Crash when enabling my matrix account
Toggling on matrix tripped up address sanitizer:
=================================================================
==24956==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcd88055a2 at pc 0x7f59c0e51a90 bp 0x7ffcd8805460 sp 0x7ffcd8804c10
WRITE of size 3 at 0x7ffcd88055a2 thread T0
#0 0x7f59c0e51a8f in strncpy (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x55a8f)
#1 0x7f59c0b49357 in strncpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106
#2 0x7f59c0b49357 in g_utf8_strncpy ../../../glib/gutf8.c:441
#3 0x55e49892f29f in chatty_icon_get_buddy_icon ../src/chatty-icons.c:230
#4 0x55e498921347 in chatty_conv_muc_add_user ../src/chatty-conversation.c:1530
#5 0x55e498921748 in chatty_conv_muc_list_add_users ../src/chatty-conversation.c:1617
#6 0x7f59c00b1a84 in purple_conv_chat_add_users ./libpurple/conversation.c:1746
#7 0x7f59b4d76922 in matrix_room_complete_state_update (/usr/lib/purple-2/libmatrix.so+0x9922)
#8 0x7f59b4d778f1 in matrix_sync_parse (/usr/lib/purple-2/libmatrix.so+0xa8f1)
#9 0x7f59b4d747d5 (/usr/lib/purple-2/libmatrix.so+0x77d5)
#10 0x7f59b4d737a9 (/usr/lib/purple-2/libmatrix.so+0x67a9)
#11 0x7f59c00ffc4c in url_fetch_recv_cb ./libpurple/util.c:3996
#12 0x55e49892dc60 in purple_glib_io_invoke ../src/chatty-purple-init.c:67
#13 0x7f59c0b17dd7 in g_main_dispatch ../../../glib/gmain.c:3182
#14 0x7f59c0b17dd7 in g_main_context_dispatch ../../../glib/gmain.c:3847
#15 0x7f59c0b181c7 in g_main_context_iterate ../../../glib/gmain.c:3920
#16 0x7f59c0b1825b in g_main_context_iteration ../../../glib/gmain.c:3981
#17 0x7f59c0d0a99c in g_application_run ../../../gio/gapplication.c:2470
#18 0x55e498911727 in main ../src/main.c:43
#19 0x7f59bfe8a09a in __libc_start_main ../csu/libc-start.c:308
#20 0x55e498911359 in _start (/var/scratch/librem5/chatty/_build/src/chatty+0x1a359)
Address 0x7ffcd88055a2 is located in stack of thread T0 at offset 34 in frame
#0 0x55e49892eba3 in chatty_icon_get_buddy_icon ../src/chatty-icons.c:116
This frame has 5 object(s):
[32, 34) 'tmp' <== Memory access at offset 34 overflows this variable
[96, 100) 'scale_width'
[160, 164) 'scale_height'
[224, 232) 'len'
[288, 336) 'te'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x55a8f) in strncpy
Shadow bytes around the buggy address:
0x10001b0f8a60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001b0f8a70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001b0f8a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001b0f8a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001b0f8aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10001b0f8ab0: f1 f1 f1 f1[02]f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
0x10001b0f8ac0: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
0x10001b0f8ad0: f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f3 f3 f3 f3
0x10001b0f8ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10001b0f8af0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
0x10001b0f8b00: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==24956==ABORTINGThis looks related to #103 (closed) from your description.