[Pidgin] #14386: Pidgin crashes during receiving file via IBB

Pidgin trac at pidgin.im
Sun Jul 17 01:18:29 EDT 2011 

#14386: Pidgin crashes during receiving file via IBB
------------------------------------------+---------------------------------
 Reporter:  andrey_skvortsov              |        Owner:  deryni
     Type:  defect                        |       Status:  new   
Milestone:                                |    Component:  XMPP  
  Version:  2.9.0                         |   Resolution:        
 Keywords:  xmpp file transfer crash ibb  |  
------------------------------------------+---------------------------------
Changes (by darkrain42):

 * cc: datallah (added)


Comment:

 (ccing datallah because he last touched the SOCKS5 proxy code)

 This is basically a race condition, though looking at the code, I don't
 see how it's happening.

 SOCKS5 (either direct, or via a proxy) connections are attempted first,
 and IBB used as a fallback.  The XMPP code contains a timer that fires
 after 15 seconds; if the connection hasn't succeeded at that time, the
 connection is cancelled (and libpurple either tries the next streamhost or
 falls back to IBB).

 In this case, the connection is attempted:
 {{{
 (11:33:31) dnsquery: Performing DNS lookup for 10.0.2.15
 (11:33:31) dnsquery: IP resolved for 10.0.2.15
 (11:33:31) proxy: Attempting connection to 10.0.2.15
 (11:33:31) proxy: Connecting to 10.0.2.15:1264 with no proxy
 (11:33:31) proxy: Connection in progress
 }}}

 It times out and we fall back to the next streamhost (which is
 "0.0.0.0"...which is broken, but not causing a crash):
 {{{
 (11:33:46) jabber: Streamhost connection timeout of 15 seconds exceeded.
 (11:33:46) jabber: si connection failed, jid was
 skvortsovav at arc.world/VirtualBox, host was 10.0.2.15, error was Timeout
 Exceeded.
 (11:33:46) dnsquery: Performing DNS lookup for 0.0.0.0
 (11:33:46) dnsquery: IP resolved for 0.0.0.0
 (11:33:46) proxy: Attempting connection to 0.0.0.0
 (11:33:46) proxy: Connecting to 0.0.0.0:1264 with no proxy
 (11:33:46) proxy: Connection in progress
 (11:33:46) proxy: Connecting to 0.0.0.0:1264.
 (11:33:46) proxy: Error connecting to 0.0.0.0:1264 (Windows socket error
 #10049).
 (11:33:46) proxy: Connection attempt failed: Windows socket error #10049
 (11:33:46) proxy: Unable to connect to SOCKS5 host.
 (11:33:46) jabber: si connection failed, jid was
 skvortsovav at arc.world/VirtualBox, host was 0.0.0.0, error was Windows
 socket error #10049
 }}}

 libpurple then falls back to IBB.  After some time, the proxy connection
 *finally* fails, which leads to the crash (since the !JabberXfer struct is
 in a different state now):
 {{{
 (11:33:52) proxy: Connecting to 10.0.2.15:1264.
 (11:33:52) proxy: Error connecting to 10.0.2.15:1264 (Connection timed
 out.).
 (11:33:52) proxy: Connection attempt failed: Connection timed out.
 (11:33:52) proxy: Unable to connect to SOCKS5 host.
 }}}

 Datallah, I can't see how this happens, because `jsx->connect_data` is
 cancelled/destroyed when the XMPP prpl timeout is triggered (so
 `PURPLE_PROXY_CONNECT_DATA_IS_VALID(connect_data)` should trip an early
 return from `socks5_connected_to_proxy` (since that `connect_data` is the
 one for the overall connection attempt)

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14386#comment:7>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list