[Pidgin] #2439: Double g_free() on msn_disconnection

Pidgin trac at pidgin.im
Tue Aug 7 01:01:11 EDT 2007 

#2439: Double g_free() on msn_disconnection
---------------------------+------------------------------------------------
  Reporter:  snakeru       |       Owner:       
      Type:  defect        |      Status:  new  
  Priority:  minor         |   Milestone:       
 Component:  pidgin (gtk)  |     Version:  2.1.0
Resolution:                |    Keywords:       
   Pending:  0             |  
---------------------------+------------------------------------------------
Comment (by snakeru):

 It seems that roughly same problem is here:
 {{{
 #0  0xb53b683e in g_queue_push_tail () from /usr/lib/libglib-2.0.so.0
 #1  0xb521d9ff in msn_cmdproc_queue_trans (cmdproc=0x8b58be0,
 trans=0x935f860) at cmdproc.c:74
 #2  0xb5231432 in msn_switchboard_request_add_user (swboard=0x8e99d78,
     user=0xb50080a4 "xxxxxxxxxx at hotmail.com") at switchboard.c:1095
 #3  0xb522c5ea in msn_session_get_swboard (session=0x8da8848,
     username=0xb50080a4 "xxxxxxxx at hotmail.com", flag=MSN_SB_FLAG_IM) at
 session.c:214
 #4  0xb52231a4 in msn_send_im (gc=0x8ecf1b8, who=0xb50080a4
 "xxxxxxxxx at hotmail.com",
     message=0xb57ab934 "Hola, ...", flags=0) at msn.c:802
 #5  0xb549c57f in serv_send_im (gc=0x8ecf1b8, name=0xb50080a4
 "xxxxxxxxx at hotmail.com",
     message=0xb57ab934 "Hola, ...", flags=0) at server.c:136
 #6  0xb54faf9b in pygaim_server_serv_send_im (self=0x0, args=0xb57ad7d4)
 at generated.c:5632
 #7  0xb58e6511 in ?? ()
 #8  0x00000000 in ?? ()
 }}}
 This is how I see it:
 msn_session_get_swboard do first msn_switchboard_request and then
 msn_switchboard_request_add_user. But during msn_switchboard_request this
 codepath happens:
 msn_switchboard_request -> msn_cmdproc_send_trans -> msn_servconn_write ->
 msn_servconn_got_error -> msn_servconn_disconnect ->
 (servconn->disconnect_cb)
 [[br]][[br]]
 So servconn is deleted and msn_switchboard_request_add_user segfaults as
 it is visible on backtrace above.
 [[br]][[br]]
 The problem is that I do not know how to fix it properly. I think I'll add
 a check that (servconn->disconnect_cb) is set before calling
 msn_switchboard_request_add_user. but it is quite crude hack

-- 
Ticket URL: <http://developer.pidgin.im/ticket/2439#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list