View Issue Details

IDProjectCategoryView StatusLast Update
0002752SOGoBackend Calendarpublic2014-05-22 14:28
Reporterbuzzdee Assigned Toludovic  
PriorityhighSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformamd64OSOpenBSDOS Version5.2
Product Version2.2.3 
Fixed in Version2.2.5 
Summary0002752: fix NULL pointer dereference trying to open a calendar entry in OGo with proposed fix
Description

Hi,

with this change:
https://github.com/inverse-inc/sope/commit/e8bea4c638e7dc7a23d82dc2e7364cbd5260fd74#diff-be6a1a8473afbb975082888957981fe7

the check that R is not nil, was removed from the macro WOResponse_AddCString
in sope-appserver/NGObjWeb/WOResponse+private.h

This leads to a crasher in OGo opening a calendar entry.
I re-added the check for that macro, and it immediately fixed the problem for me. please re-add the check about nil back, at least for that macro.

At least the last three stack frames go through SOPE, see backtrace below.

Additional Information

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 16008, thread 0x202883800]
0x000000020aed52fb in -[_WOSimpleStaticASCIIString appendToResponse:inContext:] (self=0x228370010, _cmd=0x20b1e8a70, _response=0x0, _ctx=0x2284b9810)
at WOString.m:366
366 if (self->value) WOResponse_AddCString(_response, self->value);
(gdb) bt
#0 0x000000020aed52fb in -[_WOSimpleStaticASCIIString appendToResponse:inContext:] (self=0x228370010, _cmd=0x20b1e8a70, _response=0x0,
_ctx=0x2284b9810) at WOString.m:366
0000001 0x000000020aeb7e58 in -[WOCompoundElement appendToResponse:inContext:] (self=0x228389e10, _cmd=0x209636ea0, _response=0x0, _ctx=0x2284b9810)
at WOCompoundElement.m:245
0000002 0x00000002093c3638 in -[WETabView collectKeysInContext:] (self=0x22975fa10, _cmd=0x2096370f0, _ctx=0x2284b9810) at WETabView.m:147
0000003 0x00000002093c75a8 in -[WETabView appendToResponse:inContext:] (self=0x22975fa10, _cmd=0x21e7de2f0, _response=0x22831d810, _ctx=0x2284b9810)
at WETabView.m:861
0000004 0x000000021e5c0fc9 in -[SkyTabView appendToResponse:inContext:] (self=0x22837f110, _cmd=0x20b1e8a80, _response=0x22831d810, _ctx=0x2284b9810)
at SkyTabView.m:133
0000005 0x000000020aeb7e8b in -[WOCompoundElement appendToResponse:inContext:] (self=0x22837f790, _cmd=0x21e134000, _response=0x22831d810,
_ctx=0x2284b9810) at WOCompoundElement.m:250
0000006 0x000000021def568f in -[SkyConfigFont appendToResponse:inContext:] (self=0x2282b0390, _cmd=0x20b1e8a70, _response=0x22831d810, _ctx=0x2284b9810)
at SkyConfigFont.m:108
0000007 0x000000020aeb7e58 in -[WOCompoundElement appendToResponse:inContext:] (self=0x228460410, _cmd=0x20b1e8a70, _response=0x22831d810,
_ctx=0x2284b9810) at WOCompoundElement.m:245
0000008 0x000000020aeb7e58 in -[WOCompoundElement appendToResponse:inContext:] (self=0x22836d310, _cmd=0x21e11fa90, _response=0x22831d810,
_ctx=0x2284b9810) at WOCompoundElement.m:245
0000009 0x000000021dedcc03 in -[OGoWindowFrame _appendContentToResponse:inContext:] (self=0x2284e8210, _cmd=0x21e11fc40, _r=0x22831d810,
_ctx=0x2284b9810) at OGoWindowFrame.m:321
0000010 0x000000021dedd39f in -[OGoWindowFrame appendToResponse:inContext:] (self=0x2284e8210, _cmd=0x20b1e7980, _response=0x22831d810, _ctx=0x2284b9810)
at OGoWindowFrame.m:415
0000011 0x000000020aeb6035 in -[WOComponentContent appendToResponse:inContext:] (self=0x22833a5d0, _cmd=0x20b1e8a70, _response=0x22831d810,
_ctx=0x2284b9810) at WOComponentContent.m:153
0000012 0x000000020aeb7e58 in -[WOCompoundElement appendToResponse:inContext:] (self=0x22833e610, _cmd=0x20b1c9a40, _response=0x22831d810,
_ctx=0x2284b9810) at WOCompoundElement.m:245
0000013 0x000000020aea3885 in -[WOTemplate appendToResponse:inContext:] (self=0x228128c90, _cmd=0x20b1732c0, _response=0x22831d810, _ctx=0x2284b9810)
at WOTemplate.m:119
0000014 0x000000020ae32ebd in -[WOComponent appendToResponse:inContext:] (self=0x202243110, _cmd=0x201e3eeb0, _response=0x22831d810, _ctx=0x2284b9810)
at WOComponent.m:928
0000015 0x0000000201c080f0 in -[OGoComponent appendToResponse:inContext:] (self=0x202243110, _cmd=0x21e1196a0, _r=0x22831d810, _ctx=0x2284b9810)
at OGoComponent.m:123
0000016 0x000000021ded54a0 in -[LSWSkyrixFrame appendToResponse:inContext:] (self=0x202243110, _cmd=0x20b191d90, _r=0x22831d810, _ctx=0x2284b9810)
at LSWSkyrixFrame.m:449
0000017 0x000000020ae5e07f in -[WOChildComponentReference appendToResponse:inContext:] (self=0x22836d690, _cmd=0x20b1c9a40, _response=0x22831d810,
_ctx=0x2284b9810) at WOChildComponentReference.m:181
0000018 0x000000020aea3885 in -[WOTemplate appendToResponse:inContext:] (self=0x20220a710, _cmd=0x20b1732c0, _response=0x22831d810, _ctx=0x2284b9810)
at WOTemplate.m:119
0000019 0x000000020ae32ebd in -[WOComponent appendToResponse:inContext:] (self=0x2283a2e10, _cmd=0x201e3eeb0, _response=0x22831d810, _ctx=0x2284b9810)
at WOComponent.m:928
0000020 0x0000000201c080f0 in -[OGoComponent appendToResponse:inContext:] (self=0x2283a2e10, _cmd=0x20b184940, _r=0x22831d810, _ctx=0x2284b9810)
at OGoComponent.m:123
0000021 0x000000020ae4bdc4 in -[WOSession appendToResponse:inContext:] (self=0x228115010, _cmd=0x201e4cf60, _response=0x22831d810, _ctx=0x2284b9810)
at WOSession.m:546
0000022 0x0000000201c14b77 in -[OGoSession appendToResponse:inContext:] (self=0x228115010, _cmd=0x20b16d0c0, _response=0x22831d810, _ctx=0x2284b9810)
at OGoSession.m:470
0000023 0x000000020ae29508 in -[WOApplication appendToResponse:inContext:] (self=0x206f71010, _cmd=0x20b1a5060, _response=0x22831d810, _ctx=0x2284b9810)
at WOApplication.m:899
0000024 0x000000020ae76de9 in -[WORequestHandler(Support) generateResponseForComponent:inContext:application:] (self=0x20f8939b0, _cmd=0x20b196770,
_component=0x2283a2e10, _ctx=0x2284b9810, _app=0x206f71010) at WORequestHandler.m:479
---Type <return> to continue, or q <return> to quit---
0000025 0x000000020ae62cbb in -[WODirectActionRequestHandler handleRequest:inContext:session:application:] (self=0x20f8939b0, _cmd=0x20b1a4e10,
_request=0x202243010, context=0x2284b9810, session=0x228115010, app=0x206f71010) at WODirectActionRequestHandler.m:215
0000026 0x000000020ae75d2d in -[WORequestHandler handleRequest:] (self=0x20f8939b0, _cmd=0x20b16fad0, _request=0x202243010) at WORequestHandler.m:237
0000027 0x000000020ae2da3d in -[WOCoreApplication dispatchRequest:usingHandler:] (self=0x206f71010, _cmd=0x20b16fb30, _request=0x202243010,
handler=0x20f8939b0) at WOCoreApplication.m:712
0000028 0x000000020ae2ddf3 in -[WOCoreApplication dispatchRequest:] (self=0x206f71010, _cmd=0x612460, _request=0x202243010) at WOCoreApplication.m:752
0000029 0x0000000000407b4c in -[OpenGroupware dispatchRequest:] (self=0x206f71010, _cmd=0x20b206180, _request=0x202243010) at OpenGroupware.m:821
0000030 0x000000020aeea72d in -[WOHttpTransaction _run] (self=0x228108f10, _cmd=0x20b2061b0) at WOHttpTransaction.m:596
0000031 0x000000020aeeab3a in -[WOHttpTransaction run] (self=0x228108f10, _cmd=0x20b203e50) at WOHttpTransaction.m:649
0000032 0x000000020aee5d8b in -[WOHttpAdaptor runConnection:] (self=0x203231210, _cmd=0x20b203ef0, _socket=0x228108790) at WOHttpAdaptor.m:367
0000033 0x000000020aee6012 in -[WOHttpAdaptor _handleAcceptedConnection:] (self=0x203231210, _cmd=0x20b203f00, _connection=0x228108790)
at WOHttpAdaptor.m:401
0000034 0x000000020aee64dc in -[WOHttpAdaptor _handleConnection:] (self=0x203231210, _cmd=0x20b203fb0, connection=0x228108790) at WOHttpAdaptor.m:460
0000035 0x000000020aee6a15 in -[WOHttpAdaptor acceptConnection:] (self=0x203231210, _cmd=0x20b203e10, _notification=0x228500f50) at WOHttpAdaptor.m:521
0000036 0x0000000205d7de4b in -[NSObject performSelector:withObject:] (self=0x203231210, _cmd=0x2062214f0, aSelector=0x20b203e10, anObject=0x228500f50)
at NSObject.m:2034
0000037 0x0000000205d6b322 in -[NSNotificationCenter _postAndRelease:] (self=0x20f85ed70, _cmd=0x206221500, notification=0x228500f50)
at NSNotificationCenter.m:1190
0000038 0x0000000205d6bc82 in -[NSNotificationCenter postNotificationName:object:userInfo:] (self=0x20f85ed70, _cmd=0x206221510, name=0x20d1c57e0,
object=0x22802ea10, info=0x0) at NSNotificationCenter.m:1250

(gdb) frame 0
#0 0x000000020aed52fb in -[_WOSimpleStaticASCIIString appendToResponse:inContext:] (self=0x228370010, _cmd=0x20b1e8a70, _response=0x0,
_ctx=0x2284b9810) at WOString.m:366
366 if (self->value) WOResponse_AddCString(_response, self->value);
(gdb) list
361
362 / generating response /
363
364 - (void)appendToResponse:(WOResponse )_response inContext:(WOContext )_ctx {
365 if (![_ctx isRenderingDisabled] && self->value)
366 if (self->value) WOResponse_AddCString(_response, self->value);
367 }
368
369 / description /
370
(gdb) frame 1
0000001 0x000000020aeb7e58 in -[WOCompoundElement appendToResponse:inContext:] (self=0x228389e10, _cmd=0x209636ea0, _response=0x0, _ctx=0x2284b9810)
at WOCompoundElement.m:245
245 child->appendResponse(child,
(gdb) list
240 if (profElements)
241 st = [[NSDateClass date] timeIntervalSince1970];
242 #endif
243
244 if (child->appendResponse) {
245 child->appendResponse(child,
246 @selector(appendToResponse:inContext:),
247 _response, _ctx);
248 }
249 else
(gdb) frame 2
0000002 0x00000002093c3638 in -[WETabView collectKeysInContext:] (self=0x22975fa10, _cmd=0x2096370f0, _ctx=0x2284b9810) at WETabView.m:147
147 [self->template appendToResponse:nil inContext:_ctx];
(gdb) list
142 - (NSArray )collectKeysInContext:(WOContext )_ctx {
143 NSArray keys;
144
145 /
collect mode, collects all keys /
146 [_ctx setObject:WETabView_COLLECT forKey:WETabView_HEAD];
147 [self->template appendToResponse:nil inContext:_ctx];
148 [_ctx removeObjectForKey:WETabView_HEAD];
149
150 keys = [_ctx objectForKey:WETabView_KEYS];
151
(gdb) frame 3
0000003 0x00000002093c75a8 in -[WETabView appendToResponse:inContext:] (self=0x22975fa10, _cmd=0x21e7de2f0, _response=0x22831d810, _ctx=0x2284b9810)
at WETabView.m:861
861 keys = [self collectKeysInContext:_ctx];
(gdb) list
856
857 [_ctx appendElementIDComponent:@"h"];
858
859 /
collect & process keys (= available tabs) /
860
861 keys = [self collectKeysInContext:_ctx];
862
863 if (![[keys valueForKey:@"key"] containsObject:activeKey])
864 /
selection is not available in keys /
865 activeKey = nil;
(gdb) frame 4
0000004 0x000000021e5c0fc9 in -[SkyTabView appendToResponse:inContext:] (self=0x22837f110, _cmd=0x20b1e8a80, _response=0x22831d810, _ctx=0x2284b9810)
at SkyTabView.m:133
133 [self->template appendToResponse:_response inContext:_ctx];
(gdb) print _response
$9 = (struct WOResponse
) 0x22831d810

TagsNo tags attached.

Activities

ludovic

ludovic

2014-05-22 10:22

administrator   ~0007070

Please provide a patch since reverting the commit can't be done cleanly.

buzzdee

buzzdee

2014-05-22 12:49

reporter  

patch-sope-appserver_NGObjWeb_WOResponse+private_h (693 bytes)   
$OpenBSD$

Check for NIL before accessing

--- sope-appserver/NGObjWeb/WOResponse+private.h.orig	Tue May  6 09:55:30 2014
+++ sope-appserver/NGObjWeb/WOResponse+private.h	Tue May  6 09:55:47 2014
@@ -33,7 +33,7 @@
 #define WOResponse_AddString(__R__,__C__) \
   {__R__->addStr(__R__, @selector(appendContentString:), __C__);}
 #define WOResponse_AddCString(__R__,__C__) \
-  {__R__->addCStr(__R__, @selector(appendContentCString:), \
+  if (__R__) {__R__->addCStr(__R__, @selector(appendContentCString:), \
 			     (const unsigned char *)__C__);}
 #define WOResponse_AddBytesLen(__R__,__C__,__L__)                    \
   {__R__->addBytesLen(__R__, @selector(appendContentBytes:length:),   \
buzzdee

buzzdee

2014-05-22 12:49

reporter   ~0007074

attached patch to fix only the issue mentioned, not reverting the full commit.

ludovic

ludovic

2014-05-22 14:28

administrator   ~0007077

Fix pushed: https://github.com/inverse-inc/sope/commit/34b70f45575e506c01b60b45ffaf0e6a459e7c0d

Issue History

Date Modified Username Field Change
2014-05-06 04:08 buzzdee New Issue
2014-05-22 10:22 ludovic Note Added: 0007070
2014-05-22 12:49 buzzdee File Added: patch-sope-appserver_NGObjWeb_WOResponse+private_h
2014-05-22 12:49 buzzdee Note Added: 0007074
2014-05-22 14:28 ludovic Note Added: 0007077
2014-05-22 14:28 ludovic Status new => resolved
2014-05-22 14:28 ludovic Fixed in Version => 2.2.5
2014-05-22 14:28 ludovic Resolution open => fixed
2014-05-22 14:28 ludovic Assigned To => ludovic