Skip to content
GitLab

history: Use a sufficiently sized string

Merged Guido Gunther requested to merge guido.gunther/chatty:fix-history-crash into master

Otherwise we crash like

  ==16234==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000594cb4 at pc 0x7fca16a1d550 bp 0x7ffd12231330 sp 0x7ffd12230ae0
  READ of size 21 at 0x603000594cb4 thread T0
  #0 0x7fca16a1d54f (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xa854f)
  #1 0x7fca166b0472 in g_strdup ../../../glib/gstrfuncs.c:362
  #2 0x7fca0a9e3fb1 in insert_in_hash_table ./libpurple/protocols/jabber/chat.c:225
  #3 0x7fca1667fb6f in g_hash_table_foreach ../../../glib/ghash.c:1687
  #4 0x7fca0a9e52d0 in jabber_chat_new ./libpurple/protocols/jabber/chat.c:255
  #5 0x7fca0a9e52d0 in jabber_join_chat ./libpurple/protocols/jabber/chat.c:292
  #6 0x7fca0a9e57da in jabber_chat_join ./libpurple/protocols/jabber/chat.c:415
  #7 0x5619589e3e4b in cb_auto_join_chats ../src/chatty-buddy-list.c:550
  #8 0x7fca16690dd7 in g_main_dispatch ../../../glib/gmain.c:3182
  #9 0x7fca16690dd7 in g_main_context_dispatch ../../../glib/gmain.c:3847
  #10 0x7fca166911c7 in g_main_context_iterate ../../../glib/gmain.c:3920
  #11 0x7fca1669125b in g_main_context_iteration ../../../glib/gmain.c:3981
  #12 0x7fca1688398c in g_application_run ../../../gio/gapplication.c:2470
  #13 0x5619589cb8af in main ../src/main.c:28
  #14 0x7fca158c209a in __libc_start_main ../csu/libc-start.c:308
  #15 0x5619589cb5c9 in _start (/var/scratch/librem5/chatty/_build/src/chatty+0x1d5c9)

  0x603000594cb4 is located 0 bytes to the right of 20-byte region [0x603000594ca0,0x603000594cb4)
  allocated by thread T0 here:
  #0 0x7fca16a5e330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
  #1 0x5619589e031e in chatty_conv_add_history_since_component ../src/chatty-conversation.c:2472
  #2 0x5619589e3e25 in cb_auto_join_chats ../src/chatty-buddy-list.c:548
  #3 0x7fca16690dd7 in g_main_dispatch ../../../glib/gmain.c:3182
  #4 0x7fca16690dd7 in g_main_context_dispatch ../../../glib/gmain.c:3847

The comment

   // TODO @LELAND for some reason if freed here,
   // writes garbage to blist.xml
   // Why cant I use an string?

is confusing and it'd be good to know if that is related.

Edited by Guido Gunther