diff options
| author | Alexey Rusakov <Kitsune-Ral@users.sf.net> | 2021-11-26 17:33:46 +0100 |
|---|---|---|
| committer | Alexey Rusakov <Kitsune-Ral@users.sf.net> | 2021-11-26 17:33:46 +0100 |
| commit | 38eaa61b9fa8e0a04baa847824bb1e1280395a57 (patch) | |
| tree | 8c7b4af6d99eb97b4a2e58434376769a474f4e08 /lib | |
| parent | 429b3adaf921dd7534a04fccae1bc3c1801d2e40 (diff) | |
| download | libquotient-38eaa61b9fa8e0a04baa847824bb1e1280395a57.tar.gz libquotient-38eaa61b9fa8e0a04baa847824bb1e1280395a57.zip | |
Fix crashing on invalid member and encryption events
The problem is in Room::processStateEvent(): after
potentially-inserting-nullptr into currentState, pre-check failure
(that may occur on member and trigger events for now) leaves that
nullptr in the hash map. Basically anything that uses currentState
(e.g., Room::toJson) assumes that currentState has no nullptrs - which
leads to either an assertion failure, or nullptr dereferencing. The fix
removes the nullptr placeholder if the pre-checks failed.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/room.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/room.cpp b/lib/room.cpp index 68095412..284eacd1 100644 --- a/lib/room.cpp +++ b/lib/room.cpp @@ -2835,8 +2835,11 @@ Room::Changes Room::processStateEvent(const RoomEvent& e) } , true); // By default, go forward with the state change // clang-format on - if (!proceed) + if (!proceed) { + if (!curStateEvent) // Remove the empty placeholder if one was created + d->currentState.remove({ e.matrixType(), e.stateKey() }); return Change::None; + } // Change the state const auto* const oldStateEvent = |