[Pidgin] #841: File open dialog causes crash

Pidgin trac at pidgin.im
Sun May 27 03:41:49 EDT 2007 

#841: File open dialog causes crash
---------------------------+------------------------------------------------
  Reporter:  klines        |       Owner:  seanegan                     
      Type:  defect        |      Status:  assigned                     
  Priority:  minor         |   Milestone:  2.0.2                        
 Component:  pidgin (gtk)  |     Version:  2.0                          
Resolution:                |    Keywords:  gtk file open dialog transfer
   Pending:  0             |  
---------------------------+------------------------------------------------
Changes (by mhuetsch):

  * keywords:  gtk file open dialog => gtk file open dialog transfer

Comment:

 I'm able to reproduce this, at least when I'm attempting to receive files
 via IRC.  With the help of valgrind, I've tracked it down to this:

 For whatever reason (I haven't looked into it), the connection is failing
 and purple_proxy_data_connect_disconnect() is getting called, and we're
 hitting this chunk of code:


 {{{
  348                 else
  349                 {
  350                         /* Everything failed!  Tell the originator of
 the request. */
  351                         connect_data->connect_cb(connect_data->data,
 -1, error_message);
  352
 purple_proxy_connect_data_destroy(connect_data);
  353                 }

 }}}

 Now, that's generally no problem for our prpls, but here the connect_cb is
 this fellow:


 {{{
  983 static void
  984 connect_cb(gpointer data, gint source, const gchar *error_message)
  985 {
  986         PurpleXfer *xfer = (PurpleXfer *)data;
  987
  988         xfer->fd = source;
  989
  990         begin_transfer(xfer, PURPLE_INPUT_READ);
  991 }

 }}}

 If you'll note, a key difference between this and the prpls' connect_cb()s
 is that we don't have a way to check if the data has already been freed.
 Specifically, we're writing to freed memory when we do "xfer->fd =
 source".  This is the PURPLE_CONNECTION_IS_VALID() problem all over again,
 although I think it's a little more difficult to kludge over because we
 don't have a PurpleConnection to check here.

 Mark noted a while back that this could be fixed via reference counters
 after GObjectification.  That's probably the best solution, but I notice
 that it's slated for 3.0, so that's probably a distance off.  Another
 kludge might be worth the effort.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/841#comment:18>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list