Ubuntu
gaim package

[apport] gaim crashed with SIGSEGV in malloc() (byte_stream_putraw valgrind)

Bug #86449 reported by hawkes on 2007-02-20

4

Affects		Status	Importance	Assigned to	Milestone
	gaim (Ubuntu)	Invalid	Medium	Unassigned

Bug Description

Binary package hint: gaim

Gaim simply died during a chat session

ProblemType: Crash
CrashCounter: 1
Date: Tue Feb 20 10:10:57 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/bin/gaim
Package: gaim 1:2.0.0+beta6-1ubuntu1
ProcCmdline: gaim
ProcCwd: /home/hawkes
ProcEnviron:
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games
LANG=de_DE.UTF-8
Signal: 11
SourcePackage: gaim
StacktraceTop:
?? () from /lib/libc.so.6
?? () from /lib/libc.so.6
malloc () from /lib/libc.so.6
?? () from /lib/libc.so.6
opendir () from /lib/libc.so.6
Uname: Linux ela 2.6.20-8-generic #2 SMP Tue Feb 13 01:14:41 UTC 2007 x86_64 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip lpadmin plugdev scanner video

Revision history for this message

hawkes (hawkes) wrote on 2007-02-20:

#1

CoreDump.gz Edit (2.2 MiB, application/x-gzip)
Dependencies.txt Edit (2.7 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (976 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (68.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (675 bytes, text/plain; charset="utf-8")
Registers.txt Edit (1013 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.6 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (3.9 KiB, text/plain; charset="utf-8")

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-02-20:

#2

Thanks for your bug report. The crash looks like a memory corruption. Could you try to get a valgrind log for it? (you can follow the instructions from https://wiki.ubuntu.com/Valgrind for that)

Changed in gaim:
importance:	Undecided → Medium
status:	Unconfirmed → Needs Info

Revision history for this message

hawkes (hawkes) wrote on 2007-02-20:

#3

Gaim Valgrind Log Edit (24.5 KiB, application/x-tar)

Until now, i couldn't crash it under valgrind, but after a friend of mine sent very fast many messages i got:

0:10:11.168512000 15442 0x1ca52ae0 ERROR GST_PIPELINE ./grammar.y:759:_gst_parse_launch: Unrecoverable syntax error while parsing pipeline bin.( pulsesink )
0:10:11.208679000 15442 0x1ca52ae0 ERROR default gconf.c:121:gst_gconf_render_bin_from_key: gconf: error creating bin 'pulsesink': Unrecoverable syntax error while parsing pipeline bin.( pulsesink )

and i have a valgrind.log. IIRC gaim creates a new thread for every message chat, shouldn't i call valgrind with --trace-children?

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-02-24:

#4

might be the same problem than bug #79062. Having a valgrind log from the crash would still be useful. Could you also install libnotify1-dbgsym?

Revision history for this message

hawkes (hawkes) wrote on 2007-02-24:

#5

Valgrind Log Edit (253.8 KiB, text/plain)

Valgrind keeps GAIM from crashing, but the valgrind.log is full of errors. I've installed a non-stripped version from libnotify1. But I didn't find a libnotify1-dbg ?

Greetings,

Christoph

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-02-24:

#6

Thank you, that new log points a problem from gaim code

Changed in gaim:
status:	Needs Info → Confirmed

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-02-24:

#7

The dbgsym are debug packages available for all the deb rebuilt for some months now, you can read https://wiki.ubuntu.com/DebuggingProgramCrash for instructions on how to install them

From the valgrind log:

==22427== Invalid read of size 1
==22427== at 0x4C22114: memcpy (mc_replace_strmem.c:406)
==22427== by 0x1457B211: byte_stream_putraw (string3.h:51)
==22427== by 0x1458DC05: peer_oft_send (oft.c:303)
==22427== by 0x1458E0DE: peer_oft_recv_frame (oft.c:325)
==22427== by 0x1459E48A: peer_connection_recv_cb (peer.c:388)
==22427== by 0x455F5E: gaim_gtk_io_invoke (gtkeventloop.c:77)
==22427== by 0x6808793: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x680B5DC: (within /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x680B8E9: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x5826FB2: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.9)
==22427== by 0x468630: main (gtkmain.c:816)
==22427== Address 0x1B1A6880 is 0 bytes after a block of size 64 alloc'd
==22427== at 0x4C207C9: malloc (vg_replace_malloc.c:149)
==22427== by 0x680F66A: g_malloc (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x68214F6: g_memdup (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x1458E0B8: peer_oft_recv_frame (oft.c:233)
==22427== by 0x1459E48A: peer_connection_recv_cb (peer.c:388)
==22427== by 0x455F5E: gaim_gtk_io_invoke (gtkeventloop.c:77)
==22427== by 0x6808793: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x680B5DC: (within /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x680B8E9: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.9)
==22427== by 0x5826FB2: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.9)
==22427== by 0x468630: main (gtkmain.c:816)

Revision history for this message

hawkes (hawkes) wrote on 2007-03-02:

#8

Valgrind Log Edit (149.6 KiB, text/plain)

Newest valgring-log with allmost all dbgsmb installed, logfile looks really good this time.

Revision history for this message

Adam Niedling (krychek) wrote on 2008-11-30:

#9

Feisty and gaim are not supported anymore. Please open a new bug if you get a crash with pidgin in a later version of Ubuntu.

Changed in gaim:
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.