52 EDT 2007 

#398: Crash when updating a buddy's icon on MSN
---------------------------+------------------------------------------------
  Reporter:  nosnilmot     |       Owner:  seanegan
      Type:  defect        |      Status:  assigned
  Priority:  blocker       |   Milestone:  2.0.0   
 Component:  pidgin (gtk)  |     Version:  2.0     
Resolution:                |    Keywords:          
   Pending:  0             |  
---------------------------+------------------------------------------------
Comment (by evands):

 The first part of the [http://pidgin.im/~sadrul/pp/buddyicon-crash-2.patch
 second patch], moving the call of {{{purple_buddy_set_icon()}}}, may
 equally valid as a fix, I think, but I feel like it introduces delicacy
 into the function.  It's not clear at a glance that
 {{{purple_buddy_set_icon()}}} potentially destroys {{{icon}}}.

 Furthermore, couldn't it still crash if there were:
  1. Nultiple buddies matching the account/username pair AND
  2. (icon->img == NULL)
 since the second iteration through the loop would have the same problem
 after the first iteration released icon, accessing icon->img and
 associated fields.
 ----
 The second part of the patch:
 {{{
 @@ -524,7 +523,7 @@ purple_buddy_icons_set_for_user(PurpleAc

         if (icon != NULL)
                 purple_buddy_icon_set_data(icon, icon_data, icon_len,
 checksum);
 -       else
 +       else if (icon_data && icon_len > 0)
         {
                 PurpleBuddyIcon *icon = purple_buddy_icon_new(account,
 username, icon_data, icon_len, checksum);
                 purple_buddy_icon_unref(icon);
 }}}
 is independent of the change he proposed in his first one and I did
 above... though looking at the code to see what was going on there, I'm
 not clear as to what {{{purple_buddy_icons_set_for_user()}}} is
 accomplishing since it immediately unrefs  the return value and therefore
 destroys it, since the icon has a ref count of 1.  That's probably just a
 misunderstanding of what's supposed to be happening with that code.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/398#comment:10>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list