Ubuntu
gaim package

gaim: crashes with "*** glibc detected *** free(): invalid pointer:"

Bug #27639 reported by Debian Bug Importer
6
Affects Status Importance Assigned to Milestone
gaim (Debian)
Fix Released
Unknown
gaim (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Automatically imported from Debian bug report #344858 http://bugs.debian.org/344858

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #344858 http://bugs.debian.org/344858

Revision history for this message
In , Ari Pollak (ari) wrote : (no subject)

severity 344858 important
thanks

Please try to get a backtrace by following the directions here:
http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=2.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Mon, 26 Dec 2005 19:46:20 -0500
From: Ari Pollak <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: (no subject)

severity 344858 important
thanks

Please try to get a backtrace by following the directions here:
http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=2.

Revision history for this message
In , Gabriele Stilli (superenzima) wrote : Re: Bug#344858: (no subject)

lunedì 26 dicembre 2005, alle 19:46, Ari Pollak scrive:

> Please try to get a backtrace by following the directions here:
> http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
> by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=2.

Recompiled gaim as per instructions, installed, ran it alone to be sure:
segfault.

Ran under gdb: no more segfault, works like a charm.

Reran it alone: it works.

Purged, reinstalled "normal" gaim: it works.

I'm a bit puzzled: wonder what happened.

For sake of meticulosity, I resend the output of "gaim -d" in the "good"
case. You'll notice (among other things) that gaim no more complains about
gevolution.so and libzephyr.so being unloadable, although the relevant
libraries are no more present in the system (but of course they were present
while compiling and running the -gdb'ed version of Gaim). But maybe it's
another matter entirely, I just thought it was worthy to mention it.

I don't know what to say. Please, tell me if I there's something more I
should do to solve the mistery. Else, I'm sorry if I made much ado about
nothing.

Cheers,
Gabriele :-)

--
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (4.9 KiB)

Message-ID: <20051227030223.GA23823@camelot>
Date: Tue, 27 Dec 2005 04:02:23 +0100
From: Gabriele 'LightKnight' Stilli <email address hidden>
To: Ari Pollak <email address hidden>, <email address hidden>
Subject: Re: Bug#344858: (no subject)

--IrhDeMKUP4DT/M7F
Content-Type: multipart/mixed; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

luned=EC 26 dicembre 2005, alle 19:46, Ari Pollak scrive:

> Please try to get a backtrace by following the directions here:
> http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
> by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=3D2.

Recompiled gaim as per instructions, installed, ran it alone to be sure:
segfault.

Ran under gdb: no more segfault, works like a charm.

Reran it alone: it works.

Purged, reinstalled "normal" gaim: it works.

I'm a bit puzzled: wonder what happened.

For sake of meticulosity, I resend the output of "gaim -d" in the "good"
case. You'll notice (among other things) that gaim no more complains about
gevolution.so and libzephyr.so being unloadable, although the relevant
libraries are no more present in the system (but of course they were present
while compiling and running the -gdb'ed version of Gaim). But maybe it's
another matter entirely, I just thought it was worthy to mention it.

I don't know what to say. Please, tell me if I there's something more I
should do to solve the mistery. Else, I'm sorry if I made much ado about
nothing.

Cheers,
Gabriele :-)

--=20
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

--SLDf9lqlvOQaIe6s
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="gaim2.txt.bz2"
Content-Transfer-Encoding: base64

QlpoOTFBWSZTWVvCs44ADjpfgEQQQPf/8j/3/7C////6YAkfV8nVvve5KFzr2er0q7s4ovWq
SQS8JJITRMyIeoxNMxBqaA9QeoDTQA00AkqYT1KeJhNIaGgAAAAADQGgcZMmmmEyMgYEYmjB
GEGjTAAIJESmSNA0ADQaBkAAAADQAihJqYobSTyZA1MSeiaAyAADQNDQJEgmQSYEm0yCajT1
GTQAeoDQNAaSFmxf55aCPb/HsJcRs6yPc5XFzFoKEUSfHqRQUYnIvQETDP52LO43IRO0V+bQ
bFfBtwwSaqHU6nWfl4sENpCepl6wclNTW327Z0pE7XntEHij4PyR1gpgOIyK7RoBg3tv6wHQ
jvUtAjNIrCXBYufC3KT/PbKK1FjWw7Kj9nnvtzrQdeGIBnUhIkNPCIGMfqbqWnNdLWTCWgnq
kJQf6jskIvg4bvnsmwwxqToXFkIpOlz8PCUz2wYyYhqKFKN4NiJKVcKYlyRrfmCZr0XE1LTX
6nFyQp6j6FujDAkYT2O6RIYZuEAVVqGhNLcP1qWFUaPqAKtIsIPnksK3haKF4JCsdlPVJa5h
hTAuoXKBXssOWV7ONNwK38MQ3ENvLI+sa5or1xkLlakZLdbgHYSOHEZgGVFDAQQX6y6QBHIN
cwPF5BJE56W0rzJ/XDt1oaUbNKHLZURbMqRgeL6TVrl3EujhjR4vueF9uJWbpQmNjZzKJH6H
mA5lI6VwgUkJT3oCJckWEMY5IVwRe3iMcaloVad88LdPpSqnCCWx9hgVHmFJhRsaGhpKBiE2
jsPSRQyQkr9k2faQd41QWbaGIGwGhoViUYZ0EyZN0H3ooE/8Q66W6q1OxECcCDEIyOWbEFGW
tdEmiqLhjUc0YEKQqlUU7TQtmhAUOowWSlbQ8DA2kFIRgs8XC2imXK7j1lCCXk+g1mOWwfA8
QZwLIQGj1nAtLYbjlNs1FBIC2o5k0XKGJWMzzDZR5hK51Jbla3A4E1MkTDWhAcEQLHBEC05m
JJByj/I0D5gQ4kqeVElY54Nl3QNhzXMN0kJYWnLJ0RxKZ31QJG/QOKihsoOCEIIh0YO8LFEg
tAWzanVAu5pZsOKCCkUIpsVqV1mw9e3oe9KPHcnJyKq2cTHT6jhL3aXp0Ql434RzElCQ7viy
KTCPuEqq4Lyfywqxz2LIkI+Rje9...

Read more...

Revision history for this message
In , Gabriele Stilli (superenzima) wrote :

lunedì 26 dicembre 2005, alle 19:46, Ari Pollak scrive:

> Please try to get a backtrace by following the directions here:
> http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
> by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=2.

Whoops, the saga goes on. Things started going bad again, but apparently not
in a very coherent way. Today gaim crashed "as usual" the first time;
reinstalled the -gdb version, ran it under gdb (without MALLOC_CHECK_=2, I'm
sorry) and crashed (giving the same errors on the plugins I reported in my
last mail). I attach the backtrace herein. Then I tried to rerun it with M_C
and, to my surprise, it crashes no more. I don't know what to say anymore,
else than reporting what happened to me, hoping to be useful. I'd even think
of a hardware failure (just moved my system on a new disk), but everything
else seems to work flawlessly. I'm sorry for being so confusing, I'll pay
more attention in the next days :-)

Happy holidays...
Gabriele :-)

--
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

Revision history for this message
In , Luke Schierer (lschiere) wrote :

See gaim.sf.net/faq.php#q24 to avoid this crash. Your bug is one in
aRTs, one that has been plaguing redhat users for some time, and just
recently spread to Fedora, gentoo, and now debian. There is a new
aRTs binary for fedora that supposedly has this crash fixed.

This is at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169631

luke

Revision history for this message
In , Ari Pollak (ari) wrote :

reassign 344858 libarts1c2a

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (4.4 KiB)

Message-ID: <20051227210745.GA4776@camelot>
Date: Tue, 27 Dec 2005 22:07:45 +0100
From: Gabriele 'LightKnight' Stilli <email address hidden>
To: Ari Pollak <email address hidden>, <email address hidden>
Subject: Re: Bug#344858: (no subject)

--dc+cDN39EJAMEtIO
Content-Type: multipart/mixed; boundary="n8g4imXOkfNTN/H1"
Content-Disposition: inline

--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

luned=EC 26 dicembre 2005, alle 19:46, Ari Pollak scrive:

> Please try to get a backtrace by following the directions here:
> http://wiki.debian.org/HowToGetABacktrace (replace the "hello" package
> by gaim). Make sure to run gdb/gaim with MALLOC_CHECK_=3D2.

Whoops, the saga goes on. Things started going bad again, but apparently not
in a very coherent way. Today gaim crashed "as usual" the first time;
reinstalled the -gdb version, ran it under gdb (without MALLOC_CHECK_=3D2, =
I'm
sorry) and crashed (giving the same errors on the plugins I reported in my
last mail). I attach the backtrace herein. Then I tried to rerun it with M_C
and, to my surprise, it crashes no more. I don't know what to say anymore,
else than reporting what happened to me, hoping to be useful. I'd even think
of a hardware failure (just moved my system on a new disk), but everything
else seems to work flawlessly. I'm sorry for being so confusing, I'll pay
more attention in the next days :-)

Happy holidays...
Gabriele :-)

--=20
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

--n8g4imXOkfNTN/H1
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="bt.txt.bz2"
Content-Transfer-Encoding: base64

QlpoOTFBWSZTWdAsKCsAAQxfgEAQWH//9z/n346/7//xYAZ9m+qq0gYG5gwAKAlEmCaBT1T2
ptMp6E09UemkGoGn6T0kaHlM1P1RoNNKYNCZCU80oZGgAMgAGg9QBoHGTJpphMjIGBGJowRh
Bo0wACDESQ00g8k9RgjTT0mgGQGIYjQBpocZMmmmEyMgYEYmjBGEGjTAAIJEiZAQ00I001Tx
T1PUGmjajQNG1GQaaGmVyRUqFpEI0XHzPKJRprid1FE+9CFhNAMqyYWKZY7k9N4Ls4K/MBN4
TgoRBBAlLX4rVtnxaUCh7c4KrznoI1+SoriOr8+G9PwY2C7nyX8yo0mtVJBO4UROlltXdG/T
HTFQvvrhNAa5CNEZQn4lh9jq1IWn159jTAU0invLYPkEdalDKjp1e6vus7hy+a5AcRmBNBNw
KyBloFwmqm2Jlr6urWyEVdrk7Ws/Ywg3orNtp3JgbsSDlYbzrRKCajIvDGdtoXFTs431m7Yl
7i7xCWJKCzI54zzC60DtQAVEQtVEYKJxZh7hmvS3swdS1+yKIDfadwsS2/0eV+Q/V7fCs9jp
rbjaREmeIczIg1G1KF0tO+hL9yJ2oKgmcFajGe/JnPY5/T6kHIT4NEpslLcYeBNJaCpsZYJp
GoxrXMwoK4Av8TszhHp2dmWvh7zdDiePD2OlWqCNOVeR5DPMgBMlGISBTWiZoBpA0l2MRBkZ
NX56s83WU7KyiWrz0mp9pCiljjOmspOjfCsi8eBKZOVUZW1yst827UKhEzfK92s5QctXjVyg
yS6xxekyhdiHRdB6Z4OczlwLsMJYZrNGiGyHWc1jMsQ2WubrbhVd85DbeVs47MBl06TrY4Gd
1zzuCqgXhXYZT3vWb8aZKBkhhiKSe9o7YThCIdEq9yBtNkH3ktWNIjQUDyW0jsvfRaMEkhAo
KhyugQ+ByvaFr0wgqWLPBFCg0QAkVBRFVscAukFtR8UebTo12lGAM3ieL754NT1cfHzbUCcg
85Qu5j5aohkD781fkXSemVMH5O31toWDVYnDrICh7U8j5lonj+Sfx+P3v+3mSJWESfzlN3p9
SisZWf7SsrIJ58iBQcbGei86mcyrw9Bnl+/pQlRc8jbVdW8m+Zz6L0wJJ8Dmd57Y7uvJdVmf
w4Uy37xjZjvMO6ARyfAlOz6UL7kbOo6r1tl+ESf3yrnKPA8f0YjPD5chyMczQin/JxTpsptl
PxcrQZ8guCrovH8qY1JoS5AsvEwHuLxrQanpsVIFvNhEFG/FnJMYSGRjJfo02D3LsDVu99FM
0KdH...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Tue, 27 Dec 2005 16:26:01 -0500
From: Luke Schierer <email address hidden>
To: Gabriele 'LightKnight' Stilli <email address hidden>,
  <email address hidden>
Subject: Re: Bug#344858: (no subject)

See gaim.sf.net/faq.php#q24 to avoid this crash. Your bug is one in
aRTs, one that has been plaguing redhat users for some time, and just
recently spread to Fedora, gentoo, and now debian. There is a new
aRTs binary for fedora that supposedly has this crash fixed.

This is at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169631

luke

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Tue, 27 Dec 2005 16:40:11 -0500
From: Ari Pollak <email address hidden>
To: <email address hidden>

reassign 344858 libarts1c2a

Revision history for this message
In , Gabriele Stilli (superenzima) wrote : Re: Bug#344858: (no subject)

martedì 27 dicembre 2005, alle 16:26, Luke Schierer scrive:

> See gaim.sf.net/faq.php#q24 to avoid this crash.

I already have "default_driver=alsa" in /etc/libao.conf. Should I do
something else?

> Your bug is one in
> aRTs, one that has been plaguing redhat users for some time, and just
> recently spread to Fedora, gentoo, and now debian.

Thank you for the information. I have libarts1 1.3.2-3 (removed from Etch
and Sid, but needed for other programs) and libartsc0 1.4.2-5 installed, no
other aRTs-related package. Do the packages in unstable (libarts1c2a?), or
even experimental, fix this issue?

I managed to crash gaim fiddling with sound preferences; backtrace with
MALLOC set available on request :-)

Sorry for flooding, hope this will be useful to someone :-)

Gabriele :-)

--
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <20051227225633.GA5139@camelot>
Date: Tue, 27 Dec 2005 23:56:33 +0100
From: Gabriele 'LightKnight' Stilli <email address hidden>
To: Luke Schierer <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#344858: (no subject)

--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

marted=EC 27 dicembre 2005, alle 16:26, Luke Schierer scrive:

> See gaim.sf.net/faq.php#q24 to avoid this crash.

I already have "default_driver=3Dalsa" in /etc/libao.conf. Should I do
something else?

> Your bug is one in
> aRTs, one that has been plaguing redhat users for some time, and just
> recently spread to Fedora, gentoo, and now debian.

Thank you for the information. I have libarts1 1.3.2-3 (removed from Etch
and Sid, but needed for other programs) and libartsc0 1.4.2-5 installed, no
other aRTs-related package. Do the packages in unstable (libarts1c2a?), or
even experimental, fix this issue?

I managed to crash gaim fiddling with sound preferences; backtrace with
MALLOC set available on request :-)

Sorry for flooding, hope this will be useful to someone :-)

Gabriele :-)

--=20
http://poisson.phc.unipi.it/~stilli/ ICQ UIN: 159169930
[HT] Lothlorien F.C. (51042, IV.53) #156 Club dei Mille
Meglio essere ottimisti e avere torto, che pessimisti e avere ragione
[Albert Einstein]

--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDscahQMzu5hmEH1wRAjgPAJkB/RAlFv935s5KO23uxNW1e6NKDwCeMs6C
Z/EUEHdZWdDjp4QDuIijHz4=
=9gF5
-----END PGP SIGNATURE-----

--FL5UXtIhxfXey3p5--

Revision history for this message
Chris Moore (dooglus) wrote :

This crash is caused by the same problem as bug #26106.

You shouldn't use memory after freeing it.

I've tried attaching a patch, but launchpad won't have it (" Oops. Sorry, something just went wrong in Launchpad.") so I'll paste it here and let malone mangle the formatting. Luckily it's quite short:

-----
--- src/Backup/privacy.c.~1~ 2005-04-24 23:47:58.000000000 +0200
+++ src/privacy.c 2006-01-31 13:16:27.000000000 +0100
@@ -85,8 +85,8 @@
  if (l == NULL)
   return FALSE;

- account->permit = g_slist_remove(account->permit, l->data);
  g_free(l->data);
+ account->permit = g_slist_remove(account->permit, l->data);

  if (!local_only && gaim_account_is_connected(account))
   serv_rem_permit(gaim_account_get_connection(account), who);
@@ -156,8 +156,8 @@
  if (l == NULL)
   return FALSE;

- account->deny = g_slist_remove(account->deny, l->data);
  g_free(l->data);
+ account->deny = g_slist_remove(account->deny, l->data);

  if (!local_only && gaim_account_is_connected(account))
   serv_rem_deny(gaim_account_get_connection(account), who);
-----

Revision history for this message
In , Chris Moore (dooglus) wrote : patch

The attached patch fixes the bug for me. It's nothing to do with aRTs.

The gaim code is trying to use a linked-list node after freeing it.

Chris.

Revision history for this message
Chris Moore (dooglus) wrote :

I added the patch to the debian BTS too. I found I was able to include an attachment there, so here it is:

  http://bugs.debian.org/cgi-bin/bugreport.cgi/patch?bug=344858;msg=37;att=1

Revision history for this message
In , Chris Moore (christopher-ian-moore) wrote :

I raised an upstream bug report for this:

  http://sourceforge.net/tracker/index.php?func=detail&aid=1420463&group_id=235&atid=100235

Revision history for this message
Chris Moore (dooglus) wrote :

I provided a simple fix for this 3 weeks ago. Will someone apply it please?

Changed in arts:
status: Unconfirmed → Confirmed
status: Unconfirmed → Confirmed
Revision history for this message
Chris Moore (dooglus) wrote : this fixes the bug

Could it be that the patch wasn't applied because I uploaded it to the Debian BTS and linked it here rather than uploading it here?

Let's see if this helps.

Revision history for this message
Chris Moore (dooglus) wrote :

My patch seems to have been applied now. Does that mean the bug can be closed? Is bug 32662 a duplicate of this one?

Revision history for this message
Matt Zimmerman (mdz) wrote :

Your patch wasn't handled promptly because this bug was imported from Bugzilla and the contacts weren't set up correctly. Apologies for that.

You say that it has been applied now, so this bug can be closed.

Changed in gaim:
status: Confirmed → Fix Released
Revision history for this message
In , Christopher Martin (chrsmrtn-debian) wrote :

Reports in this bug suggest that this is a gaim bug afterall, but fixed
upstream. Closing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.