Crash with irssi 0.8.12 and silc-plugin.

Wesley Shields wxs at atarininja.org
Mon Nov 5 20:27:20 CET 2007 

First, sorry for the cross-post but I'm not sure what the exact cause of
this bug is.

I'm experiencing a crash using the irssi plugin.  The crash actually
happens inside irssi code, but I'm not familiar enough with either irssi
or the silc code to pinpoint the problem.  I'm able to reproduce this
repeatedly using:

1. Load up irssi
2. /load silc and enter my passphrase
3. /connect -silc silcnet silc.silcnet.org
4. /join #foo (any channel will do)
5. type anything in the channel

Here is the backtrace of those steps inside gdb:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000432603 in skip_target (server=0x0, target=0xc7112a "#foobarfoo")
    at fe-irc-messages.c:47
47              if (server->prefix[(int)(unsigned char)*target] == 0)
(gdb) bt
#0  0x0000000000432603 in skip_target (server=0x0,
    target=0xc7112a "#foobarfoo") at fe-irc-messages.c:47
#1  0x0000000000432761 in sig_message_own_public (server=0x676800,
    msg=0x8659a0 "asdf", target=0xc7112a "#foobarfoo",
    origtarget=0xc7112a "#foobarfoo") at fe-irc-messages.c:74
#2  0x00000000004a5d2a in signal_emit_real (rec=0x63c040, params=4,
    va=0x7fffffffd5f0, first_hook=0x63d200) at signals.c:242
#3  0x00000000004a5f71 in signal_emit (signal=0x4d34de "message own_public",
    params=4) at signals.c:286
#4  0x00000000004a9279 in cmd_msg (
    data=0xc67000 "-channel \"#foobarfoo\" asdf", server=0x676800,
    item=0xc63d00) at chat-commands.c:410
#5  0x00000000004a5d2a in signal_emit_real (rec=0x6161e0, params=3,
    va=0x7fffffffd830, first_hook=0x655e00) at signals.c:242
#6  0x00000000004a5f71 in signal_emit (signal=0x4c10aa "command msg", params=3)
    at signals.c:286
#7  0x000000000044222b in event_text (data=0xc71100 "asdf", server=0x676800,
    item=0xc63d00) at chat-completion.c:1091
#8  0x00000000004a5d2a in signal_emit_real (rec=0x63c060, params=3,
    va=0x7fffffffda30, first_hook=0x642c40) at signals.c:242
#9  0x00000000004a5f71 in signal_emit (signal=0x4cec81 "send text", params=3)
    at signals.c:286
#10 0x000000000048ea85 in event_command (line=0xc71100 "asdf",
    server=0x676800, item=0xc63d00) at commands.c:930
#11 0x00000000004a5d2a in signal_emit_real (rec=0x60e1c0, params=3,
    va=0x7fffffffdc30, first_hook=0x648cc0) at signals.c:242
#12 0x00000000004a5f71 in signal_emit (signal=0x4b9970 "send command",
    params=3) at signals.c:286
#13 0x000000000041a554 in key_send_line () at gui-readline.c:550
#14 0x00000000004a5d2a in signal_emit_real (rec=0x667340, params=3,
    va=0x7fffffffde10, first_hook=0x679140) at signals.c:242
#15 0x00000000004a5f71 in signal_emit (signal=0x865810 "key send_line",
    params=3) at signals.c:286
#16 0x00000000004586b9 in sig_multi (data=0x6690e0 "check_replaces;send_line",
    gui_data=0x0) at keyboard.c:637
#17 0x00000000004a5d2a in signal_emit_real (rec=0x63c480, params=3,
    va=0x7fffffffe010, first_hook=0x6428c0) at signals.c:242
#18 0x00000000004a5f71 in signal_emit (signal=0x865780 "key multi", params=3)
    at signals.c:286
#19 0x00000000004582bc in key_emit_signal (keyboard=0x656e30, key=0x6690a0)
    at keyboard.c:536
#20 0x00000000004584cb in key_pressed (keyboard=0x656e30,
    key=0x7fffffffe1a0 "^J") at keyboard.c:592
#21 0x000000000041a463 in sig_gui_key_pressed (keyp=0xa) at gui-readline.c:515
#22 0x00000000004a5d2a in signal_emit_real (rec=0x67d840, params=1,
    va=0x7fffffffe2b0, first_hook=0x679780) at signals.c:242
#23 0x00000000004a5f71 in signal_emit (signal=0x4b99a9 "gui key pressed",
    params=1) at signals.c:286
#24 0x000000000041aaa9 in sig_input () at gui-readline.c:746
#25 0x00000000004959a5 in irssi_io_invoke (source=0x636f00, condition=G_IO_IN,
    data=0x6688c0) at misc.c:56
#26 0x0000000800d98e05 in g_main_context_dispatch ()
   from /usr/local/lib/libglib-2.0.so.0
#27 0x0000000800d9a81e in g_main_context_acquire ()
   from /usr/local/lib/libglib-2.0.so.0
#28 0x0000000800d9acef in g_main_context_iteration ()
   from /usr/local/lib/libglib-2.0.so.0
#29 0x000000000042f402 in main (argc=1, argv=0x7fffffffe750) at irssi.c:397
(gdb)

Looking at the irssi code and gdb I've found that module_find_id
(src/core/modules.c:113 in irssi 0.8.12) ends up returning null because
the call to g_hash_table_lookup_extended() results in id being null.
This null value eventually gets used in:

if (server->prefix[(int)(unsigned char)*target] == 0)

resulting in the crash.  This crash didn't happen with 0.8.11 but the
code in question was changed a bit for 0.8.12 so I'm not sure if it's a
bug in irssi or if it's a problem with the silc-plugin.  If any more
information is required please let me know.
 
Please CC me as I'm not on either of these lists.

-- WXS

More information about the silc-devel mailing list