pidgin/pidgin
Fix crash when cancelling an XMPP file transfer
When an XMPP account has file transfers and the
connection to the XMPP server drops, the JabberStream object
gets g_free()'d, but the PurpleXfers still have pointers to it,
so when the file transfer finishes or is canceled, it tries
to remove itself from the JabberStream object and it ends up
accessing invalid memory, causing a crash.
This patch closes all file transfers associated to
a JabberStream object, right before the object gets g_free()'d.
Testing Done:
Reliably reproduced the crash by closing internet connection while a transfer was in progress. After the patch, the crash no longer occurs because the transfers all end when the internet connection drops.
Bugs closed: PIDGIN-17189
Reviewed at https://reviews.imfreedom.org/r/1485/
When an XMPP account has file transfers and the
connection to the XMPP server drops, the JabberStream object
gets g_free()'d, but the PurpleXfers still have pointers to it,
so when the file transfer finishes or is canceled, it tries
to remove itself from the JabberStream object and it ends up
accessing invalid memory, causing a crash.
This patch closes all file transfers associated to
a JabberStream object, right before the object gets g_free()'d.
Testing Done:
Reliably reproduced the crash by closing internet connection while a transfer was in progress. After the patch, the crash no longer occurs because the transfers all end when the internet connection drops.
Bugs closed: PIDGIN-17189
Reviewed at https://reviews.imfreedom.org/r/1485/
+++ b/libpurple/protocols/jabber/jabber.c Thu Jun 02 20:17:31 2022 -0500
@@ -1579,6 +1579,27 @@
@@ -1591,6 +1612,8 @@