Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in BaseJob.cpp when trying to leave non-existent room #289

Closed
vranki opened this issue Feb 26, 2019 · 5 comments
Closed

Crash in BaseJob.cpp when trying to leave non-existent room #289

vranki opened this issue Feb 26, 2019 · 5 comments
Assignees
@KitsuneRal
Labels
crash A crash occurs in the library code

Comments

@vranki
Copy link
Contributor

vranki commented Feb 26, 2019
edited by KitsuneRal
Loading

Description

I happened to stumble to a repeatable crasher when developing Spectral.
I have a 1-to-1 irc chat, which I left. For some reason it's still shown on the UI.
When trying to leave the chat for second time, Spectral crashes in libqmatrixclient code.
The root issue is probably bug in synapse, but libqtmatrix shouldn't crash.

Sorry for quite lousy bug report, it'll be difficult to repeat but at least you can review
the code.

Steps to reproduce

Select the person/room in Spectral, log output:

1 user(s) in the room
Connected to room "!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl" as "@cos42:matrix.org"
libqmatrixclient.jobs: GetRoomEventsJob|https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/messages?from=&dir=b&limit=150
libqmatrixclient.jobs: 403 (tentative)
libqmatrixclient.jobs: "GetRoomEventsJob" status 103: Unknown error
libqmatrixclient.jobs: GetRoomEventsJob|https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/messages?from=&dir=b&limit=150
libqmatrixclient.jobs: 403 (final)
libqmatrixclient.jobs: "GetRoomEventsJob" status 103: Error transferring https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/messages?from=&dir=b&limit=150 - server replied:
libqmatrixclient.jobs: "GetRoomEventsJob" status 105: Guest access not allowed

Try to leave room, log output:

libqmatrixclient.jobs: LeaveRoomJob|https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/leave
libqmatrixclient.jobs: 404 (tentative)
libqmatrixclient.jobs: "LeaveRoomJob" status 104: Unknown error
libqmatrixclient.jobs: LeaveRoomJob|https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/leave
libqmatrixclient.jobs: 404 (final)
libqmatrixclient.jobs: "LeaveRoomJob" status 104: Error transferring https://matrix.org/_matrix/client/r0/rooms/!XcyIhUpTmOiYnTDKEl:irc.snt.utwente.nl/leave - server replied:
libqmatrixclient.jobs: "LeaveRoomJob" status 105: Not a known room

Spectral crashes in libqmatrixclient:

1   std::__uniq_ptr_impl<QMatrixClient::ConnectionData::Private, std::default_delete<QMatrixClient::ConnectionData::Private>>::_M_ptr                                                             unique_ptr.h       147 0x5555555938e6 
2   std::unique_ptr<QMatrixClient::ConnectionData::Private, std::default_delete<QMatrixClient::ConnectionData::Private>>::get                                                                     unique_ptr.h       337 0x555555593828 
3   std::unique_ptr<QMatrixClient::ConnectionData::Private, std::default_delete<QMatrixClient::ConnectionData::Private>>::operator->                                                              unique_ptr.h       331 0x555555593596 
4   QMatrixClient::ConnectionData::accessToken                                                                                                                                                    connectiondata.cpp 47  0x555555592428 
5   QMatrixClient::BaseJob::setStatus                                                                                                                                                             basejob.cpp        596 0x55555563a90b 
6   QMatrixClient::BaseJob::abandon                                                                                                                                                               basejob.cpp        612 0x55555563ad49 
7   QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QMatrixClient::BaseJob:: *)()>::call(void (QMatrixClient::BaseJob:: *)(), QMatrixClient::BaseJob *, void * *) qobjectdefs_impl.h 152 0x5555555bff69 
8   QtPrivate::FunctionPointer<void (QMatrixClient::BaseJob:: *)()>::call<QtPrivate::List<>, void>(void (QMatrixClient::BaseJob:: *)(), QMatrixClient::BaseJob *, void * *)                       qobjectdefs_impl.h 185 0x5555555bd924 
9   QtPrivate::QSlotObject<void (QMatrixClient::BaseJob:: *)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void * *, bool *)                                    qobjectdefs_impl.h 414 0x5555555b98a2 
10  QMetaObject::activate(QObject *, int, int, void * *)                                                                                                                                                                 0x7ffff63970ef 
11  QMatrixClient::BaseJob::failure                                                                                                                                                               moc_basejob.cpp    425 0x55555578f270 
12  QMatrixClient::BaseJob::finishJob                                                                                                                                                             basejob.cpp        478 0x55555563a115 
13  QMatrixClient::BaseJob::gotReply                                                                                                                                                              basejob.cpp        334 0x555555638a43 
14  QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (QMatrixClient::BaseJob:: *)()>::call(void (QMatrixClient::BaseJob:: *)(), QMatrixClient::BaseJob *, void * *) qobjectdefs_impl.h 152 0x5555555bff69 
15  QtPrivate::FunctionPointer<void (QMatrixClient::BaseJob:: *)()>::call<QtPrivate::List<>, void>(void (QMatrixClient::BaseJob:: *)(), QMatrixClient::BaseJob *, void * *)                       qobjectdefs_impl.h 185 0x5555555bd924 
16  QtPrivate::QSlotObject<void (QMatrixClient::BaseJob:: *)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void * *, bool *)                                    qobjectdefs_impl.h 414 0x5555555b98a2 
17  QMetaObject::activate(QObject *, int, int, void * *)                                                                                                                                                                 0x7ffff63970ef 
18  ??                                                                                                                                                                                                                   0x7ffff673d27f 
19  ??                                                                                                                                                                                                                   0x7ffff67dd029 
20  QObject::event(QEvent *)                                                                                                                                                                                             0x7ffff6397b42 
... <More>

My analysis on the crash is that d->connection in BaseJob.cpp:569 is null, but it's referenced.
In stack #4 connectdata.cpp:47 this is a null pointer, causing crash. Maybe check for it's nullness before calling?

Version information

  • The client application: Self-built Spectral
  • libqmatrixclient version if you know it: 23bf0e8 (Sun Jan 13 19:23:52 2019)
  • Qt version: 5.12 in /opt
  • Install method: Local build
  • Platform: Ubuntu 18.04
@KitsuneRal KitsuneRal added the crash A crash occurs in the library code label Feb 26, 2019
@KitsuneRal KitsuneRal self-assigned this Feb 26, 2019
@KitsuneRal
Copy link
Member

Thanks; I really didn't handle errors from leaving a room correctly, they are fairly esoteric. Leaving a non-joined/unknown room is quite worth adding to the test suite though.

@KitsuneRal
Copy link
Member

KitsuneRal commented Feb 26, 2019
edited
Loading

Huh, the call stack says that somebody connected abandon() to failure() which is generally incorrect (failure() means the job already finished and is about to self-destruct; you can't abandon it). I'll insert a guard with a warning so that abandon() exits with no action.

@KitsuneRal
Copy link
Member

Oh; that "somebody" was me, and these are actually two different jobs. The issue is in Connection::forgetRoom().

@KitsuneRal
Copy link
Member

In short - your analysis was almost precisely correct, checking for null pointers in BaseJob::abandon() was the fix. You should be good to go now.

@vranki
Copy link
Contributor Author

vranki commented Feb 27, 2019

Thanks for quick fix and the whole project!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KitsuneRal KitsuneRal

Labels
crash A crash occurs in the library code
Projects
libQuotient 1
Status: Version 0.5(.x) - Released
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vranki @KitsuneRal