Bugs item #1692546, was opened at 2007-04-01 21:21
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Tasci Synx (synx13)
Assigned to: Nobody/Anonymous (nobody)
Summary: Memory corruption when getting Jabber User Info

Initial Comment:
With the latest SVN of gaim as of today, I can reproduce a hideous crash simply 
by logging into a jabber account, then requesting the User Info of one of my 
buddies. Only with Jabber, requesting the User Info causes gaim to free an 
invalid pointer, causing it to crash immediately without a stack trace. 
Valgrind to the rescue, it reveals that there is a spot in 
libgaim/jabber/buddy.c that is freeing an invalid pointer. Only trouble is... 
the pointer is valid! I printed out the result of g_strdup that assigns the ID, 
and then the pointer to be freed, and their addresses and values were 
identical.  I'm fairly sure g_strdup always returns a pointer that may be used 
in g_free.

The problem is in libgaim/jabber/buddy.c on line 736, far as I can tell.  I'll 
attach my valgrind log (memcheck full) during a session where I caused this 
crash. I have a hunch the problem isn't here at all, but instead somewhere else 
where memory gets corrupted, and only on line 736 does the awful deed come to 
light.  Line 736 is ALWAYS reached by a pointer that can be freed, as I found 
when adding a gaim_debug_log("jabber","ID Remove %p:%s",l->data,l->data); 
around that g_free statement. Yet somehow glibc and valgrind both claim that an 
invalid pointer is being freed.  A very puzzling problem.

I should add that beta 6 does NOT have this problem. I can read the user infos 
just fine. In fact I haven't noticed this crash in SVN since at least last 
week, but I can't back that up. Anyone who knows the SVN version of beta 6 can 
attach a diff here if they so please.

...ok, final note: I can't attach my valgrind log since sourceforge thinks it's 
too big to attach.  Try getting it from http://synx.us.to/valgrind.log


You can respond by visiting: 

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Gaim-bugs mailing list

Reply via email to