[Pidgin] #2273: Purple crashes due to failed memory allocation in MSN SLP

Pidgin trac at pidgin.im
Wed Jul 25 13:58:19 EDT 2007 

#2273: Purple crashes due to failed memory allocation in MSN SLP
--------------------------+-------------------------------------------------
 Reporter:  praveen       |       Type:  defect
   Status:  new           |   Priority:  minor 
Component:  libpurple     |    Version:  2.0.2 
 Keywords:  msn slp gmem  |    Pending:  0     
--------------------------+-------------------------------------------------
 Purple crashes due to a failed memory allocation in the function
 "msn_slplink_process_msg()" (slplink.c). The chunk of memory requested
 seems to be in the order of 1.5GB. This message can be seen in the logs:

 GLib-ERROR **: gmem.c:135: failed to allocate 1543569409 bytes

 The full backtrace for the crash follows (account names have been masked):

 #0  0xffffe410 in __kernel_vsyscall ()
 No symbol table info available.

 #1  0xb7d129a1 in raise () from /lib/tls/i686/cmov/libc.so.6
 No symbol table info available.

 #2  0xb7d142b9 in abort () from /lib/tls/i686/cmov/libc.so.6
 No symbol table info available.

 #3  0xb7c92006 in g_logv () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #4  0xb7c9203a in g_log () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #5  0xb7c91080 in g_malloc () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #6  0xb7ca0e27 in g_strndup () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #7  0xb7a795ca in msn_slp_process_msg (slplink=0x9923e78, slpmsg=0x6)
     at slpcall.c:241
         slpcall = <value optimized out>
         body = (
     const guchar *) 0x4c879008 "MSNSLP/1.0 603 Decline\r\nTo:
 <msnmsgr:xxxxxxxxx at hotmail.com>\r\nFrom:
 <msnmsgr:yyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP ;branch
 ={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
         body_len = 1795227648

 #8  0xb7a7a112 in msn_slplink_process_msg (slplink=0x9923e78,
 msg=0x8c3e800)
     at slplink.c:630
         slpcall = <value optimized out>
         slpmsg = (MsnSlpMessage *) 0x88983d8
         data = 0x8292d08 "MSNSLP/1.0 603 Decline\r\nTo:
 <msnmsgr:xxxxxxxxxx at hotmail.com>\r\nFrom:
 <msnmsgr:yyyyyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP ;branch
 ={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
 offset = 0
         len = 359
         __PRETTY_FUNCTION__ = "msn_slplink_process_msg"

 #9  0xb7a780e5 in msn_p2p_msg (cmdproc=0x8cc7f08, msg=0x8c3e800) at
 slp.c:762
         slplink = (MsnSlpLink *) 0x9923e78

 #10 0xb7a68d0f in msn_cmdproc_process_msg (cmdproc=0x8cc7f08,
 msg=0x8c3e800)
     at cmdproc.c:248
         cb = (MsnMsgTypeCb) 0

 #11 0xb7a7bd97 in msg_cmd_post (cmdproc=0x8cc7f08, cmd=0x95efff0,
 payload=0x0,
     len=0) at switchboard.c:739
         msg = (MsnMessage *) 0x8c3e800

 #12 0xb7a68c98 in msn_cmdproc_process_payload (cmdproc=0x8cc7f08,
     payload=0x82723aa "MIME-Version: 1.0\r\nContent-Type:
 application/x-msnmsgrp2p\r\nP2P-Dest: xxxxxxxx at hotmail.com\r\n\r\n",
 payload_len=510)
     at cmdproc.c:223
         last = (MsnCommand *) 0x95efff0
         __PRETTY_FUNCTION__ = "msn_cmdproc_process_payload"

 #13 0xb7a770e9 in read_cb (data=0x9348368, source=127,
 cond=PURPLE_INPUT_READ)
     at servconn.c:441
         buf = "MSG yyyyyyyyyyy at netbrasilcargas.com.br YYYYYYYY 510\r
 \nMIME-Version: 1.0\r\nContent-Type: application/x-msnmsgrp2p\r\nP2P-Dest:
 xxxxxxxxxx at hotmail.com\r\n\r\n\000\000\000\000j��\n\000\000\000\000\000\000\000\000\000\000\001k\000\000\000\000\000\000\001k\000\000\000\000~\234�y",
 '\0' <repeats 12 times>, "MSNSL"...
         end = 0x82725a8 ""
         old_rx_buf = 0x8272378 "MSG yyyyyyyyyy at netbrasilcargas.com.br
 YYYYYYYY 510"
         len = <value optimized out>
         cur_len = 6

 #14 0x0805373f in purple_glib_io_invoke (source=0x9926ac0,
 condition=G_IO_IN,
     data=0x8a21888) at file.c:48
         closure = (PurpleGLibIOClosure *) 0x8a21888
         purple_cond = PURPLE_INPUT_READ

 #15 0xb7cb052c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #16 0xb7c898d6 in g_main_context_dispatch () from
 /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #17 0xb7c8c996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #18 0xb7c8ccb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.

 #19 0x08054046 in main (argc=9, argv=0xbfa1bf74) at file.c:343

-- 
Ticket URL: <http://developer.pidgin.im/ticket/2273>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list