Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete/oversize messages cause crash, probably #8

Open
BenWiederhake opened this issue Oct 8, 2020 · 3 comments
Open

Incomplete/oversize messages cause crash, probably #8

BenWiederhake opened this issue Oct 8, 2020 · 3 comments

Comments

@BenWiederhake
Copy link

BenWiederhake commented Oct 8, 2020
edited
Loading

I ran into this only once, but here's what I think has happened:

  • Use purple-rocketchat
  • Put computer into standby
  • Use other device to talk a lot on Rocketchat
  • Wake computer from standby
  • glib stumbles over some incomplete/oversize/broken/truncated/whatever message
  • purple-rocketchat eventually calls free on the result invalid pointer(?)

Here's what I know for sure:

This was the last lines of stderr:

(Pidgin:1234): Json-CRITICAL **: 00:23:16.196: json_node_get_object: assertion 'JSON_NODE_IS_VALID (node)' failed
munmap_chunk(): invalid pointer

These are the last lines of stdout:

(00:23:16) rocketchat: got frame data: a["{\"msg\":\"nosub\",\"id\":\"0123456789abcdef\",\"error\":{\"isClientSafe\":true,\"error\":404,\"reason\":\"Subscription 'activeUsers' not found\",\"message\":\"Subscription 'activeUsers' not found [404]\",\"errorType\":\"Meteor.Error\"}}"]
(00:23:16) rocketchat: got frame data: a["{\"msg\":\"ready\",\"subs\":[\"0123456789abcdef\"]}"]
(00:23:16) rocketchat: got frame data: a["{\"msg\":\"ready\",\"subs\":[\"0123456789abcdef\"]}"]
(00:23:16) rocketchat: got frame data: a["{\"msg\":\"updated\",\"methods\":[\"29\"]}"]
(00:23:16) rocketchat: got frame data: a["{\"msg\":\"result\",\"id\":\"29\",\"result\":\"0123456789abcdef\"}"]

(The channel-ID 0123456789abcdef is fake.)

I'm fairly certain that purple-rocketchat is the only plugin that reasonably calls json_node_get_object at that point in my case.

Let's hope I can't reproduce it :P

EDIT: The "Meteor.Error" seems relevant.
@BenWiederhake
Copy link
Author

It happened again, this time when switching my VPN off and reconnecting:

(11:27:44) rocketchat: got frame data: a["{\"msg\":\"nosub\",\"id\":\"0123456789abcdef\",\"error\":{\"isClientSafe\":true,\"error\":404,\"reason\":\"Subscription 'activeUsers' not found\",\"message\":\"Subscription 'activeUsers' not found [404]\",\"errorType\":\"Meteor.Error\"}}"]
(11:27:44) rocketchat: got frame data: a["{\"msg\":\"ready\",\"subs\":[\"0123456789abcdef\"]}"]
(11:27:44) rocketchat: got frame data: a["{\"msg\":\"ready\",\"subs\":[\"0123456789abcdef\"]}"]
(11:27:44) rocketchat: got frame data: a["{\"msg\":\"updated\",\"methods\":[\"32\"]}"]
(11:27:44) rocketchat: got frame data: a["{\"msg\":\"result\",\"id\":\"32\",\"result\":\"0123456789abcdef\"}"]

@EionRobb
Copy link
Owner

Is it possible to run it through valgrind?
I'm guessing not, but is there any backtrace?

@BenWiederhake
Copy link
Author

I can't seem to reproduce it easily, so I don't have a backtrace, sorry. It appears fast enough running in gdb, so I'll just keep running it in gdb for a while.

The valgrind output is too noisy to tell me anything:
rocket-valgrind.txt
Don't ask me why the PID suddenly changes; I don't know. :/
If anything, it looks like purple-rocketchat never frees any resources? That would kinda contradict my "double free" theory.

Also, it appears that the json_node_get_object assertion appears all the time, not fatal, and apparently is just business as usual. Not related to the crashes I guess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EionRobb @BenWiederhake