Ticket #499 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

Form feed characters are not handled correctly

Reported by: ben Owned by: armin
Priority: normal Milestone:
Component: libinfinity Version:
Severity: normal Keywords:
Cc: Launchpad Bug:

Description (last modified by ben) (diff)

In gobby, entering a ^L or 0x0c or '\f' character into a document disconnects you with "The entity has sent XML that cannot be processed".

Opening a file to the server that contains the character disconnects you similarly, and also makes the infinoted exit with ERROR:inf-xmpp-connection.c:3408:inf_xmpp_connection_xml_connection_send: assertion failed: (priv->status == INF_XMPP_CONNECTION_READY)

This is always reproducable.

Attachments

foo (2 bytes) - added by ben 4 years ago.
a file containing "\f\a"

Change History

Changed 4 years ago by ben

  • attachment foo added

a file containing "\f\a"

Changed 4 years ago by ben

  • description modified (diff)

Changed 4 years ago by ben

Here is a backtrace for the assertion in infinoted. 

#0  0x00007ffff5359645 in raise () from /lib/libc.so.6
#1  0x00007ffff535ab63 in abort () from /lib/libc.so.6
#2  0x00007ffff6a09e22 in g_assertion_message () from /usr/lib/libglib-2.0.so.0
#3  0x00007ffff6a0a2ae in g_assertion_message_expr () from /usr/lib/libglib-2.0.so.0
#4  0x00007ffff7bb170b in inf_xmpp_connection_xml_connection_send (connection=0x645080, xml=0x648ce0) at inf-xmpp-connection.c:3409
#5  0x00007ffff7baa87d in inf_xml_connection_send (connection=0x645080, xml=0x648ce0) at inf-xml-connection.c:251
#6  0x00007ffff7bb985f in inf_communication_registry_send_real (entry=0x634f40, num_messages=5) at inf-communication-registry.c:168
#7  0x00007ffff7bbb6fc in inf_communication_registry_send (registry=0x62b2c0, group=0x6389e0, connection=0x645080, xml=0x614650) at inf-communication-registry.c:1029
#8  0x00007ffff7bb31bf in inf_communication_central_method_send_single (method=0x62ed00, connection=0x645080, xml=0x614650) at inf-communication-central-method.c:197
#9  0x00007ffff7bb891e in inf_communication_method_send_single (method=0x62ed00, connection=0x645080, xml=0x614650) at inf-communication-method.c:230
#10 0x00007ffff7bb5792 in inf_communication_group_send_message (group=0x6389e0, connection=0x645080, xml=0x614650) at inf-communication-group.c:747
#11 0x00007ffff7b71a56 in infd_session_proxy_session_close_cb (session=0x63b0e0, user_data=0x6570a0) at infd-session-proxy.c:640
#12 0x00007ffff6e9bfb1 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff6eaf566 in ?? () from /usr/lib/libgobject-2.0.so.0
#14 0x00007ffff6eb0381 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#15 0x00007ffff6eb082e in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#16 0x00007ffff7ba31d2 in inf_session_close (session=0x63b0e0) at inf-session.c:2284
#17 0x00007ffff7b71d24 in infd_session_proxy_dispose (object=0x6570a0) at infd-session-proxy.c:744
#18 0x00007ffff6e9d94a in g_object_unref () from /usr/lib/libgobject-2.0.so.0
#19 0x00007ffff7b67e21 in infd_directory_remove_sync_in (directory=0x637040, sync_in=0x62b230) at infd-directory.c:1341
#20 0x00007ffff7b67a5e in infd_directory_sync_in_synchronization_failed_cb (session=0x63b0e0, connection=0x645080, error=0x655060, user_data=0x62b230) at infd-directory.c:1198
#21 0x00007ffff7b65715 in inf_marshal_VOID__OBJECT_POINTER (closure=0x656630, return_value=0x0, n_param_values=3, param_values=0x6570f0, invocation_hint=0x7fffffffbef0, marshal_data=0x0)
    at inf-marshal.c:204
---Type <return> to continue, or q <return> to quit---
#22 0x00007ffff6e9bfb1 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#23 0x00007ffff6eaee62 in ?? () from /usr/lib/libgobject-2.0.so.0
#24 0x00007ffff6eb0381 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#25 0x00007ffff6eb082e in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#26 0x00007ffff7b9fc71 in inf_session_connection_notify_status_cb (connection=0x645080, pspec=0x6388c0, user_data=0x63b0e0) at inf-session.c:406
#27 0x00007ffff6e9bfb1 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#28 0x00007ffff6eaee62 in ?? () from /usr/lib/libgobject-2.0.so.0
#29 0x00007ffff6eb0381 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#30 0x00007ffff6eb082e in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#31 0x00007ffff6e9f673 in ?? () from /usr/lib/libgobject-2.0.so.0
#32 0x00007ffff6ea0e5c in g_object_notify () from /usr/lib/libgobject-2.0.so.0
#33 0x00007ffff7bb01b8 in inf_xmpp_connection_notify_status_cb (tcp=0x634ac0, pspec=0x638700, user_data=0x645080) at inf-xmpp-connection.c:2830
#34 0x00007ffff6e9bfb1 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#35 0x00007ffff6eaee62 in ?? () from /usr/lib/libgobject-2.0.so.0
#36 0x00007ffff6eb0381 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#37 0x00007ffff6eb082e in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#38 0x00007ffff6e9f673 in ?? () from /usr/lib/libgobject-2.0.so.0
#39 0x00007ffff6ea0e5c in g_object_notify () from /usr/lib/libgobject-2.0.so.0
#40 0x00007ffff7ba7f9e in inf_tcp_connection_close (connection=0x634ac0) at inf-tcp-connection.c:1162
#41 0x00007ffff7ba67de in inf_tcp_connection_io_incoming (connection=0x634ac0) at inf-tcp-connection.c:316
#42 0x00007ffff7ba6b7f in inf_tcp_connection_io (socket=0x634af0, events=INF_IO_INCOMING, user_data=0x634ac0) at inf-tcp-connection.c:447
#43 0x00007ffff7ba5453 in inf_standalone_io_iteration_impl (io=0x60f400, timeout=-1) at inf-standalone-io.c:265
#44 0x00007ffff7ba60ff in inf_standalone_io_loop (io=0x60f400) at inf-standalone-io.c:659
---Type <return> to continue, or q <return> to quit---
#45 0x00000000004077a8 in infinoted_run_start (run=0x62e8c0, error=0x7fffffffd6d8) at infinoted-run.c:426
#46 0x0000000000405988 in infinoted_main_run (startup=0x62b200, error=0x7fffffffd6d8) at infinoted-main.c:42
#47 0x00000000004059f7 in infinoted_main (argc=1, argv=0x7fffffffd7b8, error=0x7fffffffd6d8) at infinoted-main.c:63
#48 0x0000000000405a46 in main (argc=3, argv=0x7fffffffd7b8) at infinoted-main.c:78

Changed 4 years ago by ben

I pushed the changes to specially escape unprintable characters in commit 7491209[...]. This prevents the assertion from firing, but (say, maliciously) sending raw Ls will still bring infinoted down.

We should probably change it from unprintable characters to those specifically disallowed by xml so that this is not an incompatible protocol change, as currently \n is escaped unnecessarily.

Changed 4 years ago by armin

  • status changed from new to closed
  • resolution set to fixed

I fixed the infinoted crash with these two commits. I see that you have also committed a patch for keeping newlines and such as they are. Seems we are done here.

Note: See TracTickets for help on using tickets.