[Bug 218717] New: gaim crashes on start
https://bugzilla.novell.com/show_bug.cgi?id=218717 Summary: gaim crashes on start Product: openSUSE 10.2 Version: Beta 1 plus Platform: Other OS/Version: Other Status: NEW Severity: Blocker Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: sbrabec@novell.com QAContact: qa@suse.de GAIM crashes on start in beta1plus. In beta1 it works with exactly the same configuration. #0 0x00002b5a6f888535 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00002b5a6f889990 in *__GI_abort () at abort.c:88 #2 0x00002b5a6f8c4920 in malloc_printerr (action=2, str=0x2b5a6f96163f "free(): invalid pointer", ptr=0x432c) at malloc.c:5782 #3 0x00005555555a1665 in gaim_privacy_deny_remove (account=0x555555951800, who=0x5555559a5aa0 "290297572", local_only=1) at privacy.c:160 #4 0x00002b5a797803e4 in gaim_ssi_parselist (sess=0x5555559ba2f0, fr=<value optimized out>) at oscar.c:6214 #5 0x00002b5a79775ed1 in snachandler (sess=0x5555559ba2f0, mod=<value optimized out>, rx=0x555555f05b50, snac=0x7fff411d16f0, bs=0x5555559ba5f8) at ssi.c:1295 #6 0x00002b5a79771dc6 in aim_rxdispatch (sess=0x5555559ba2f0) at rxhandlers.c:138 #7 0x00002b5a797796b3 in oscar_callback (data=<value optimized out>, source=<value optimized out>, condition=GAIM_INPUT_READ) at oscar.c:1578 #8 0x00005555555e083f in gaim_gtk_io_invoke (source=<value optimized out>, condition=<value optimized out>, data=<value optimized out>) at gtkeventloop.c:74 #9 0x00002b5a6f1c5f94 in g_main_context_dispatch (context=0x555555870990) at gmain.c:2045 #10 0x00002b5a6f1c8dc5 in g_main_context_iterate (context=0x555555870990, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2677 #11 0x00002b5a6f1c90ca in g_main_loop_run (loop=0x555555b47480) at gmain.c:2881 #12 0x00002b5a6afbcce3 in IA__gtk_main () at gtkmain.c:1001 #13 0x0000555555608af7 in main (argc=1, argv=0x7fff411d3c48) at main.c:973 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 sbrabec@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Platform|Other |x86-64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 sbrabec@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Blocker |Normal ------- Comment #1 from sbrabec@novell.com 2006-11-07 05:35 MST ------- The problem does not seem to be related to upgrade, but it's a problem of ICQ blacklist. My blacklist is full of spammers, and it probably fails on removing something from the black list. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 ------- Comment #2 from sbrabec@novell.com 2006-11-07 05:47 MST ------- And here is the debug output of gaim --debug: dns: Host 'login.oscar.aol.com' resolved proxy: Connecting to login.oscar.aol.com:5190 with no proxy proxy: Connect would have blocked. proxy: Connected. oscar: Screen name sent, waiting for response oscar: inside auth_resp (Screen name: 116020046) oscar: Reg status: 0 oscar: Email is NULL oscar: BOSIP: 64.12.31.226:5190 oscar: Closing auth connection... dns: Successfully sent DNS request to child 1215 dns: Host '64.12.31.226' resolved proxy: Connecting to 64.12.31.226:5190 with no proxy proxy: Connect would have blocked. proxy: Connected. oscar: MOTD: Unknown (5) jabber: Recv (ssl)(226): <presence xmlns='jabber:client' to='sbrabec@suse.cz/Gaim' from='kmachalkova@suse.cz/Kopete'> <priority>1</priority> <c xmlns='http://jabber.org/protocol/caps' ver='0.12.3' node='http://kopete.kde.org/jabber/caps'/> </presence> oscar: ssi: requesting rights and list oscar: 116020046 0: userinfo: **warning: unexpected TLV: oscar: 116020046 0: userinfo: sn =116020046 oscar: 116020046 0: userinfo: type =0x0022 oscar: 116020046 0: userinfo: length=0x0002 oscar: 116020046 0: userinfo: value: oscar: 116020046 0: userinfo: oscar: 116020046 0: 0xc6 oscar: 116020046 0: 0x2d oscar: 116020046 0: oscar: 116020046 0: userinfo: **warning: unexpected TLV: oscar: 116020046 0: userinfo: sn =116020046 oscar: 116020046 0: userinfo: type =0x0014 oscar: 116020046 0: userinfo: length=0x0001 oscar: 116020046 0: userinfo: value: oscar: 116020046 0: userinfo: oscar: 116020046 0: 0x26 oscar: 116020046 0: oscar: locate rights: max sig len = 4096 oscar: buddy list rights: Max buddies = 600 / Max watchers = 2000 oscar: BOS rights: Max permit = 1000 / Max deny = 1000 server: allowing NOP oscar: buddy list loaded oscar: ssi rights: max type 0x0000=2600, max type 0x0001=51, max type 0x0002=128, max type 0x0003=128, max type 0x0004=1, max type 0x0005=1, max type 0x0006=50, max type 0x0007=0, max type 0x0008=0, max type 0x0009=3, max type 0x000a=0, max type 0x000b=0, max type 0x000c=0, max type 0x000d=128, max type 0x000e=128, max type 0x000f=20, max type 0x0010=200, max type 0x0011=1, max type 0x0012=0, max type 0x0013=1, max type 0x0014=15, max type 0x0015=1, max type 0x0016=40, max type 0x0017=0, max type 0x0018=0, max type 0x0019=200, max type 0x001a=1, max type 0x001b=20, max type 0x001c=200, max type 0x001d=1, max type 0x001e=8, max type 0x001f=20, max type 0x0020=1, max type 0x0021=0, max type 0x0022=0, max type 0x0023=0, oscar: ssi: syncing local list and server list oscar: ssi: removing deny 290297572 from local list dns[1215]: Oops, father has gone, wait for me, wait...! Neúspěšně ukončen (SIGABRT) And this is the value of l->data before the crash: l->data="p�UUU" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 ------- Comment #3 from sbrabec@novell.com 2006-11-07 07:37 MST ------- Further analysis shows, that at least nearest code and data structures in gaim_privacy_deny_remove() looks good, but the call of g_slist_remove() modifies the ->data item of the last node. 154 g_free(name); (gdb) n 159 account->deny = g_slist_remove(account->deny, l->data); (gdb) print (char *)l->data $16 = 0x5555559a5b80 "290297572" g_slist_remove (list=0x5555558b21c0, data=<value optimized out>) at gslist.c:222 222 } .. 160 g_free(l->data); Value returned is $17 = (GSList *) 0x5555558b21c0 (gdb) print (char *)l->data $18 = 0x555555cbb250 " 0�UUU" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 ------- Comment #4 from sbrabec@novell.com 2006-11-07 08:04 MST ------- It seems, that g_slist_remove unexpectedly modifiex ->data. (And backtrace shows different 2nd arg of g_slist_remove() (l->data) than it was used for call: Breakpoint 2, gaim_privacy_deny_remove (account=0x555555951820, who=0x5555559a5b80 "290297572", local_only=1) at privacy.c:154 154 g_free(name); (gdb) bt #0 gaim_privacy_deny_remove (account=0x555555951820, who=0x5555559a5b80 "290297572", local_only=1) at privacy.c:154 #1 0x00002b83235853e4 in gaim_ssi_parselist (sess=0x5555559ba4b0, fr=<value optimized out>) at oscar.c:6214 #2 0x00002b832357aed1 in snachandler (sess=0x5555559ba4b0, mod=<value optimized out>, rx=0x555555e3a960, snac=0x7fff973d18f0, bs=0x5555559ba7b8) at ssi.c:1295 #3 0x00002b8323576dc6 in aim_rxdispatch (sess=0x5555559ba4b0) at rxhandlers.c:138 #4 0x00002b832357e6b3 in oscar_callback (data=<value optimized out>, source=<value optimized out>, condition=GAIM_INPUT_READ) at oscar.c:1578 #5 0x00005555555e083f in gaim_gtk_io_invoke (source=<value optimized out>, condition=<value optimized out>, data=<value optimized out>) at gtkeventloop.c:74 #6 0x00002b8318fc5f94 in g_main_context_dispatch (context=0x555555870990) at gmain.c:2045 #7 0x00002b8318fc8dc5 in g_main_context_iterate (context=0x555555870990, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2677 #8 0x00002b8318fc90ca in g_main_loop_run (loop=0x555555a70060) at gmain.c:2881 #9 0x00002b8314dbcce3 in IA__gtk_main () at gtkmain.c:1001 #10 0x0000555555608af7 in main (argc=2, argv=0x7fff973d3e48) at main.c:973 (gdb) n 159 account->deny = g_slist_remove(account->deny, l->data); (gdb) ndns[3672]: nobody needs me... =( cdns[3673]: nobody needs me... =( (gdb) print l->data $3 = (gpointer) 0x5555559a5b80 (gdb) watch l->data Watchpoint 4: l->data (gdb) c Continuing. Watchpoint 4: l->data Old value = (gpointer) 0x5555559a5b80 New value = (gpointer) 0x555555b8c860 g_slice_free1 (mem_size=<value optimized out>, mem_block=0x5555559a5520) at gslice.c:745 745 mag->chunks = chunk; (gdb) bt #0 g_slice_free1 (mem_size=<value optimized out>, mem_block=0x5555559a5520) at gslice.c:745 #1 0x00002b8318fdcaf6 in g_slist_remove (list=0x5555558b21c0, data=0x0) at gslist.c:214 #2 0x00005555555a1658 in gaim_privacy_deny_remove (account=0x555555951820, who=0x5555559a5b80 "290297572", local_only=1) at privacy.c:159 #3 0x00002b83235853e4 in gaim_ssi_parselist (sess=0x5555559ba4b0, fr=<value optimized out>) at oscar.c:6214 #4 0x00002b832357aed1 in snachandler (sess=0x5555559ba4b0, mod=<value optimized out>, rx=0x555555e3a960, snac=0x7fff973d18f0, bs=0x5555559ba7b8) at ssi.c:1295 #5 0x00002b8323576dc6 in aim_rxdispatch (sess=0x5555559ba4b0) at rxhandlers.c:138 #6 0x00002b832357e6b3 in oscar_callback (data=<value optimized out>, source=<value optimized out>, condition=GAIM_INPUT_READ) at oscar.c:1578 #7 0x00005555555e083f in gaim_gtk_io_invoke (source=<value optimized out>, condition=<value optimized out>, data=<value optimized out>) at gtkeventloop.c:74 #8 0x00002b8318fc5f94 in g_main_context_dispatch (context=0x555555870990) at gmain.c:2045 #9 0x00002b8318fc8dc5 in g_main_context_iterate (context=0x555555870990, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2677 #10 0x00002b8318fc90ca in g_main_loop_run (loop=0x555555a70060) at gmain.c:2881 #11 0x00002b8314dbcce3 in IA__gtk_main () at gtkmain.c:1001 #12 0x0000555555608af7 in main (argc=2, argv=0x7fff973d3e48) at main.c:973 (gdb) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 ------- Comment #5 from jpr@novell.com 2006-11-07 08:10 MST ------- The ordering looks broken as g_slist_remove frees the node , so the 'data' element points to invalid memory because its been freed. Doing the g_free (l->data) before the remove is probably enough to fix it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=218717 sbrabec@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #6 from sbrabec@novell.com 2006-11-07 09:17 MST ------- I did so in privacy.c. In nmuser.c I used temporary variable, because I was unsure, which data needs nm_request_set_user_define() (see the upstream patch). Quick search did not find any other ocurrence. Reported upstream: http://sourceforge.net/tracker/index.php?func=detail&aid=1592081&group_id=235&atid=300235 Fixed: Tue Nov 7 17:01:32 CET 2006 - sbrabec@suse.cz - Fixed invalid memory access after g_slist_remove() (#218717). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com