[Pidgin] #13136: Segfault with unexpected jingle transport type
Pidgin
trac at pidgin.im
Tue Dec 28 08:58:21 EST 2010
#13136: Segfault with unexpected jingle transport type
-----------------------------------------------+----------------------------
Reporter: nikita | Owner: Maiku
Type: defect | Status: new
Component: Voice and Video | Version: 2.7.9
Keywords: jingle invalid transport segfault |
-----------------------------------------------+----------------------------
Hello,
When libpurple receive an incoming jingle request with an unexpected
jingle transport type, it crash.
Here is the backtrace :
{{{
(gdb) bt full
#0 0x00007fa0d9e16ba5 in raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007fa0d9e1a6b0 in abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x1000000020,
sa_sigaction = 0x1000000020}, sa_mask = {__val = {0, 4662085,
140735345723504, 0, 140328852244520, 140328826739536, 140328920107400,
140735345724640, 4294967295, 1, 1,
7405168, 0, 48728150, 1, 0}}, sa_flags = -548316559,
sa_restorer = 0x1}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00000000004982f7 in sighandler (sig=11) at gtkmain.c:191
written = 140735345724144
#3 <signal handler called>
No symbol table info available.
#4 0x00007fa0cd6dd7db in jingle_transport_parse (transport=0x30b14e0) at
jingle/transport.c:163
type = 0x30aec60 "http://www.xmpp.org/extensions/xep-0177.html#ns"
#5 0x00007fa0cd6d709d in jingle_content_parse_internal
(content=0x30b1680) at jingle/content.c:386
description = 0x30b1700
type = 0x30b1a90 "urn:xmpp:jingle:apps:rtp:1"
creator = 0x30b15e0 "initiator"
disposition = 0x0
senders = 0x0
name = 0x30b1540 "Microphone"
transport = 0x7fa0db848148
#6 0x00007fa0cd6db048 in jingle_rtp_parse_internal (rtp=0x30b1680) at
jingle/rtp.c:685
content = 0x30680d0
description = 0x0
media_type = 0x0
ssrc = 0x7fff804a0ee0 "\020\017J\200\377\177"
#7 0x00007fa0cd6d7163 in jingle_content_parse (content=0x30b1680) at
jingle/content.c:403
type = 0x30b1a90 "urn:xmpp:jingle:apps:rtp:1"
jingle_type = 50884208
#8 0x00007fa0cd6d57d7 in jingle_handle_session_initiate
(session=0x2ed14c0, jingle=0x30b1be0) at jingle/jingle.c:234
parsed_content = 0x1d6f660
content = 0x30b1680
#9 0x00007fa0cd6d5e4d in jingle_parse (js=0x2e1a560, from=0x30b1950
"test3 at elyzion.net/Beem", type=JABBER_IQ_SET, id=0x30b1d90 "zl22h-42",
jingle=0x30b1be0) at jingle/jingle.c:426
action = 0x30b16e0 "session-initiate"
sid = 0x30b1760 "6643120236470425030"
action_type = JINGLE_SESSION_INITIATE
session = 0x2ed14c0
#10 0x00007fa0cd6c8cf7 in jabber_iq_parse (js=0x2e1a560, packet=0x3080ed0)
at iq.c:380
key = 0x30afcc0 "`_\004\003"
jih = 0x7fa0cd6d5c91 <jingle_parse>
signal_ref = 0
jcd = 0x0
child = 0x30b1be0
error = 0x0
x = 0x0
xmlns = 0x30b1b40 "urn:xmpp:jingle:1"
iq_type = 0x30b1c60 "set"
id = 0x30b1d90 "zl22h-42"
from = 0x30b1950 "test3 at elyzion.net/Beem"
type = JABBER_IQ_SET
signal_return = 0
}}}
Of course in my backtrace
"http://www.xmpp.org/extensions/xep-0177.html#ns" is an invalid type, but
libpurple will segfault because of it.
I have also attached a small patch that I hope fix this issue.
PS: I want to precise that the bug occur only if libpurple is configured
with --enabled-vv, but the plugin don't need to be loaded for reproducing
the issue.
--
Ticket URL: <http://developer.pidgin.im/ticket/13136>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list