FS#69653 - [pidgin-libnotify] Crash when receiving message

Attached to Project: Community Packages
Opened by Jonathan Liu (net147) - Tuesday, 16 February 2021, 02:00 GMT
Last edited by Balló György (City-busz) - Wednesday, 21 April 2021, 08:18 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Balló György (City-busz)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Pidgin crashes when receiving message.

Stack trace:
#0 0x00007f214cfe8ef5 in raise () at /usr/lib/libc.so.6
#1 0x00007f214cfd2862 in abort () at /usr/lib/libc.so.6
#2 0x000055ac5b4f09df in ()
#3 0x00007f214d18c960 in <signal handler called> () at /usr/lib/libpthread.so.0
#4 notify_supports_actions () at pidgin-libnotify.c:320
#5 notify (title=<optimized out>, body=<optimized out>, buddy=<optimized out>) at pidgin-libnotify.c:409
#6 0x00007f2148ae5fd8 in notify_msg_sent (account=<optimized out>, sender=<optimized out>, message=0x55ac5e496c00 "Okay") at pidgin-libnotify.c:506
#7 0x00007f214d37542c in purple_signal_emit_vargs () at /usr/lib/libpurple.so.0
#8 0x00007f214d3755cf in purple_signal_emit () at /usr/lib/libpurple.so.0
#9 0x00007f214d373d1f in serv_got_im () at /usr/lib/libpurple.so.0
#10 0x00007f2148939d6c in jabber_message_parse () at /usr/lib/purple-2/libjabber.so.0
#11 0x00007f214893bb55 in () at /usr/lib/purple-2/libjabber.so.0
#12 0x00007f214c6dd4bd in () at /usr/lib/libxml2.so.2
#13 0x00007f214c6e45c9 in () at /usr/lib/libxml2.so.2
#14 0x00007f214c6e55a0 in xmlParseChunk () at /usr/lib/libxml2.so.2
#15 0x00007f214893c05f in jabber_parser_process () at /usr/lib/purple-2/libjabber.so.0
#16 0x00007f214892a48d in () at /usr/lib/purple-2/libjabber.so.0
#17 0x000055ac5b4d5333 in ()
#18 0x00007f214d47ab84 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#19 0x00007f214d4cec21 in () at /usr/lib/libglib-2.0.so.0
#20 0x00007f214d47a0d3 in g_main_loop_run () at /usr/lib/libglib-2.0.so.0
#21 0x00007f214db1f95e in gtk_main () at /usr/lib/libgtk-x11-2.0.so.0
#22 0x000055ac5b496988 in main ()

Additional info:
* pidgin 2.14.1-3
* pidgin-libnotify 0.14-12
* libnotify 0.7.9-1

Steps to reproduce:
No steps to easily reproduce. Sometimes when receiving message, pidgin will crash.

Suspect it is a null pointer dereference for caps->data if notify_get_server_caps() returns NULL. The code that is crashing was added by pidgin-libnotify-notify-osd.patch.
This task depends upon

Closed by  Balló György (City-busz)
Wednesday, 21 April 2021, 08:18 GMT
Reason for closing:  Fixed
Additional comments about closing:  pidgin-libnotify 0.14-13
Comment by Jonathan Liu (net147) - Tuesday, 16 February 2021, 02:06 GMT
Proposed new version of pidgin-libnotify-notify-osd.patch to avoid null pointer dereference attached.
   pidgin-libnotify-notify-osd.p... (1.2 KiB)
Comment by Jonathan Liu (net147) - Tuesday, 16 February 2021, 02:52 GMT
Updated proposed patch as the for loop misses the last item and also does not free the items in the list.
   pidgin-libnotify-notify-osd.p... (1.2 KiB)
Comment by Jonathan Liu (net147) - Tuesday, 16 February 2021, 02:57 GMT
Updated proposed patch to remove unused variable "i".
   pidgin-libnotify-notify-osd.p... (1.2 KiB)
Comment by Balló György (City-busz) - Saturday, 17 April 2021, 13:58 GMT
Which notification service do you use?
Please test pidgin-libnotify 0.14-13, it should solve the problem I think.

Loading...