Bug#576696: irssi-plugin-otr: Causes irssi to segfault, making me cry

Micah Anderson Tue, 06 Apr 2010 08:55:01 -0700

Package: irssi-plugin-otr
Version: 0.3-2
Severity: important

This plugin periodically segfaults my entire irssi session, which is very
unfortunate.


I recompiled with debugging symbols and ran it in gdb until I received a
segfault, which I am including below.

it looks like maybe the issue is an int overflow: len=-1212702368 as can be
seen in this line:

#2  0x080d8e77 in linebuf_append (rec=0xb7b7a160, data=0x2bc <Address 0x2bc out 
of bounds>, len=-1212702368) at line-split.c:49
 
This line seems odd as well:

#11 0x080ac2ff in irc_parse_incoming (server=0x8220d30) at irc.c:378         
str = 0x8213988 ":[email protected] PRIVMSG micah 
:RypQu8Crqcecm+LLvZsE9c0Y0Wc3jizK7zgc7qA2BiU14LFCOc+t2qPzPLU5Q7Q3DlIBiYctp0O3pdUcFyoj6gJaT8fTFggOo2qQXaNnqb36hM2W22JZvn3F+CNht3EZPndNV4e9voCrUqlyjj0LdvssPBTgrzIutTvr"...
         count = 10         ret = 1 

count=10 is strange... in any case it seems like irssi_io_invoke seems to screw
things up and irc_parse_incoming might have some issues as well.

if any of this is right, then misc.c line 54 and potentially irc.c line 378 are
probably good places to start, but I'm not sure if my analysis is even correct.

Anyways, here is the gdb backtrace (with names/messages changed to protect the 
innocent):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79ff9c0 (LWP 571)]
0xb7aabeb1 in ?? () from /lib/libc.so.6
(gdb) bt
#0  0xb7aabeb1 in ?? () from /lib/libc.so.6
#1  0xbfffca88 in ?? ()
#2  0x080d8e77 in linebuf_append (rec=0xb7b7a160, data=0x2bc <Address 0x2bc out 
of bounds>, len=-1212702368) at line-split.c:49
#3  0xb7aad586 in malloc () from /lib/libc.so.6
#4  0xb7aa8e89 in _IO_str_overflow () from /lib/libc.so.6
#5  0xb7aa7ea0 in _IO_default_xsputn () from /lib/libc.so.6
#6  0xb7a80234 in vfprintf () from /lib/libc.so.6
#7  0xb7aa273c in vasprintf () from /lib/libc.so.6
#8  0xb7db8277 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#9  0xb7da45d6 in g_strdup_printf () from /usr/lib/libglib-2.0.so.0
#10 0x080e21ad in rawlog_input (rawlog=0x8222ab8, str=0x8213988 
":[email protected] PRIVMSG micah 
:RypQu8Crqcecm+LLvZsE9c0Y0WcjjizK7zgc7qA2BiU14LFCOc+t2qPzPLU5Q7Q3DlIBiYdtp0O3pdUcFyoj6gJaT8fTFggOo2qQXaNnqb36hM2W22JZvn3F+CNht3EZPndNV4e9voCrUqlyjj0LdvssPBTgrzIutTvr"...)
 at rawlog.c:83
#11 0x080ac2ff in irc_parse_incoming (server=0x8220d30) at irc.c:378
#12 0x080db012 in irssi_io_invoke (source=0x828b550, condition=G_IO_IN, 
data=0x823aa70) at misc.c:54
#13 0xb7db867d in ?? () from /usr/lib/libglib-2.0.so.0
#14 0x0828b550 in ?? ()
#15 0x00000001 in ?? ()
#16 0x0823aa70 in ?? ()
#17 0xb7dfd240 in ?? () from /usr/lib/libglib-2.0.so.0
#18 0xbfffd3ac in ?? ()
#19 0x082aab98 in ?? ()
#20 0xbfffd3c8 in ?? ()
#21 0xb7d821d8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
Backtrace stopped: frame did not save the PC
(gdb) thread apply all bt

Thread 1 (Thread 0xb79ff9c0 (LWP 571)):
#0  0xb7aabeb1 in ?? () from /lib/libc.so.6
#1  0xbfffca88 in ?? ()
#2  0x080d8e77 in linebuf_append (rec=0xb7b7a160, data=0x2bc <Address 0x2bc out 
of bounds>, len=-1212702368) at line-split.c:49
#3  0xb7aad586 in malloc () from /lib/libc.so.6
#4  0xb7aa8e89 in _IO_str_overflow () from /lib/libc.so.6
#5  0xb7aa7ea0 in _IO_default_xsputn () from /lib/libc.so.6
#6  0xb7a80234 in vfprintf () from /lib/libc.so.6
#7  0xb7aa273c in vasprintf () from /lib/libc.so.6
#8  0xb7db8277 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#9  0xb7da45d6 in g_strdup_printf () from /usr/lib/libglib-2.0.so.0
#10 0x080e21ad in rawlog_input (rawlog=0x8222ab8, str=0x8213988 
":[email protected] PRIVMSG micah 
:RypQu8Crqcecm+kLvZsE9c0Y0Wc3jizK7zgc7qA2BiU14LFCOc+u2qPzPLU5Q7Q3DlIBiYctp0O3pdUcFyoj6gJaT8fTFggOo2qQXaNnqb36hM2W22JZvn3F+CNh93EZPndNV4e9voCrUqlyjj0LdvssPBTgrzIutTvr"...)
 at rawlog.c:83
#11 0x080ac2ff in irc_parse_incoming (server=0x8220d30) at irc.c:378
#12 0x080db012 in irssi_io_invoke (source=0x828b550, condition=G_IO_IN, 
data=0x823aa70) at misc.c:54
#13 0xb7db867d in ?? () from /usr/lib/libglib-2.0.so.0
#14 0x0828b550 in ?? ()
#15 0x00000001 in ?? ()
#16 0x0823aa70 in ?? ()
#17 0xb7dfd240 in ?? () from /usr/lib/libglib-2.0.so.0
#18 0xbfffd3ac in ?? ()
#19 0x082aab98 in ?? ()
#20 0xbfffd3c8 in ?? ()
#21 0xb7d821d8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
Backtrace stopped: frame did not save the PC
(gdb) bt full
#0  0xb7aabeb1 in ?? () from /lib/libc.so.6
No symbol table info available.
#1  0xbfffca88 in ?? ()
No symbol table info available.
#2  0x080d8e77 in linebuf_append (rec=0xb7b7a160, data=0x2bc <Address 0x2bc out 
of bounds>, len=-1212702368) at line-split.c:49
No locals.
#3  0xb7aad586 in malloc () from /lib/libc.so.6
No symbol table info available.
#4  0xb7aa8e89 in _IO_str_overflow () from /lib/libc.so.6
No symbol table info available.
#5  0xb7aa7ea0 in _IO_default_xsputn () from /lib/libc.so.6
No symbol table info available.
#6  0xb7a80234 in vfprintf () from /lib/libc.so.6
No symbol table info available.
#7  0xb7aa273c in vasprintf () from /lib/libc.so.6
No symbol table info available.
#8  0xb7db8277 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#9  0xb7da45d6 in g_strdup_printf () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#10 0x080e21ad in rawlog_input (rawlog=0x8222ab8, str=0x8213988 
":[email protected] PRIVMSG micah 
:RypQu8Crbcecm+LLvZsE9c0Y0Wc3jiz97zgc7qA2BiU14LFCOc+t2qPzPLU5Q7j3DlIBiYctp0O3pdUcFioj6gJaT8fTFggOo2qQXaNnqb36hM2W22JZvn3F+CNht3EjPndNV4e9voCrUqlyjj0LdvssPBTgrzIutTvr"...)
 at rawlog.c:83   
        __PRETTY_FUNCTION__ = "rawlog_input"
#11 0x080ac2ff in irc_parse_incoming (server=0x8220d30) at irc.c:378
        str = 0x8213988 ":[email protected] PRIVMSG micah 
:RypQu8Crqcecu+LLvZsE9c0Y0W73jizK7zgc7qA2BiU14LFCOc+t2qbzPLU5Q7Q3DlIBiYctpjO3pdUcFyoj6gJaT8fTFggOo2qQXaNnqb36hMIW22JZvn3F+CNht3EZPndNV4e9voCrUqlyjj0LdvssPBTgrzIutTvr"...
        count = 10
        ret = 1
        __PRETTY_FUNCTION__ = "irc_parse_incoming"
#12 0x080db012 in irssi_io_invoke (source=0x828b550, condition=G_IO_IN, 
data=0x823aa70) at misc.c:54
        rec = (IRSSI_INPUT_REC *) 0x823aa70
        icond = 1
#13 0xb7db867d in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#14 0x0828b550 in ?? ()
No symbol table info available.
#15 0x00000001 in ?? ()
No symbol table info available.
#16 0x0823aa70 in ?? ()
No symbol table info available.
#17 0xb7dfd240 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#18 0xbfffd3ac in ?? ()
No symbol table info available.
#19 0x082aab98 in ?? ()
No symbol table info available.
#20 0xbfffd3c8 in ?? ()
No symbol table info available.
#21 0xb7d821d8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
Backtrace stopped: frame did not save the PC
(gdb)

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages irssi-plugin-otr depends on:
ii  irssi                       0.8.15~rc1-1 terminal based IRC client
ii  libc6                       2.10.2-6     Embedded GNU C Library: Shared lib
ii  libgcrypt11                 1.4.5-2      LGPL Crypto library - runtime libr
ii  libglib2.0-0                2.22.4-1     The GLib library of C routines
ii  libotr2                     3.2.0-2      Off-the-Record Messaging library

irssi-plugin-otr recommends no packages.

irssi-plugin-otr suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#576696: irssi-plugin-otr: Causes irssi to segfault, making me cry

Reply via email to