Ubuntu
pidgin package

adding an avatar makes pidgin crash

Bug #371898 reported by Fernando Miguel
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Pidgin
Fix Released
Unknown
pidgin (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: pidgin

adding a .png avatar makes pidgin crash

$ apt-cache policy pidgin
pidgin:
  Installed: 1:2.5.5-1ubuntu8
  Candidate: 1:2.5.5-1ubuntu8
  Version table:
 *** 1:2.5.5-1ubuntu8 0
        500 ftp://darkstar.ist.utl.pt karmic/main Packages
        500 ftp://archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

$ gdb --args pidgin -n -m
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
(gdb) handle SIGPIPE nostop noprint
Signal Stop Print Pass to program Description
SIGPIPE No No Yes Broken pipe
(gdb) r
Starting program: /usr/bin/pidgin -n -m
[Thread debugging using libthread_db enabled]
[New Thread 0x7f0f959667d0 (LWP 23943)]
warning: Lowest section in /usr/lib/libicudata.so.38 is .hash at 0000000000000158
[New Thread 0x7f0f7f8f9950 (LWP 23968)]
[New Thread 0x7f0f74e33950 (LWP 23985)]
[Thread 0x7f0f74e33950 (LWP 23985) exited]
[New Thread 0x7f0f74e33950 (LWP 24025)]
[New Thread 0x7f0f6bbfe950 (LWP 24036)]
[New Thread 0x7f0f6b3fd950 (LWP 24037)]
[Thread 0x7f0f6bbfe950 (LWP 24036) exited]
[Thread 0x7f0f6b3fd950 (LWP 24037) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f0f959667d0 (LWP 23943)]
0x00007f0f92272639 in ?? () from /lib/libc.so.6
(gdb) bt full
#0 0x00007f0f92272639 in ?? () from /lib/libc.so.6
No symbol table info available.
#1 0x00007f0f92274901 in ?? () from /lib/libc.so.6
No symbol table info available.
#2 0x00007f0f9227654f in calloc () from /lib/libc.so.6
No symbol table info available.
#3 0x00007f0f92ac80b8 in g_malloc0 () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#4 0x00007f0f9346b8ae in ?? () from /usr/lib/libgdk_pixbuf-2.0.so.0
No symbol table info available.
#5 0x00007f0f92d78d07 in g_type_create_instance () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#6 0x00007f0f92d5d61c in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#7 0x00007f0f92d5e639 in g_object_newv () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#8 0x00007f0f92d5f195 in g_object_new_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#9 0x00007f0f92d5f2ec in g_object_new () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#10 0x00000000004a048a in pidgin_status_box_redisplay_buddy_icon (status_box=0x19c6240) at ../../pidgin/gtkstatusbox.c:2260
 loader = <value optimized out>
#11 0x00000000004a2bcc in buddy_icon_set_cb (filename=0x73a03c0 "/home/bugabundo/signatures/eyetumb64.png", box=0x19c6240)
    at ../../pidgin/gtkstatusbox.c:1536
 img = (PurpleStoredImage *) 0x733cc30
#12 0x00000000004a2d18 in icon_choose_cb (filename=0x7f0f92567a00 "\001", data=0x438) at ../../pidgin/gtkstatusbox.c:1561
 box = (PidginStatusBox *) 0x438
#13 0x00000000004a78c2 in icon_filesel_choose_cb (widget=<value optimized out>, response=<value optimized out>,
    dialog=0x5af4cb0) at ../../pidgin/gtkutils.c:2375
 filename = 0x73a03c0 "/home/bugabundo/signatures/eyetumb64.png"
 current_folder = <value optimized out>
---Type <return> to continue, or q <return> to quit---
#14 0x00007f0f92d5834e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x00007f0f92d6da95 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0x00007f0f92d6eeaf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0x00007f0f92d6f403 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0x00007f0f92d5834e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#19 0x00007f0f92d6da95 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#20 0x00007f0f92d6eeaf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#21 0x00007f0f92d6f403 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#22 0x00007f0f93bcf72e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#23 0x00007f0f938ba04b in ?? () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#24 0x00007f0f92abff7b in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#25 0x00007f0f92abf82e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#26 0x00007f0f92ac2f88 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#27 0x00007f0f92ac3425 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#28 0x00007f0f93c73bc7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#29 0x000000000047dc83 in main (argc=3, argv=0x7fff9d9a6d28) at ../../pidgin/gtkmain.c:880
---Type <return> to continue, or q <return> to quit---
 opt_help = <value optimized out>
 opt_login = 0
 opt_nologin = 1
 opt_version = <value optimized out>
 opt_si = 0
 opt_config_dir_arg = 0x0
 opt_login_arg = 0x0
 opt_session_arg = 0x0
 accounts = <value optimized out>
 sigset = {__val = {81927, 0 <repeats 15 times>}}
 prev_sig_disp = (void (*)(int)) 0x31
 errmsg = "\001\000\000\000\017\177\000\000\000�\226\225\017\177\000\000�K\232\235�\177\000\000\000\000\000\000\000\000\000\000�Sz\222\017\177\000\0007?y\225\017\177\000\000\000�\226\225\017\177\000\000�D\232\225\017\177\000\000��\227\225\017\177\000\000�\204\227\225\017\177\000\000\000�\227\225\017\177\000\000\000p\227\225\017\177\000\000\000\220\227\225\017\177\000\000�\211\227\225\017\177\000\000\000�\227\225\017\177\000\000��\226\225\017\177\000\000��\226\225\017\177\000\000�\231\227\225\017\177\000\000\000\200\227\225\017\177\000\000\000\000\000\000\000\000\000\000p\215�\222\017\177\000\000\001\000\000\000\000\000\000\000\000\220\227\225\017\177\000\000\000\000�\2304;��\000\000V��*\037�"...
 error = (GError *) 0x0
 opt = <value optimized out>
 gui_check = <value optimized out>
 debug_enabled = <value optimized out>
 migration_failed = <value optimized out>
 active_accounts = <value optimized out>
 long_options = {{name = 0x4c1ae2 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x4aef36 "debug",
    has_arg = 0, flag = 0x0, val = 100}, {name = 0x4b2de5 "help", has_arg = 0, flag = 0x0, val = 104}, {
    name = 0x4af201 "login", has_arg = 2, flag = 0x0, val = 108}, {name = 0x4bda28 "multiple", has_arg = 0, flag = 0x0,
    val = 109}, {name = 0x4bda31 "nologin", has_arg = 0, flag = 0x0, val = 110}, {name = 0x4bda39 "nocrash", has_arg = 0,
    flag = 0x0, val = 120}, {name = 0x4c1ad8 "session", has_arg = 1, flag = 0x0, val = 115}, {name = 0x4b4c4f "version",
    has_arg = 0, flag = 0x0, val = 118}, {name = 0x4c1aeb "display", has_arg = 1, flag = 0x0, val = 68}, {
    name = 0x4bda41 "sync", has_arg = 0, flag = 0x0, val = 83}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
(gdb) q

ProblemType: Bug
Architecture: amd64
Date: Mon May 4 22:07:47 2009
DistroRelease: Ubuntu 9.10
Package: pidgin 1:2.5.5-1ubuntu8
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_US.UTF-8
SourcePackage: pidgin
Uname: Linux 2.6.30-2-generic x86_64

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :
Fernando Miguel (fernandomiguel)
summary: - adding a .png avatar makes pidgin crash
+ adding an avatar makes pidgin crash
Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

i removed microblog-purple (http://code.google.com/p/microblog-purple/) plugin and disabled account and got a new crash

(gdb) r
Starting program: /usr/bin/pidgin -n -m -c /tmp/p/
[Thread debugging using libthread_db enabled]
[New Thread 0x7feeb77667d0 (LWP 14047)]
warning: Lowest section in /usr/lib/libicudata.so.38 is .hash at 0000000000000158
[New Thread 0x7feea16f9950 (LWP 14064)]
[New Thread 0x7fee96c33950 (LWP 14084)]
[Thread 0x7fee96c33950 (LWP 14084) exited]
[New Thread 0x7fee96c33950 (LWP 14283)]
[New Thread 0x7fee8e6f2950 (LWP 14284)]
[Thread 0x7fee96c33950 (LWP 14283) exited]
[Thread 0x7fee8e6f2950 (LWP 14284) exited]
[New Thread 0x7fee8e6f2950 (LWP 14375)]
[New Thread 0x7fee96c33950 (LWP 14376)]
[Thread 0x7fee8e6f2950 (LWP 14375) exited]
[Thread 0x7fee96c33950 (LWP 14376) exited]
[New Thread 0x7fee96c33950 (LWP 14395)]
[New Thread 0x7fee8e6f2950 (LWP 14396)]
[Thread 0x7fee8e6f2950 (LWP 14396) exited]
[New Thread 0x7fee8e6f2950 (LWP 14410)]
[New Thread 0x7fee91a23950 (LWP 14411)]
[Thread 0x7fee8e6f2950 (LWP 14410) exited]
[Thread 0x7fee91a23950 (LWP 14411) exited]
[New Thread 0x7fee91a23950 (LWP 14434)]
[New Thread 0x7fee8e6f2950 (LWP 14435)]
[Thread 0x7fee91a23950 (LWP 14434) exited]
[Thread 0x7fee8e6f2950 (LWP 14435) exited]
[New Thread 0x7fee8e6f2950 (LWP 14452)]
[New Thread 0x7fee91a23950 (LWP 14453)]
[Thread 0x7fee8e6f2950 (LWP 14452) exited]
[Thread 0x7fee91a23950 (LWP 14453) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7feeb77667d0 (LWP 14047)]
0x00007feeb4072639 in ?? () from /lib/libc.so.6

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

bug is actually in pidgin-plugin-pack on MyStatusBox

affects: pidgin (Ubuntu) → purple-plugin-pack (Ubuntu)
Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

According to #pidgin this package is 4 months old. both Ubuntu and Debian need to be upgraded to 2.3

$ apt-cache policy pidgin-plugin-pack
pidgin-plugin-pack:
  Installed: 2.2.0-1
  Candidate: 2.2.0-1
  Version table:
 *** 2.2.0-1 0
        500 ftp://darkstar.ist.utl.pt karmic/universe Packages
        500 ftp://archive.ubuntu.com karmic/universe Packages
        100 /var/lib/dpkg/status

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :
Download full text (16.5 KiB)

$ gdb --args pidgin -n -m -c /tmp/14
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r
Starting program: /usr/bin/pidgin -n -m -c /tmp/14
[Thread debugging using libthread_db enabled]
[New Thread 0x7f84576e37d0 (LWP 11155)]
warning: Lowest section in /usr/lib/libicudata.so.38 is .hash at 0000000000000158
[New Thread 0x7f8441676950 (LWP 11192)]
[New Thread 0x7f84335cf950 (LWP 11228)]
[New Thread 0x7f8432dce950 (LWP 11229)]
[Thread 0x7f8432dce950 (LWP 11229) exited]
[New Thread 0x7f8432dce950 (LWP 11279)]
[New Thread 0x7f8431239950 (LWP 11280)]
[Thread 0x7f8432dce950 (LWP 11279) exited]
[Thread 0x7f8431239950 (LWP 11280) exited]
[New Thread 0x7f8431239950 (LWP 11302)]
[Thread 0x7f84335cf950 (LWP 11228) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f84576e37d0 (LWP 11155)]
malloc_consolidate (av=0x7f84542e4a00) at malloc.c:4889
4889 malloc.c: No such file or directory.
 in malloc.c
(gdb) bt full
#0 malloc_consolidate (av=0x7f84542e4a00) at malloc.c:4889
 fb = (mfastbinptr *) 0x7f84542e4a28
 maxfb = (mfastbinptr *) 0x7f84542e4a58
 p = (mchunkptr) 0x100000000
 nextp = (mchunkptr) 0x100000000
 unsorted_bin = (mchunkptr) 0x7f84542e4a60
 first_unsorted = (mchunkptr) 0x371b0c0
 nextchunk = (mchunkptr) 0x370ae40
 size = 48
 nextsize = <value optimized out>
 prevsize = <value optimized out>
 bck = <value optimized out>
 fwd = (mchunkptr) 0x371b0c0
#1 0x00007f8453ff1901 in _int_malloc (av=0x7f84542e4a00, bytes=1080) at malloc.c:4229
 nb = 1088
 idx = 65
 bin = (mbinptr) 0x0
 victim = (mchunkptr) 0x7f84542e4a00
 size = <value optimized out>
 victim_index = <value optimized out>
 remainder = <value optimized out>
 remainder_size = <value optimized out>
 block = <value optimized out>
 bit = <value optimized out>
 map = <value optimized out>
 fwd = <value optimized out>
 bck = <value optimized out>
#2 0x00007f8453ff354f in __libc_calloc (n=<value optimized out>, elem_size=<value optimized out>) at malloc.c:3946
 av = (mstate) 0x7f84542e4a00
 oldtop = (mchunkptr) 0x378da80
 p = <value optimized out>
 bytes = 1080
 csz = <value optimized out>
 oldtopsize = 132480
 mem = (void *) 0x37368c0
 clearsize = <value optimized out>
 nclears = <value optimized out>
 hook = (void *(*)(size_t, const void *)) 0
#3 0x00007f84548450b8 in IA__g_malloc0 (n_bytes=1080) at /build/buildd/glib2.0-2.20.1/glib/gmem.c:151
 mem = (gpointer) 0x31
#4 0x00007f84551e88ae in gdk_pixbuf_loader_init (loader=0x37368c0) at /build/buildd/gtk+2.0-2.16.1/gdk-pixbuf/gdk-pixbuf-loader.c:173
No locals.
#5 0x00007f8454af5d07 in IA__g_type_create_instance (type=<value optimized out>) at /build/buildd/glib2.0-2.20.1/gobject/gtype.c:1674
 node = (TypeNode *) 0x2741b60
 instance = (GTypeInstance *) 0x37368c0
 class = (GTypeClass *) 0x2741100
 i = 0
---Type <return> to continue, or q <return> to quit---
#6 0x00007f8454ada61c in g_object...

Revision history for this message
darkrain42 (darkrain42) wrote :

The last line in Pidgin (the mystatusbox plugin uses code existing in Pidgin) at
#10 0x00000000004a048a in pidgin_status_box_redisplay_buddy_icon (status_box=0x2592b50) at ../../pidgin/gtkstatusbox.c:2260
is
        GdkPixbufLoader *loader = gdk_pixbuf_loader_new();

So I don't believe this is a crash in Pidgin, but instead is something else.

It didn't crash for BUGabundo when he set MALLOC_CHECK_=2 and MALLOC_PERTURB_=254. Any chance this is the fatal assertions in development versions of gtk/gdk/glib?

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

$ apt-cache policy libgtk2.0-0
libgtk2.0-0:
  Installed: 2.16.1-0ubuntu2
  Candidate: 2.16.1-0ubuntu2
  Version table:
 *** 2.16.1-0ubuntu2 0
        500 ftp://darkstar.ist.utl.pt karmic/main Packages
        500 ftp://archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

affects: purple-plugin-pack (Ubuntu) → gtk+2.0 (Ubuntu)
Revision history for this message
Fernando Miguel (fernandomiguel) wrote :
Revision history for this message
Martin Erik Werner (arand) wrote : Re: [Bug #371898] adding an avatar makes pidgin crash

Ran through test case on 9.04:
[QUTOE]create a NEW profile, added a single XMPP account, enabled
MyStatusBox, changed avatar, got a crash.[/QUOTE]
Crash/lockup manifests when pressing "open" button in browser, when
adding avatar.

Attaching backtrace and gtk-policy.

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

since running valgrind on gdb might not be a great idea
$ valgrindB pidgin -n -m -c /tmp/12

Revision history for this message
Sebastien Bacher (seb128) wrote :

That's not because something has a gtk function in its stacktrace that the bug is a gtk one, open bugs on the crashing software when you are not sure

affects: gtk+2.0 (Ubuntu) → pidgin (Ubuntu)
Changed in pidgin (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Sebastien Bacher (seb128) wrote :

The valgrind log has an error in libpurple code

==6970== Invalid read of size 1
==6970== at 0x7B8DF09: purple_imgstore_ref (in /usr/lib/libpurple.so.0.5.5)
==6970== by 0x4A0743: pidgin_status_box_set_buddy_icon (gtkstatusbox.c:2295)
==6970== by 0x4A2BCB: buddy_icon_set_cb (gtkstatusbox.c:1536)
==6970== by 0x7B9AF42: (within /usr/lib/libpurple.so.0.5.5)
==6970== by 0x4A2D34: icon_choose_cb (gtkstatusbox.c:1559)
==6970== by 0x4A78C1: icon_filesel_choose_cb (gtkutils.c:2375)
==6970== by 0x762E34D: g_closure_invoke (gclosure.c:767)
==6970== by 0x7643A94: signal_emit_unlocked_R (gsignal.c:3247)
==6970== by 0x7644EAE: g_signal_emit_valist (gsignal.c:2980)
==6970== by 0x7645402: g_signal_emit (gsignal.c:3037)
==6970== by 0x762E34D: g_closure_invoke (gclosure.c:767)
==6970== by 0x7643A94: signal_emit_unlocked_R (gsignal.c:3247)
==6970== by 0x7644EAE: g_signal_emit_valist (gsignal.c:2980)
==6970== by 0x7645402: g_signal_emit (gsignal.c:3037)
==6970== by 0x650A72D: button_activate_timeout (gtkbutton.c:1720)
==6970== by 0x6A9304A: gdk_threads_dispatch (gdk.c:498)
==6970== by 0x78A2F7A: g_timeout_dispatch (gmain.c:3253)
==6970== by 0x78A282D: g_main_context_dispatch (gmain.c:1814)
==6970== by 0x78A5F87: g_main_context_iterate (gmain.c:2448)
==6970== by 0x78A6424: g_main_loop_run (gmain.c:2656)
==6970== by 0x65AEBC6: gtk_main (gtkmain.c:1205)
==6970== by 0x47DC82: main (gtkmain.c:880)
==6970== Address 0xd7c2c34 is 4 bytes inside a block of size 32 free'd
==6970== at 0x4C265AF: free (vg_replace_malloc.c:323)
==6970== by 0x7B8E082: purple_imgstore_unref (in /usr/lib/libpurple.so.0.5.5)
==6970== by 0x7B765B9: purple_buddy_icons_set_account_icon (in /usr/lib/libpurple.so.0.5.5)
==6970== by 0x4A2B93: buddy_icon_set_cb (gtkstatusbox.c:1498)
==6970== by 0x7B9AF42: (within /usr/lib/libpurple.so.0.5.5)
==6970== by 0x4A2D34: icon_choose_cb (gtkstatusbox.c:1559)
==6970== by 0x4A78C1: icon_filesel_choose_cb (gtkutils.c:2375)
==6970== by 0x762E34D: g_closure_invoke (gclosure.c:767)
==6970== by 0x7643A94: signal_emit_unlocked_R (gsignal.c:3247)
==6970== by 0x7644EAE: g_signal_emit_valist (gsignal.c:2980)
==6970== by 0x7645402: g_signal_emit (gsignal.c:3037)
==6970== by 0x762E34D: g_closure_invoke (gclosure.c:767)
==6970== by 0x7643A94: signal_emit_unlocked_R (gsignal.c:3247)
==6970== by 0x7644EAE: g_signal_emit_valist (gsignal.c:2980)
==6970== by 0x7645402: g_signal_emit (gsignal.c:3037)
==6970== by 0x650A72D: button_activate_timeout (gtkbutton.c:1720)
==6970== by 0x6A9304A: gdk_threads_dispatch (gdk.c:498)
==6970== by 0x78A2F7A: g_timeout_dispatch (gmain.c:3253)
==6970== by 0x78A282D: g_main_context_dispatch (gmain.c:1814)
==6970== by 0x78A5F87: g_main_context_iterate (gmain.c:2448)
==6970== by 0x78A6424: g_main_loop_run (gmain.c:2656)
==6970== by 0x65AEBC6: gtk_main (gtkmain.c:1205)
==6970== by 0x47DC82: main (gtkmain.c:880)

Revision history for this message
Sebastien Bacher (seb128) wrote :

could you install pidgin-dbg and get a new valgrind log?

Changed in pidgin (Ubuntu):
status: New → Incomplete
Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

now with pidgin-dbg

Changed in pidgin (Ubuntu):
status: Incomplete → New
Bug Watch Updater (bug-watch-updater)
Changed in pidgin:
status: Unknown → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

the new version is in karmic now

Changed in pidgin (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.