Running irssi v0.8.9, I was able to crash the process by running the following three times: /exec -o perl -e "print 'test'x1000000" When it crashes, I debugged it with gdb and found out the following message: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 20016)] 0xb7b7d9c0 in stpcpy () from /lib/libc.so.6 Reproducible: Always Steps to Reproduce: 1. Run irssi. 2. Connect to a server, preferably one without flood protection. 3. Join a channel. 4. Run the following until irssi crashes: /exec -o perl -e "print 'test'x1000000" Actual Results: irsssi crashed. Expected Results: It should not have crashed. N/A
Created attachment 65317 [details] gdb backtrace with full debug symbols Verified, crashes here too. Attached is a gdb backtrace with full debug symbols
This should fix it, but I'm looking for other weirdness. Index: src/fe-common/core/fe-exec.c =================================================================== --- src/fe-common/core/fe-exec.c (revision 3900) +++ src/fe-common/core/fe-exec.c (working copy) @@ -356,7 +356,8 @@ recvlen = 0; err = g_io_channel_read(rec->in, tmpbuf, - sizeof(tmpbuf), &recvlen); + sizeof(tmpbuf) - 1, &recvlen); + tmpbuf[recvlen] = 0; if (err != 0 && err != G_IO_ERROR_AGAIN && errno != EINTR) recvlen = -1;
Can you include this patch in irssi?
Seems like the patch doesn't fix it.I just got irssi-0.8.10 to crash with the same command.
Created attachment 97955 [details, diff] irssi-exec-segv.patch Could you please try this patch (thanks to exg) and see if it correctly fixes this problem. For me this seems to work fine.
irssi-0.8.10-r4 includes the patch, so this is fixed in CVS.
