Bugs item #1692546, was opened at 2007-04-01 22:21
Message generated for change (Comment added) made by bsponline
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1692546&group_id=235
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Tasci Synx (synx13)
Assigned to: Nobody/Anonymous (nobody)
Summary: Memory corruption when getting Jabber User Info
Initial Comment:
With the latest SVN of gaim as of today, I can reproduce a hideous crash simply
by logging into a jabber account, then requesting the User Info of one of my
buddies. Only with Jabber, requesting the User Info causes gaim to free an
invalid pointer, causing it to crash immediately without a stack trace.
Valgrind to the rescue, it reveals that there is a spot in
libgaim/jabber/buddy.c that is freeing an invalid pointer. Only trouble is...
the pointer is valid! I printed out the result of g_strdup that assigns the ID,
and then the pointer to be freed, and their addresses and values were
identical. I'm fairly sure g_strdup always returns a pointer that may be used
in g_free.
The problem is in libgaim/jabber/buddy.c on line 736, far as I can tell. I'll
attach my valgrind log (memcheck full) during a session where I caused this
crash. I have a hunch the problem isn't here at all, but instead somewhere else
where memory gets corrupted, and only on line 736 does the awful deed come to
light. Line 736 is ALWAYS reached by a pointer that can be freed, as I found
when adding a gaim_debug_log("jabber","ID Remove %p:%s",l->data,l->data);
around that g_free statement. Yet somehow glibc and valgrind both claim that an
invalid pointer is being freed. A very puzzling problem.
I should add that beta 6 does NOT have this problem. I can read the user infos
just fine. In fact I haven't noticed this crash in SVN since at least last
week, but I can't back that up. Anyone who knows the SVN version of beta 6 can
attach a diff here if they so please.
...ok, final note: I can't attach my valgrind log since sourceforge thinks it's
too big to attach. Try getting it from http://synx.us.to/valgrind.log
----------------------------------------------------------------------
Comment By: Ka-Hing Cheung (bsponline)
Date: 2007-04-02 00:38
Message:
Logged In: YES
user_id=159910
Originator: NO
duplicate of 1676403, but this one has a link to a valgrind trace...
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1692546&group_id=235
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Gaim-bugs mailing list
Gaim-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gaim-bugs
