Bug#657191: kopete: multiple crashes in the wlm protocol code
Package: kopete
Version: 4:4.6.5-3
Severity: important
Tags: patch upstream
Hi,
There are a few recently-introduced bugs in the wlm protocol support code in
kopete. I'm not reporting this bug to upstream's bugzilla because it will get
ignored like my other reports and somebody will eventually notice the bug (but
never the bug report) and write another patch and fix it.
So, attached are three patches, each explaining what they fix. Only the first
one is not a crash bug, but it prevents the creation of connections that will
never be used by kopete.
P.S. back when I wrote the patches all the bugs were still present in the
latest version in the VCS.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
From 1670f6607c5c688aa3a89cdb5aba903cf95529f2 Mon Sep 17 00:00:00 2001
From: Raphael Geissert <atomo64@gmail.com>
Date: Wed, 2 Nov 2011 19:38:21 -0600
Subject: [PATCH 1/3] Avoid multiple switchboard requests while waiting for one to finish
If the user attempts to send more than one message a new sb is requested
every time unless we received one in the mean time and the other client
has already joined. Those extra switchboard connections could be left
unused and hanging around until terminated by an event.
---
wlmchatsession.cpp | 9 ++++++++-
wlmchatsession.h | 1 +
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/wlmchatsession.cpp b/wlmchatsession.cpp
index 0dfdd71..0c75f34 100644
--- a/wlmchatsession.cpp
+++ b/wlmchatsession.cpp
@@ -75,6 +75,7 @@ Kopete::ChatSession (user, others, protocol),
m_chatService (conn),
m_downloadDisplayPicture (false),
m_sendNudge (false),
+m_chatServiceRequested (false),
m_tries (0),
m_oimid (1),
m_sessionID(1)
@@ -893,7 +894,7 @@ WlmChatSession::requestChatService ()
WlmProtocol::protocol ()->wlmOffline)
return false;
- if (!isReady () && account ()->isConnected () && !isConnecting ())
+ if (!isReady () && account ()->isConnected () && !isConnecting () && !m_chatServiceRequested)
{
const std::string rcpt_ = members().first()->contactId().toLatin1().constData();
const std::string msg_ = "";
@@ -901,6 +902,10 @@ WlmChatSession::requestChatService ()
// request a new switchboard connection
static_cast <WlmAccount *>(account ())->server ()->cb.mainConnection->requestSwitchboardConnection (ctx);
QTimer::singleShot (30 * 1000, this, SLOT (switchboardConnectionTimeout ()));
+ // if the user attempts to send more than one message a new sb
+ // is requested every time unless we received one in the mean
+ // time and the other client has already joined
+ m_chatServiceRequested = true;
return true;
}
// probably we are about to connect
@@ -912,6 +917,8 @@ WlmChatSession::switchboardConnectionTimeout ()
{
if (!isReady ())
{
+ // allow a new chat service request
+ m_chatServiceRequested = false;
// try 3 times
if (m_tries < 3)
{
diff --git a/wlmchatsession.h b/wlmchatsession.h
index 91c4b83..3480c65 100644
--- a/wlmchatsession.h
+++ b/wlmchatsession.h
@@ -110,6 +110,7 @@ class WlmChatSession: public Kopete::ChatSession
MSN::SwitchboardServerConnection * m_chatService;
bool m_downloadDisplayPicture;
bool m_sendNudge;
+ bool m_chatServiceRequested;
int m_tries;
int m_oimid;
int m_sessionID;
--
1.7.4.1
From 47aa25082f487a137889deeb2d3dada89282f41d Mon Sep 17 00:00:00 2001
From: Raphael Geissert <atomo64@gmail.com>
Date: Fri, 4 Nov 2011 14:54:38 -0600
Subject: [PATCH 2/3] Fix a crash when receiving a custom emoticon
The mutable iterator needs to be destroyed before the connection is
removed from the pendingMessages map.
---
wlmchatmanager.cpp | 16 +++++++++-------
1 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/wlmchatmanager.cpp b/wlmchatmanager.cpp
index 5444a50..4b202c2 100644
--- a/wlmchatmanager.cpp
+++ b/wlmchatmanager.cpp
@@ -618,15 +618,17 @@ WlmChatManager::slotGotEmoticonFile(MSN::SwitchboardServerConnection * conn,
if(pendingMessages.value(conn).isEmpty())
return;
- QMutableLinkedListIterator<PendingMessage> it(pendingMessages[conn]);
- while (it.hasNext())
{
- PendingMessage pendingMsg = it.next();
- if (fillEmoticons(chat, pendingMsg.message))
+ QMutableLinkedListIterator<PendingMessage> it(pendingMessages[conn]);
+ while (it.hasNext())
{
- chat->appendMessage(*pendingMsg.message);
- it.remove();
- delete pendingMsg.message;
+ PendingMessage pendingMsg = it.next();
+ if (fillEmoticons(chat, pendingMsg.message))
+ {
+ chat->appendMessage(*pendingMsg.message);
+ it.remove();
+ delete pendingMsg.message;
+ }
}
}
--
1.7.4.1
From 628a622bf5498ae8c325abb61e6c3f75483af2fb Mon Sep 17 00:00:00 2001
From: Raphael Geissert <atomo64@gmail.com>
Date: Mon, 7 Nov 2011 10:17:24 -0600
Subject: [PATCH 3/3] Fix another crash due to a mutable iterator
Similar to 47aa25
---
wlmchatmanager.cpp | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/wlmchatmanager.cpp b/wlmchatmanager.cpp
index 4b202c2..de2292f 100644
--- a/wlmchatmanager.cpp
+++ b/wlmchatmanager.cpp
@@ -656,19 +656,21 @@ void WlmChatManager::timerEvent(QTimerEvent *event)
{
connIt.next();
- QMutableLinkedListIterator<PendingMessage> it(connIt.value());
- while (it.hasNext())
{
- PendingMessage pendingMsg = it.next();
- if (pendingMsg.receiveTime < thresholdTime)
+ QMutableLinkedListIterator<PendingMessage> it(connIt.value());
+ while (it.hasNext())
{
- kDebug(14210) << "Did not get emoticons in time!";
- WlmChatSession *chat = chatSessions[connIt.key()];
- if (chat)
- chat->appendMessage(*pendingMsg.message);
-
- it.remove();
- delete pendingMsg.message;
+ PendingMessage pendingMsg = it.next();
+ if (pendingMsg.receiveTime < thresholdTime)
+ {
+ kDebug(14210) << "Did not get emoticons in time!";
+ WlmChatSession *chat = chatSessions[connIt.key()];
+ if (chat)
+ chat->appendMessage(*pendingMsg.message);
+
+ it.remove();
+ delete pendingMsg.message;
+ }
}
}
if (connIt.value().isEmpty())
--
1.7.4.1
Reply to: