Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null pointer dereference in otr_ops.c #33

Open
brettbryantgmail opened this issue Jul 17, 2021 · 0 comments
Open

Null pointer dereference in otr_ops.c #33

brettbryantgmail opened this issue Jul 17, 2021 · 0 comments
Labels
bug

Comments

@brettbryantgmail
Copy link

brettbryantgmail commented Jul 17, 2021
edited by TingPing
Loading

There's an intermittent crash I've been having with this project. In short, it's possible that ops_secure in otr_ops.c is called with coi defined on line 133 as NULL. Please see my attached backtrace and let me know if there's anything else I can give you to help.

(gdb) thread apply all bt

Thread 3 (Thread 0x7fb3c53bc700 (LWP 62268)):
#0  0x00007fb3c8720aff in __GI___poll (fds=0x55562c692210, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb3c931936e in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb3c93196f3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb3c956ef8a in  () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#4  0x00007fb3c9342ad1 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fb3c8806609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007fb3c872d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fb3c5bbd700 (LWP 62267)):
#0  0x00007fb3c8720aff in __GI___poll (fds=0x55562c67a730, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb3c931936e in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb3c93194a3 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb3c93194f1 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fb3c9342ad1 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fb3c8806609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#6  0x00007fb3c872d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fb3c75b2a80 (LWP 62263)):
#0  0x00007fb3c5c74ded in ops_secure (opdata=0x7fffff685780, context=0x55562ba8ce40) at src/otr_ops.c:137
#1  0x00007fb3c5bc8ca7 in  () at /lib/x86_64-linux-gnu/libotr.so.5
#2  0x00007fb3c5bcec51 in otrl_auth_handle_signature () at /lib/x86_64-linux-gnu/libotr.so.5
#3  0x00007fb3c5bcaf62 in otrl_message_receiving () at /lib/x86_64-linux-gnu/libotr.so.5
#4  0x00007fb3c5c76cf5 in otr_receive (ircctx=0x7fffff685780, msg=0x55562ba44716 "PRIVMSG redcircle :?OTR|1443c377|68d09577,00002,00002,tlIrb/m4px/rNOqw0Xw8I4juyDHSKVohqI7OQD9SW/qaqDkf4GvpGYFIx2j9kCodtOTDRwGnbZIeGRk2/vSS5UhynpI3DSxMTjjNHIkomzwvlPPxJDhmM0ABL8i12zYyxfR+anLXkphR6XimJH"..., from=0x7fffff685790 "xxxx__") at src/otr_util.c:679
#5  0x00007fb3c5c77d8b in hook_privmsg (word=0x7fffff6859c0, word_eol=0x7fffff685ad0, userdata=0x0) at src/hexchat_otr.c:245
#6  0x000055562affb9b3 in plugin_hook_run (sess=0x55562c77aa70, name=0x55562c73bab7 "PRIVMSG", word=0x7fffff6859c0, word_eol=0x7fffff685ad0, attrs=0x7fffff685940, type=6) at ../src/common/plugin.c:569
#7  0x000055562affbba6 in plugin_emit_server (sess=0x55562c77aa70, name=0x55562c73bab7 "PRIVMSG", word=0x7fffff6859c0, word_eol=0x7fffff685ad0, server_time=1626492726) at ../src/common/plugin.c:640
#8  0x000055562b01534b in irc_inline (serv=0x55562ba5c710, buf=0x55562ba446ef ":[email protected] PRIVMSG redcircle :?OTR|1443c377|68d09577,00002,00002,tlIrb/m4px/rNOqw0Xw8I4juyDHSKVohqI7OQD9SW/qaqDkf4GvpGYFIx2j9kCodtOTDRwGnbZIeGRk2/vSS5UhynpI3DSxMTjjNHIkomzw"..., len=436) at ../src/common/proto-irc.c:1578
#9  0x000055562b00098b in server_inline (serv=0x55562ba5c710, line=0x55562ba446d0 "@time=2021-07-17T03:32:06.588Z", len=436) at ../src/common/server.c:291
#10 0x000055562b000c03 in server_read (source=0x55562c64de80, condition=G_IO_IN, serv=0x55562ba5c710) at ../src/common/server.c:355
#11 0x00007fb3c931904e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fb3c9319400 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007fb3c93196f3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007fb3c8fa2092 in gtk_main () at /lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#15 0x000055562af95358 in fe_main () at ../src/fe-gtk/fe-gtk.c:347
#16 0x000055562afe5759 in main (argc=1, argv=0x7fffff686f48) at ../src/common/hexchat.c:1141
(gdb) frame 0
#0  0x00007fb3c5c74ded in ops_secure (opdata=0x7fffff685780, context=0x55562ba8ce40) at src/otr_ops.c:137
137		otr_notice (coi->ircctx,
(gdb) l
132	{
133		struct co_info *coi = context->app_data;
134		char *trust = context->active_fingerprint->trust ?: "";
135		char ownfp[45], peerfp[45];
136	
137		otr_notice (coi->ircctx,
138					context->username, TXT_OPS_SEC);
139		if (*trust != '\0')
140			return;
141	
(gdb) p coi
$1 = (struct co_info *) 0x0
@TingPing TingPing added the bug label Jul 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TingPing @brettbryantgmail