From 38eaa61b9fa8e0a04baa847824bb1e1280395a57 Mon Sep 17 00:00:00 2001
From: Alexey Rusakov <Kitsune-Ral@users.sf.net>
Date: Fri, 26 Nov 2021 17:33:46 +0100
Subject: Fix crashing on invalid member and encryption events

The problem is in Room::processStateEvent(): after
potentially-inserting-nullptr into currentState, pre-check failure
(that may occur on member and trigger events for now) leaves that
nullptr in the hash map. Basically anything that uses currentState
(e.g., Room::toJson) assumes that currentState has no nullptrs - which
leads to either an assertion failure, or nullptr dereferencing. The fix
removes the nullptr placeholder if the pre-checks failed.
---
 lib/room.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/room.cpp b/lib/room.cpp
index 68095412..284eacd1 100644
--- a/lib/room.cpp
+++ b/lib/room.cpp
@@ -2835,8 +2835,11 @@ Room::Changes Room::processStateEvent(const RoomEvent& e)
         }
         , true); // By default, go forward with the state change
     // clang-format on
-    if (!proceed)
+    if (!proceed) {
+        if (!curStateEvent) // Remove the empty placeholder if one was created
+            d->currentState.remove({ e.matrixType(), e.stateKey() });
         return Change::None;
+    }
 
     // Change the state
     const auto* const oldStateEvent =
-- 
cgit v1.2.3