ICQ excessive memory allocation again
Jan Kaluza
hanzz.k at gmail.com
Fri Feb 26 19:10:26 EST 2010
Hi,
I'm using libpurple as network library for my XMPP Transport. I think
I have similar problem to one security issue which should be already
fixed in 2.5.8 ( http://pidgin.im/news/security/?id=33 ). I think I
don't have to describe my problem more, because symptoms are basically
the same as in mentioned issue. Unfortunately I can't say what client
caused it. I'm using libpurple 2.6.5. I will keep the core dump and
current binary for required time, so feel free to ask me for more
informations.
These are last few lines of the debug log:
[02/26/10 10:01:05] <libpurple/oscar> incomingim_ch1: unknown TLV
0x000d (len 40)
[02/26/10 10:01:05] <libpurple/oscar> Received IM from 442406467 with 1 parts
[02/26/10 10:01:05] <libpurple/oscar> Parsing IM part, charset=0x0002,
charsubset=0x0026, datalen=122, choice1=UTF-16BE, choice2=UTF-8,
choice3=
[02/26/10 10:01:05] <libpurple/oscar> Received a channel 4 message of type 0x1a.
GLib-ERROR **: gmem.c:135: failed to allocate 3137339393 bytes
aborting...
Backtrace:
(gdb) bt full
#0 0xb7785947 in raise () from /lib/tls/libc.so.6
No symbol table info available.
#1 0xb77870c9 in abort () from /lib/tls/libc.so.6
No symbol table info available.
#2 0xb7d06074 in g_logv () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#3 0xb7d060a9 in g_log () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#4 0xb7d04d0a in g_malloc () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#5 0xb7052239 in byte_stream_getstr (bs=0xbf84fefc, len=-1157627903)
at bstream.c:201
ob = 0x0
#6 0xb7078bce in purple_parse_incoming_im (od=0x11a818f8,
conn=0x11a73aa8, fr=0x11a73ae8) at oscar.c:3040
smsmsg = <value optimized out>
xmlroot = <value optimized out>
xmltmp = <value optimized out>
message = <value optimized out>
qbs = {data = 0x11b23d00 "", len = 228, offset = 38}
tagstr = 0x11b6a890 ""
uin = <value optimized out>
channel = <value optimized out>
ret = <value optimized out>
userinfo = (aim_userinfo_t *) 0xbf84ffc4
ap = 0xbf84ff38
"o\201\210f0\225�4�\201c\200f}^TgN at Y\222\177W��(|���\204�~G73gN�\231�i�\037+\230\212iD\001\205�\022+0�Q"
#7 0xb705a645 in incomingim (od=0x11a818f8, conn=0x11a73aa8,
mod=<value optimized out>, frame=0x11a73ae8, snac=0xbf8502e0,
bs=0x11a73aec) at family_icbm.c:2233
tlvlist = (GSList *) 0x11b36028
ret = 0
cookie = (guchar *) 0x101879f0 "�\221\030�\235\231lF\020"
channel = <value optimized out>
userinfo = {bn = 0x11b0cad8 "442406467", warnlevel = 0,
idletime = 0, flags = 80, createtime = 0, membersince = 0, onlinesince
= 1267174865, sessionlen = 0,
capabilities = 0, icqinfo = {status = 0, ipaddr = 0, crap =
"\000\000\000\000\000\000\000\000\006\000\a", '\0' <repeats 25
times>}, present = 69, iconcsumtype = 0 '\0',
iconcsumlen = 0, iconcsum = 0x0, info = 0x0, info_encoding = 0x0,
info_len = 0, status = 0x0, status_encoding = 0x0, status_len = 0,
itmsurl = 0x0, itmsurl_encoding = 0x0,
itmsurl_len = 0, away = 0x0, away_encoding = 0x0, away_len = 0, next = 0x0}
#8 0xb705cb59 in snachandler (od=0x11a818f8, conn=0x11a73aa8,
mod=0x4dff, frame=0x11a73ae8, snac=0xbf8502e0, bs=0x11a73aec) at
family_icbm.c:2848
No locals.
#9 0xb706749f in flap_connection_recv (conn=0x11a73aa8) at
flap_connection.c:790
flap_version = <value optimized out>
buf = <value optimized out>
buflen = <value optimized out>
read = <value optimized out>
#10 0xb7ddd6dd in recv_cb (data=0x11b0e7c8, source=2153,
cond=PURPLE_INPUT_READ) at sslconn.c:155
No locals.
#11 0x080d1d61 in io_invoke (source=0x11b14530, condition=G_IO_IN,
data=0x11b1cc78) at /home/hanzz/spectrum/src/geventloop.cpp:48
closure = (PurpleIOClosure *) 0x11b1cc78
purple_cond = PURPLE_INPUT_READ
tmp = 1
---Type <return> to continue, or q <return> to quit---
#12 0xb7d26c7f in g_io_channel_unix_get_fd () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#13 0xb7cfd731 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#14 0xb7d007a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#15 0xb7d00b67 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#16 0x080e5e7a in GlooxMessageHandler (this=0x818e800,
config=@0xbf850560) at /home/hanzz/spectrum/src/main.cpp:928
No locals.
#17 0x080e620f in main (argc=2, argv=0xbf850604) at
/home/hanzz/spectrum/src/main.cpp:1841
config = {static npos = 4294967295, _M_dataplus =
{<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No
data fields>}, <No data fields>},
_M_p = 0x818e37c "highflyer.cfg"}}
error = (GError *) 0x0
context = (GOptionContext *) 0x818e210
Thanks for help
Jan Kaluza
More information about the security
mailing list