95473 – [oscarsocket] Crash in RTF2HTML::FlushOutTags()

Bug 95473 - [oscarsocket] Crash in RTF2HTML::FlushOutTags()

Summary: [oscarsocket] Crash in RTF2HTML::FlushOutTags()

Status:	RESOLVED FIXED

Alias:	None

Product:	kopete
Classification:	Applications
Component:	ICQ and AIM Plugins (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Kopete Developers

URL:
Keywords:

Duplicates (13):	100331 101324 101552 102878 104055 105428 106956 107267 107402 111508 114134 114642 116474 (view as bug list)
Depends on:
Blocks:

Reported:	2004-12-19 20:10 UTC by Emmeran Seehuber
Modified:	2006-03-26 16:55 UTC (History)
CC List:	12 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Packet dump (32.00 KB, text/plain) 2004-12-19 21:20 UTC, Emmeran Seehuber	Details
Packet dump with correct packet size (22.96 KB, text/plain) 2004-12-19 22:10 UTC, Emmeran Seehuber	Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Emmeran Seehuber 2004-12-19 20:10:20 UTC

Version:            (using KDE KDE 3.3.2)
Installed from:    Gentoo Packages
Compiler:          gcc-Version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) 
OS:                Linux

The following crash happens when I get a message from an ICQ5 client. ICQ3 Pro seems to work. Kopete doesn't crash on every message, only on some. But there seems to be no pattern in what messages causes Kopete to crash.

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1229336464 (LWP 12144)]
[New Thread -1245402192 (LWP 12277)]
[Thread debugging using libthread_db enabled]
[New Thread -1229336464 (LWP 12144)]
[New Thread -1245402192 (LWP 12277)]
[New Thread -1237009488 (LWP 12276)]
[Thread debugging using libthread_db enabled]
[New Thread -1229336464 (LWP 12144)]
[New Thread -1245402192 (LWP 12277)]
[KCrash handler]
#7  0xb6500efb in RTF2HTML::FlushOutTags ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#8  0xb6502db3 in Level::setText () from /usr/kde/3.3/lib/libkopete_oscar.so.1
#9  0xb650349d in RTF2HTML::Parse ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#10 0xb64fd70b in OscarMessage::setText ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#11 0xb64ed3da in OscarSocket::parseAdvanceMessage ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#12 0xb64f3287 in OscarSocket::parseIM ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#13 0xb64e4551 in OscarSocket::slotRead ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#14 0xb64e2f67 in OscarConnection::qt_invoke ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#15 0xb64e970e in OscarSocket::qt_invoke ()
   from /usr/kde/3.3/lib/libkopete_oscar.so.1
#16 0x41870bac in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#17 0x418709d4 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#18 0xb729a5ea in KNetwork::KClientSocketBase::readyRead ()
   from /usr/kde/3.3/lib/libkdecore.so.4
#19 0xb7299dda in KNetwork::KClientSocketBase::slotReadActivity ()
   from /usr/kde/3.3/lib/libkdecore.so.4
#20 0xb72a1754 in KNetwork::KBufferedSocket::slotReadActivity ()
   from /usr/kde/3.3/lib/libkdecore.so.4
#21 0xb72a1bb9 in KNetwork::KBufferedSocket::qt_invoke ()
   from /usr/kde/3.3/lib/libkdecore.so.4
#22 0x41870bac in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#23 0x41870d0d in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#24 0x41baffd2 in QSocketNotifier::activated ()
   from /usr/qt/3/lib/libqt-mt.so.3
#25 0x4188d320 in QSocketNotifier::event () from /usr/qt/3/lib/libqt-mt.so.3
#26 0x4181476f in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#27 0x41813ad5 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#28 0xb715b6c2 in KApplication::notify ()
   from /usr/kde/3.3/lib/libkdecore.so.4
#29 0x41803faa in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib/libqt-mt.so.3
#30 0x417bd5a3 in QEventLoop::processEvents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#31 0x41826938 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#32 0x418267e8 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#33 0x418149c1 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#34 0x08068eac in ?? ()
#35 0xbffff1a0 in ?? ()
#36 0xbffff180 in ?? ()
#37 0xbffff180 in ?? ()
#38 0x00000000 in ?? ()
#39 0x080a55c3 in _IO_stdin_used ()
#40 0x00000001 in ?? ()
#41 0x080a57fc in _IO_stdin_used ()
#42 0x080a5186 in _IO_stdin_used ()
#43 0x080a5170 in _IO_stdin_used ()
#44 0x080a515c in _IO_stdin_used ()
#45 0xb7289bdb in malloc () from /usr/kde/3.3/lib/libkdecore.so.4
#46 0xb6bb8f4e in __libc_start_main () from /lib/libc.so.6
#47 0x08068851 in ?? ()

Comment 1 Matt Rogers 2004-12-19 20:14:53 UTC

I need to see a packet dump of the message that causes the crash before i can do anything.

Comment 2 Emmeran Seehuber 2004-12-19 21:20:57 UTC

Created attachment 8725 [details]
Packet dump

I've used this command to capture the data:

tcpdump port 5190 or port 5191 or port 5192 or port 5193 -X -vv -i eth2 

Is this the right way, or should i use other options/an other program?

Comment 3 Thiago Macieira 2004-12-19 21:42:55 UTC

That only captures the first 96 bytes of the packet. Please add the option -s 1500.

By the way, you can use -w to generate a binary output.

Comment 4 Emmeran Seehuber 2004-12-19 22:10:51 UTC

Created attachment 8726 [details]
Packet dump with correct packet size

Here is a packet dump with a correct packet size. I think this packet is the
one causing the problem:

22:03:40.392676 IP (tos 0x0, ttl 110, id 48139, offset 0, flags [DF], length:
445) 205.188.9.52.5190 > nexus.34347: P [tcp sum ok] 1400:1805(405) ack 567 win
16384
	0x0000:  0060 b378 569b 0001 e30a f299 0800 4500  .`.xV.........E.
	0x0010:  01bd bc0b 4000 6e06 b694 cdbc 0934 c0a8  ....@.n......4..
	0x0020:  0102 1446 862b d259 7040 8cf0 44b1 5018  ...F.+.Yp@..D.P.
	0x0030:  4000 1098 0000 2a02 c16e 018f 0004 0007  @.....*..n......
	0x0040:  0000 c6c8 a57e d6b0 7601 9c52 0000 0002  .....~..v..R....
	0x0050:  0834 3537 3430 3430 3900 0000 0500 0100  .45740409.......
	0x0060:  0200 5000 0600 0410 0101 0000 0f00 0400  ..P.............
	0x0070:  004c 7400 1d00 1400 0801 1038 c875 9df7  .Lt........8.u..
	0x0080:  c17d 7da8 e881 6984 c47f 3100 0300 0441  .}}...i...1....A
	0x0090:  c5a0 3800 0501 3400 00d6 b076 019c 5200  ..8...4....v..R.
	0x00a0:  0009 4613 494c 7f11 d182 2244 4553 5400  ..F.IL...."DEST.
	0x00b0:  0000 0a00 0200 0100 0f00 0027 1101 0c1b  ...........'....
	0x00c0:  0009 0000 0000 0000 0000 0000 0000 0000  ................
	0x00d0:  0000 0000 0001 0000 0000 f703 0e00 f703  ................
	0x00e0:  0000 0000 0000 0000 0000 0000 0100 0001  ................
	0x00f0:  0100 a500 7b5c 7274 6631 5c61 6e73 695c  ....{\rtf1\ansi\
	0x0100:  616e 7369 6370 6731 3235 325c 6465 6666  ansicpg1252\deff
	0x0110:  305c 6465 666c 616e 6731 3033 317b 5c66  0\deflang1031{\f
	0x0120:  6f6e 7474 626c 7b5c 6630 5c66 6e69 6c5c  onttbl{\f0\fnil\
	0x0130:  6663 6861 7273 6574 3020 4172 6961 6c3b  fcharset0.Arial;
	0x0140:  7d7d 0d0a 7b5c 636f 6c6f 7274 626c 203b  }}..{\colortbl.;
	0x0150:  5c72 6564 305c 6772 6565 6e36 345c 626c  \red0\green64\bl
	0x0160:  7565 3132 383b 7d0d 0a5c 7669 6577 6b69  ue128;}..\viewki
	0x0170:  6e64 345c 7563 315c 7061 7264 5c63 6631  nd4\uc1\pard\cf1
	0x0180:  5c66 7332 3020 6269 7474 6573 6568 725c  \fs20.bittesehr\
	0x0190:  7061 720d 0a7d 0d0a 0000 4080 00ff ffff  par..}....@.....
	0x01a0:  0026 0000 007b 3937 4231 3237 3531 2d32  .&...{97B12751-2
	0x01b0:  3433 432d 3433 3334 2d41 4432 322d 4436  43C-4334-AD22-D6
	0x01c0:  4142 4637 3346 3134 3932 7d		  ABF73F1492}


BTW: -w didn't work for me. At least no packets where captured :(

Comment 5 Matt Rogers 2004-12-19 23:13:48 UTC

do you have ethereal installed? You can use that to capture packets and it might be easier to use than tcpdump. It'll also make it easier for me to read your packet dumps. :)

Time to go read the RTF specs...

Comment 6 Fabian Köster 2005-01-24 23:59:11 UTC

Same here, also with Kopete 0.9.2 (KDE 3.3.2).
Happens everytime when a icq5-user (I only have one) tries to send a message to me.

Sorry that I can't do more debugging yet but if you want to reproduce this one yourself, the icq5-beta isn't online anymore on icq.com but you can download it over filesharing-services or on alternative servers like chip.de: http://www.chip.de/downloads/c_downloads_10557529.html

bye

Comment 7 Matt Rogers 2005-03-11 21:57:27 UTC

*** Bug 101324 has been marked as a duplicate of this bug. ***

Comment 8 Matt Rogers 2005-03-11 21:57:44 UTC

*** Bug 100331 has been marked as a duplicate of this bug. ***

Comment 9 Matt Rogers 2005-03-15 15:56:48 UTC

*** Bug 101552 has been marked as a duplicate of this bug. ***

Comment 10 Thiago Macieira 2005-03-31 03:43:09 UTC

*** Bug 102878 has been marked as a duplicate of this bug. ***

Comment 11 Thiago Macieira 2005-04-17 18:01:37 UTC

*** Bug 104055 has been marked as a duplicate of this bug. ***

Comment 12 Matt Rogers 2005-05-11 02:48:11 UTC

*** Bug 105428 has been marked as a duplicate of this bug. ***

Comment 13 Holger Jorra 2005-05-24 00:14:57 UTC

I got something new about this bug. A ICQ User told me that SIM, has the same problem (http://sim-icq.sourceforge.net /). 
The problem is that ICQ 5 does not always send font information when sending messages, so info is missing and sim as like it seems for me kopete crashes because of that. Is that any help? May I should ask ICQ.com directly?

Comment 14 Holger Jorra 2005-05-25 13:28:56 UTC

One Question: I heared rumours that this bug is fixed since KDE 3.4. Is this correct? Do I have to update my complete KDE for using a kopete without this bug?

Comment 15 Matt Rogers 2005-06-07 14:03:54 UTC

*** Bug 106956 has been marked as a duplicate of this bug. ***

Comment 16 Matt Rogers 2005-06-12 16:03:31 UTC

*** Bug 107267 has been marked as a duplicate of this bug. ***

Comment 17 Matt Rogers 2005-06-14 16:08:35 UTC

*** Bug 107402 has been marked as a duplicate of this bug. ***

Comment 18 mestro 2005-06-14 17:11:06 UTC

since i've use KDE 3.4 i have not got this error again.

Comment 19 Kevin Boergens 2005-06-23 14:50:33 UTC

yes, same for me, I hated this bug so much in 0.9.2
Experienced it never again after upgrading to 0.10

Kevin

Comment 20 Olivier Goffart 2005-08-25 20:52:30 UTC

*** Bug 111508 has been marked as a duplicate of this bug. ***

Comment 21 Matt Rogers 2005-10-09 22:55:47 UTC

*** Bug 114134 has been marked as a duplicate of this bug. ***

Comment 22 Matt Rogers 2005-10-18 23:09:32 UTC

*** Bug 114642 has been marked as a duplicate of this bug. ***

Comment 23 Thiago Macieira 2005-11-16 11:21:10 UTC

*** Bug 116474 has been marked as a duplicate of this bug. ***

Comment 24 Matt Rogers 2006-03-26 16:55:24 UTC

*** Bug has been marked as fixed ***.