Bug 19101

Summary: tp_connection_get_contacts_by_id() crashes
Product: Telepathy Reporter: Murray Cumming <murrayc>
Component: tp-glibAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: contacts_context_fail_crash.patch
main.c

Description Murray Cumming 2008-12-15 09:30:35 UTC
Created attachment 21179 [details] [review]
contacts_context_fail_crash.patch

tp_connection_get_contacts_by_id() crashes for me because of a call to g_hash_table_lookup() with a NULL string for index 2 (though I only supplied 1 ID)

This patch fixes the crash, but I think there is something else fundamentally wrong with the latest code in git because I am seeing these GErrors which seem suspiciously related:

Connection manager :1.447 is broken: contact #2 in the GetContactAttributes result has no contact-id
Comment 1 Murray Cumming 2008-12-15 09:32:32 UTC
Created attachment 21180 [details]
main.c

Here is a little example that triggers the crash.
Comment 2 Murray Cumming 2009-01-05 00:30:31 UTC
This is still a problem for me with telepathy-glib from git.

Here is the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0xb7c68ab1 in IA__g_str_hash (v=0x0) at gstring.c:95
95	  guint32 h = *p;
(gdb) bt
#0  0xb7c68ab1 in IA__g_str_hash (v=0x0) at gstring.c:95
#1  0xb7c31414 in g_hash_table_lookup_node (hash_table=0x8693cf0, key=0x0) at ghash.c:195
#2  0xb7c313b3 in IA__g_hash_table_lookup (hash_table=0x8693cf0, key=0x0) at ghash.c:783
#3  0xb7f0c881 in contacts_context_fail (c=0x86a4420, error=0x86a2280) at contact.c:779
#4  0xb7f0e68d in contacts_got_attributes (connection=0x86a0c00, attributes=0x8693d80, error=0x0, user_data=0x86a4420, weak_object=0x0) at contact.c:1683
#5  0xb7f06e1d in connection_got_contact_attributes (self=0x86a0c00, attributes=0x8693d80, error=0x0, user_data=0x86a2150, weak_object=0x0)
    at connection-handles.c:721
#6  0xb7efc3db in _tp_cli_connection_interface_contacts_invoke_callback_get_contact_attributes (self=0x86a0c00, error=0x0, args=0x86a2270, 
    generic_callback=0xb7f06ca8 <connection_got_contact_attributes>, user_data=0x86a2150, weak_object=0x0) at _gen/tp-cli-connection-body.h:7840
#7  0xb7f3d0bb in tp_proxy_pending_call_idle_invoke (p=0x869ad50) at proxy-methods.c:153
#8  0xb7c45667 in g_idle_dispatch (source=0x86a3640, callback=0xb7f3cf6a <tp_proxy_pending_call_idle_invoke>, user_data=0x869ad50) at gmain.c:3924
#9  0xb7c4173e in g_main_dispatch (context=0x86967d0) at gmain.c:1814
#10 0xb7c42c16 in IA__g_main_context_dispatch (context=0x86967d0) at gmain.c:2367
#11 0xb7c4316a in g_main_context_iterate (context=0x86967d0, block=1, dispatch=1, self=0x869eb50) at gmain.c:2448
#12 0xb7c43941 in IA__g_main_loop_run (loop=0x8695840) at gmain.c:2656
#13 0x0804914f in main ()
Comment 3 Murray Cumming 2009-01-05 00:32:49 UTC
Note that Will Thompson reports that this is not a problem in telepathy-glib 0.7.18.
Comment 4 Will Thompson 2009-01-07 05:06:31 UTC
main.c works for me with telepathy-glib 0.7.20 :-/
Comment 5 Will Thompson 2009-01-07 05:07:39 UTC
Oh, I'm an idiot and didn't change the account credentials. Let's see...
Comment 6 Will Thompson 2009-01-07 05:09:45 UTC
Nope, it does still work for me. I'll try to figure out how your backtrace could occur.
Comment 7 Will Thompson 2009-01-07 05:12:48 UTC
Ah! You're using a version of telepathy-gabble that misbehaved, and hence are hitting a different path in TpContact! If you upgrade your gabble, the problem should go away; I'll look into the bug in this path of tp-glib.
Comment 8 Will Thompson 2009-01-07 05:20:12 UTC
Oh, that's odd. That particular bug was in tp-glib, not gabble. Is your gabble using an older telepathy-glib?
Comment 9 Will Thompson 2009-01-07 08:53:24 UTC
commit d7d571e73817aa5b889f80c7185c89702d9c2f58
Author: Will Thompson <will.thompson@collabora.co.uk>
Date:   Wed Jan 7 15:51:13 2009 +0000

    Don't treat requested IDs' NULL terminator as an id.
    
    Fixes fd.o bug #19101
---
 telepathy-glib/contact.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/telepathy-glib/contact.c b/telepathy-glib/contact.c
index 9e19d64..faf99ec 100644
--- a/telepathy-glib/contact.c
+++ b/telepathy-glib/contact.c
@@ -796,7 +796,8 @@ contacts_context_fail (ContactsContext *c,
           error, c->user_data, c->weak_object);
       return;
     case CB_BY_ID:
-      for (i = 0; i < c->request_ids->len; i++)
+      /* -1 because NULL terminator is explicit */
+      for (i = 0; i < c->request_ids->len - 1; i++)
         {
           const gchar *id = g_ptr_array_index (c->request_ids, i);

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.