[kopete-bugs] [Bug 166404] Kopete hangs when AIM plugin receives text "=P"

Josh Berry des at condordes.net
Sun Jul 13 01:56:19 CEST 2008 

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=166404         
des condordes net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |des condordes net



------- Additional Comments From des condordes net  2008-07-13 01:56 -------
I can confirm this on recent SVN (<24hrs).  My backtrace looks almost identical.  I suspect addQuotesAroundAttributes() is at fault here.

#0  0x00007ffe0d350b88 in QString::fromAscii_helper ()
  from /srv/kde4/lib/kde4/kopete_aim.so
#1  0x00007ffe0d354446 in QString (this=0x7fff28465bb0, ch=0x7ffe0d3817a7 "<")
    at /media/Library/KDE4/qt-copy/src/corelib/tools/qstring.h:391
#2  0x00007ffe0d363d8e in AIMAccount::addQuotesAroundAttributes (this=0x287fe80,
    message=
      {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 14966}, alloc = 0, size = 0, data = 0x682b1a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 375}, alloc = 0, size = 0, data = 0x7ffe2024b63a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x7fff28465cc0, static codecForCStrings = 0x0})
    at /home/des/Code/kde/kdenetwork/kopete/protocols/oscar/aim/aimaccount.cpp:769
#3  0x00007ffe0d365046 in AIMAccount::sanitizedMessage (this=0x287fe80,
    message= 0x7fff28465f10)
    at /home/des/Code/kde/kdenetwork/kopete/protocols/oscar/aim/aimaccount.cpp:282
#4  0x00007ffe0d1044b6 in OscarAccount::messageReceived (this=0x287fe80,
    message= 0x7fff28466c60)
    at /home/des/Code/kde/kdenetwork/kopete/protocols/oscar/oscaraccount.cpp:513
#5  0x00007ffe0d3644d6 in AIMAccount::messageReceived (this=0x287fe80,
    message= 0x7fff28466c60)
    at /home/des/Code/kde/kdenetwork/kopete/protocols/oscar/aim/aimaccount.cpp:517
#6  0x00007ffe0d1067f7 in OscarAccount::qt_metacall (this=0x287fe80,
    _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0x7fff28466550)
    at /media/Library/KDE4/build/kdenetwork/kopete/protocols/oscar/oscaraccount.moc:124
...

The message that was passed into addQuotesAroundAttributes() was: "<BR>does it work? =P"

startReplace is 19 (the 'P') going into the loop, and replaceLength is 1.  sIndex and eIndex will be 0 and 3, respectively (start and end of the <BR> tag).

The inner loop appears to be searching until it finds a tag that ends past the end of the =.  But there is no such tag, so sIndex and eIndex both become -1 (indicating no match found), and thus eIndex never grows to be >= startReplace + replaceLength, causing the infinite loop.

This function seems rather broken, as it assumes that '='s only occur in tags (look at attrRegExp).

A better solution would be to do something like the following (this is pseudo-Perl syntax, as I'm not sure how Qt might do it):

s/(\<[^>]*\s+)([\d\w]+)=([^"/>\s]+)([^<]*\>)/$1$2="$3"$4/

And then repeatedly apply the above to the whole message until it doesn't match anymore.

More information about the kopete-bugs mailing list