Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#153 crash if "enable loggin" status changed

closed-works-for-me
nobody
None
7
2010-05-11
2010-03-24
t.s.c
No

1. Install pidgin
2. Install pidgin-encryption
3. enable pidgin-encryption in plug-in configuration
4. select people to chat (the chat window will be opened)
5. disable enable-logging option in opened window(click menu option->enable logging to clear the flag before it)
6. close the opened window
7. select this people to chat again. Now pidgin will crash!!!

platform: xp sp3 ENU
pidgin version: 2.6.6
pidgin-encryption version: 3.0

my understand is:

64A73F64 B8 C0F1AD64 mov eax, 64ADF1C0 ; ASCII "enable-logging"
64A73F69 894424 04 mov dword ptr [esp+4], eax
64A73F6D 8B43 14 mov eax, dword ptr [ebx+14]
64A73F70 890424 mov dword ptr [esp], eax
64A73F73 E8 F8C50500 call <jmp.&libglib-2.0-0.g_hash_table_lookup>
64A73F78 85C0 test eax, eax
64A73F7A 89C3 mov ebx, eax
64A73F7C /74 11 je short 64A73F8F ; code will not jump if the value is exist in blist.xml. it will cause crash!!! see below!!!
64A73F7E 890424 mov dword ptr [esp], eax
64A73F81 E8 AAE30500 call <jmp.&libpurple.purple_value_get_type>
64A73F86 83F8 04 cmp eax, 4
64A73F89 0F84 C5050000 je 64A74554 ; the value is boolean, so jump will happen! see below!!!
64A73F8F C70424 58EFAD64 mov dword ptr [esp], 64ADEF58 ; ASCII "/pidgin/conversations/show_formatting_toolbar"
64A73F96 E8 A5E00500 call <jmp.&libpurple.purple_prefs_get_bool>
64A73F9B 85C0 test eax, eax
64A73F9D 0F84 50050000 je 64A744F3
....................
64A74030 890424 mov dword ptr [esp], eax
64A74033 895C24 04 mov dword ptr [esp+4], ebx
64A74037 31DB xor ebx, ebx
64A74039 E8 F2FD0000 call gtk_imhtml_set_protocol_name ; it will set the protocol name
.....................
64A74554 891C24 mov dword ptr [esp], ebx
64A74557 E8 C4DD0500 call <jmp.&libpurple.purple_value_get_boolean>
64A7455C 894424 04 mov dword ptr [esp+4], eax ; this value is right
64A74560 8B45 94 mov eax, dword ptr [ebp-6C]
64A74563 890424 mov dword ptr [esp], eax
64A74566 E8 A5DF0500 call <jmp.&libpurple.purple_conversation_set_logging> ; program will crash here because the protocol name is not set!
64A7456B ^ E9 1FFAFFFF jmp 64A73F8F

Discussion

  • t.s.c
    t.s.c
    2010-03-24

    • priority: 5 --> 7
     
  • t.s.c
    t.s.c
    2010-03-24

    • summary: Crash --> crash if "enable loggin" status changed
     
  • Bill Tompkins
    Bill Tompkins
    2010-04-26

    Unable to reproduce in 3.1. Please reopen if you continue to see it. Thanks!

     
  • Bill Tompkins
    Bill Tompkins
    2010-04-26

    • status: open --> pending-works-for-me
     
    • status: pending-works-for-me --> closed-works-for-me
     
  • This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).