[Pidgin] #7128: MSN crases in nln_cmd, user is NULL

Pidgin trac at pidgin.im
Thu Sep 18 13:01:05 EDT 2008 

#7128: MSN crases in nln_cmd, user is NULL
---------------------------------------------+------------------------------
 Reporter:  emilal                           |     Owner:  khc  
     Type:  defect                           |    Status:  new  
Component:  MSN                              |   Version:  2.5.1
 Keywords:  MSN crashes when user not found  |  
---------------------------------------------+------------------------------
 MSN crashes in nln_cmd, notification.c. The code does not protect when
 users is not found in:

         state    = cmd->params[0];
         passport = cmd->params[1];
         friendly = purple_url_decode(cmd->params[2]);

         user = msn_userlist_find_user(session->userlist, passport);

 See back trace log for reference:

 I'm using Redhat linux destribution.

 {{{
 (gdb) bt full
 #0  0x00407461 in nln_cmd (cmdproc=0x86a17e0, cmd=0xcb087b0) at
 notification.c:732
         session = (MsnSession *) 0xcc9b128
         account = (PurpleAccount *) 0xcb29af8
         gc = (PurpleConnection *) 0xcc9b0f0
         user = (MsnUser *) 0x0
         msnobj = (MsnObject *) 0xa078e48
         clientid = 2147483647
         state = 0xcc14480 "NLN"
         passport = 0xb1d6fe8 "eu at fvalente.net"
         friendly = 0x4cb760 "<msnobj Creator=\"eu at fvalente.net\"
 Type=\"3\" SHA1D=\"zNLlv+v2CjMQ6VlsYn8eaKRgWJQ=\" Size=\"24970\"
 Location=\"0\"
 Friendly=\"QQBMAEkATQAwADkAOQA4ACAAKABNAGUAZABpAHUAbQApAAAA\"/>"
         old_friendly = 0x0
 #1  0x00412f49 in msn_cmdproc_process_cmd (cmdproc=0x86a17e0,
 cmd=0xcb087b0) at cmdproc.c:321
         cb = 0x407319 <nln_cmd>
         trans = (MsnTransaction *) 0x0
 #2  0x00412fe4 in msn_cmdproc_process_cmd_text (cmdproc=0x86a17e0,
     command=0xc8d1c80 "NLN NLN eu at fvalente.net sKy 2253180988
 %3Cmsnobj%20Creator%3D%22eu%40fvalente.net%22%20Type%3D%223%22%20SHA1D%3D%22zNLlv%2Bv2CjMQ6VlsYn8eaKRgWJQ%3D%22%20Size%3D%2224970%22%20Location%3D%220%22%20Frien"...)
 at cmdproc.c:343
 No locals.
 #3  0x0040a802 in read_cb (data=0xcc9b1a8, source=116,
 cond=PURPLE_INPUT_READ) at servconn.c:447
         servconn = (MsnServConn *) 0xcc9b1a8
         session = (MsnSession *) 0xcc9b128
         buf = "NLN NLN eu at fvalente.net sKy 2253180988
 %3Cmsnobj%20Creator%3D%22eu%40fvalente.net%22%20Type%3D%223%22%20SHA1D%3D%22zNLlv%2Bv2CjMQ6VlsYn8eaKRgWJQ%3D%22%20Size%3D%2224970%22%20Location%3D%220%22%20Frien"...
         cur = 0xc8d1c80 "NLN NLN eu at fvalente.net sKy 2253180988
 %3Cmsnobj%20Creator%3D%22eu%40fvalente.net%22%20Type%3D%223%22%20SHA1D%3D%22zNLlv%2Bv2CjMQ6VlsYn8eaKRgWJQ%3D%22%20Size%3D%2224970%22%20Location%3D%220%22%20Frien"...
         end = 0xc8d1d8c ""
         old_rx_buf = 0xc8d1c80 "NLN NLN eu at fvalente.net sKy 2253180988
 %3Cmsnobj%20Creator%3D%22eu%40fvalente.net%22%20Type%3D%223%22%20SHA1D%3D%22zNLlv%2Bv2CjMQ6VlsYn8eaKRgWJQ%3D%22%20Size%3D%2224970%22%20Location%3D%220%22%20Frien"...
         len = 268
         cur_len = 268
 #4  0x0808c4e2 in purple_gnt_io_invoke (source=0xcbc9310,
 condition=G_IO_IN, data=0xcc1eaf0) at GaimWrapper.cpp:163
         closure = (PurpleGntIOClosure *) 0xcc1eaf0
         purple_cond = PURPLE_INPUT_READ
 #5  0x00a35dbb in g_io_unix_dispatch (source=0xce44938, callback=0x808c48c
 <purple_gnt_io_invoke>, user_data=0xcc1eaf0)
     at giounix.c:162

 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/7128>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list