On Wed, Apr 28, 2010 at 07:44:26AM +0200, Jakub Zawadzki wrote:
> On Tue, Apr 27, 2010 at 11:50:42PM +0200, Jan Kaluza wrote:
> > I'm sending simple patch which fixes uninitialized variables in three
> > places in event.c. I've just checked current stable version and it
> > seems the bug is still there.
>
> The whole memory of structure event_t is initialized to 0 in calloc.
Sorry, this memory is allocated by malloc ;/
> #7 0x00007fc9939be8c4 in ggp_callback_recv (_gc=<value optimized out>,
> fd=<value optimized out>, cond=<value optimized out>) at
> /home/mati/repositories/jaunty/pidgin-2.6.6/./libpurple/protocols/gg/gg.c:1584
> gc = (PurpleConnection *) 0x1009fe0
> ev = (struct gg_event *) 0x1009f10
Pidgin code:
#v+
case GG_EVENT_NOTIFY60:
purple_debug_info("gg",
"notify60_pre: (%d) status=%d; version=%d; descr=%s\n",
ev->event.notify60->uin, ev->event.notify60->status,
ev->event.notify60->version,
ev->event.notify60->descr ? ev->event.notify60->descr :
"(null)");
for (i = 0; ev->event.notify60[i].uin; i++) {
purple_debug_info("gg",
"notify60: (%d) status=%d; version=%d; descr=%s\n",
ev->event.notify60[i].uin,
ev->event.notify60[i].status,
ev->event.notify60[i].version,
ev->event.notify60[i].descr ?
ev->event.notify60[i].descr : "(null)");
/* ... */
}
#v-
I don't see a reason for debug code outside loop.
End of e->event.notify60 array is terminated by item with uin 0,
I can't find information if other fields of gg_notify_reply60 should be
initialized or no.
IMHO If we want to proper fix case like this, we need to initialize all fields
to \0
(and not only cases where there is only one item, but also if there're more
items)
(In pidgin code at least: ev->event.notify60->status &
ev->event.notify60->version is affected)
Anyway, GG_NOTIFY_REPLY60 with 0 items? HUH!?
_______________________________________________
libgadu-devel mailing list
[email protected]
http://lists.ziew.org/mailman/listinfo/libgadu-devel
