[Pidgin] #2625: libpurple crashes on connect in aim_locate_getcaps
Pidgin
trac at pidgin.im
Sun Aug 19 12:24:07 EDT 2007
#2625: libpurple crashes on connect in aim_locate_getcaps
------------------------+---------------------------------------------------
Reporter: boredzo | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: libpurple | Version: 2.1.0
Resolution: | Keywords:
Pending: 0 |
------------------------+---------------------------------------------------
Comment (by evands):
Also from the Adium ticket, some more information based on the Libpurple
binary in use:
Relevant section of otx output in aim_locate_getcaps():
{{{
+47 110e0ddf e8ab14ffff calll
_byte_stream_getraw
+52 110e0de4 8945dc movl
%eax,0xdc(%ebp)
+55 110e0de7 c745e000000000 movl
$0x00000000,0xe0(%ebp)
+62 110e0dee 8d935f0e0b00 leal
0x000b0e5f(%ebx),%edx
+68 110e0df4 8955e4 movl
%edx,0xe4(%ebp)
+71 110e0df7 8955cc movl
%edx,0xcc(%ebp)
+74 110e0dfa eb6b jmp
0x110e0e67
+76 110e0dfc 8345e414 addl
$0x14,0xe4(%ebp)
+80 110e0e00 8b75e0 movl
0xe0(%ebp),%esi
+83 110e0e03 8d04b6 leal
(%esi,%esi,4),%eax
+86 110e0e06 8b55cc movl
0xcc(%ebp),%edx
+89 110e0e09 8d0482 leal
(%edx,%eax,4),%eax
+92 110e0e0c 8945d0 movl
%eax,0xd0(%ebp)
+95 110e0e0f 83c004 addl
$0x04,%eax
+98 110e0e12 b910000000 movl
$0x00000010,%ecx
+103 110e0e17 fc cld
+104 110e0e18 89c6 movl
%eax,%esi
+106 110e0e1a 8b7ddc movl
0xdc(%ebp),%edi
+109 110e0e1d f3a6 repz/cmpsb
(%esi),(%edi)
+111 110e0e1f b800000000 movl
$0x00000000,%eax
+116 110e0e24 740a je
0x110e0e30
+118 110e0e26 0fb646ff movzbl
0xff(%esi),%eax
+122 110e0e2a 0fb64fff movzbl
0xff(%edi),%ecx
+126 110e0e2e 29c8 subl
%ecx,%eax
+128 110e0e30 85c0 testl
%eax,%eax
+130 110e0e32 752f jne
0x110e0e63
+132 110e0e34 8b75d0 movl
0xd0(%ebp),%esi
+135 110e0e37 8b36 movl
(%esi),%esi
+137 110e0e39 0975d4 orl
%esi,0xd4(%ebp)
+140 110e0e3c 8b45dc movl
0xdc(%ebp),%eax
+143 110e0e3f 890424 movl
%eax,(%esp,1)
+146 110e0e42 e8733f0400 calll _g_free
}}}
so it's crashing somewhere between `byte_stream_getraw()` and `g_free()`
in the below block of code:
{{{
cap = byte_stream_getraw(bs, 0x10);
for (i = 0, identified = 0; !(aim_caps[i].flag &
OSCAR_CAPABILITY_LAST); i++) {
if (memcmp(&aim_caps[i].data, cap, 0x10) == 0) {
flags |= aim_caps[i].flag;
identified++;
break; /* should only match once... */
}
}
if (!identified)
purple_debug_misc("oscar", "unknown capability:
{%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x}\n",
cap[0], cap[1], cap[2], cap[3],
cap[4], cap[5],
cap[6], cap[7],
cap[8], cap[9],
cap[10], cap[11], cap[12],
cap[13],
cap[14], cap[15]);
g_free(cap);
}}}
I'm not sure what of that is even crashable...
The user is able to log in without a problem using iChat.
--
Ticket URL: <http://developer.pidgin.im/ticket/2625#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list