[Pidgin] #2273: Purple crashes due to failed memory allocation in MSN SLP
Pidgin
trac at pidgin.im
Wed Oct 3 21:06:50 EDT 2007
#2273: Purple crashes due to failed memory allocation in MSN SLP
----------------------+-----------------------------------------------------
Reporter: praveen | Owner: khc
Type: defect | Status: new
Priority: minor | Milestone:
Component: MSN | Version: 2.0.2
Resolution: | Keywords: msn slp gmem
Pending: 1 |
----------------------+-----------------------------------------------------
Changes (by nosnilmot):
* pending: 0 => 1
Old description:
> Purple crashes due to a failed memory allocation in the function
> "msn_slplink_process_msg()" (slplink.c). The chunk of memory requested
> seems to be in the order of 1.5GB. This message can be seen in the logs:
>
> GLib-ERROR **: gmem.c:135: failed to allocate 1543569409 bytes
>
> The full backtrace for the crash follows (account names have been
> masked):
>
> #0 0xffffe410 in __kernel_vsyscall ()
> No symbol table info available.
>
> #1 0xb7d129a1 in raise () from /lib/tls/i686/cmov/libc.so.6
> No symbol table info available.
>
> #2 0xb7d142b9 in abort () from /lib/tls/i686/cmov/libc.so.6
> No symbol table info available.
>
> #3 0xb7c92006 in g_logv () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #4 0xb7c9203a in g_log () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #5 0xb7c91080 in g_malloc () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #6 0xb7ca0e27 in g_strndup () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #7 0xb7a795ca in msn_slp_process_msg (slplink=0x9923e78, slpmsg=0x6)
> at slpcall.c:241
> slpcall = <value optimized out>
> body = (
> const guchar *) 0x4c879008 "MSNSLP/1.0 603 Decline\r\nTo:
> <msnmsgr:xxxxxxxxx at hotmail.com>\r\nFrom:
> <msnmsgr:yyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP ;branch
> ={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
> body_len = 1795227648
>
> #8 0xb7a7a112 in msn_slplink_process_msg (slplink=0x9923e78,
> msg=0x8c3e800)
> at slplink.c:630
> slpcall = <value optimized out>
> slpmsg = (MsnSlpMessage *) 0x88983d8
> data = 0x8292d08 "MSNSLP/1.0 603 Decline\r\nTo:
> <msnmsgr:xxxxxxxxxx at hotmail.com>\r\nFrom:
> <msnmsgr:yyyyyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP
> ;branch={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
> offset = 0
> len = 359
> __PRETTY_FUNCTION__ = "msn_slplink_process_msg"
>
> #9 0xb7a780e5 in msn_p2p_msg (cmdproc=0x8cc7f08, msg=0x8c3e800) at
> slp.c:762
> slplink = (MsnSlpLink *) 0x9923e78
>
> #10 0xb7a68d0f in msn_cmdproc_process_msg (cmdproc=0x8cc7f08,
> msg=0x8c3e800)
> at cmdproc.c:248
> cb = (MsnMsgTypeCb) 0
>
> #11 0xb7a7bd97 in msg_cmd_post (cmdproc=0x8cc7f08, cmd=0x95efff0,
> payload=0x0,
> len=0) at switchboard.c:739
> msg = (MsnMessage *) 0x8c3e800
>
> #12 0xb7a68c98 in msn_cmdproc_process_payload (cmdproc=0x8cc7f08,
> payload=0x82723aa "MIME-Version: 1.0\r\nContent-Type:
> application/x-msnmsgrp2p\r\nP2P-Dest: xxxxxxxx at hotmail.com\r\n\r\n",
> payload_len=510)
> at cmdproc.c:223
> last = (MsnCommand *) 0x95efff0
> __PRETTY_FUNCTION__ = "msn_cmdproc_process_payload"
>
> #13 0xb7a770e9 in read_cb (data=0x9348368, source=127,
> cond=PURPLE_INPUT_READ)
> at servconn.c:441
> buf = "MSG yyyyyyyyyyy at netbrasilcargas.com.br YYYYYYYY 510\r
> \nMIME-Version: 1.0\r\nContent-Type: application/x-msnmsgrp2p\r\nP2P-
> Dest:
> xxxxxxxxxx at hotmail.com\r\n\r\n\000\000\000\000j��\n\000\000\000\000\000\000\000\000\000\000\001k\000\000\000\000\000\000\001k\000\000\000\000~\234�y",
> '\0' <repeats 12 times>, "MSNSL"...
> end = 0x82725a8 ""
> old_rx_buf = 0x8272378 "MSG yyyyyyyyyy at netbrasilcargas.com.br
> YYYYYYYY 510"
> len = <value optimized out>
> cur_len = 6
>
> #14 0x0805373f in purple_glib_io_invoke (source=0x9926ac0,
> condition=G_IO_IN,
> data=0x8a21888) at file.c:48
> closure = (PurpleGLibIOClosure *) 0x8a21888
> purple_cond = PURPLE_INPUT_READ
>
> #15 0xb7cb052c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #16 0xb7c898d6 in g_main_context_dispatch () from
> /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #17 0xb7c8c996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #18 0xb7c8ccb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
>
> #19 0x08054046 in main (argc=9, argv=0xbfa1bf74) at file.c:343
New description:
Purple crashes due to a failed memory allocation in the function
"msn_slplink_process_msg()" (slplink.c). The chunk of memory requested
seems to be in the order of 1.5GB. This message can be seen in the logs:
{{{
GLib-ERROR **: gmem.c:135: failed to allocate 1543569409 bytes
}}}
The full backtrace for the crash follows (account names have been masked):
{{{
#0 0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7d129a1 in raise () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2 0xb7d142b9 in abort () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3 0xb7c92006 in g_logv () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#4 0xb7c9203a in g_log () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#5 0xb7c91080 in g_malloc () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#6 0xb7ca0e27 in g_strndup () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#7 0xb7a795ca in msn_slp_process_msg (slplink=0x9923e78, slpmsg=0x6)
at slpcall.c:241
slpcall = <value optimized out>
body = (
const guchar *) 0x4c879008 "MSNSLP/1.0 603 Decline\r\nTo:
<msnmsgr:xxxxxxxxx at hotmail.com>\r\nFrom:
<msnmsgr:yyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP ;branch
={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
body_len = 1795227648
#8 0xb7a7a112 in msn_slplink_process_msg (slplink=0x9923e78,
msg=0x8c3e800)
at slplink.c:630
slpcall = <value optimized out>
slpmsg = (MsnSlpMessage *) 0x88983d8
data = 0x8292d08 "MSNSLP/1.0 603 Decline\r\nTo:
<msnmsgr:xxxxxxxxxx at hotmail.com>\r\nFrom:
<msnmsgr:yyyyyyyyyy at netbrasilcargas.com.br>\r\nVia: MSNSLP/1.0/TLP ;branch
={8C26733A-2E69-B9EF-4904-66878272565C}\r\nCSeq: 1\r\nCall-ID:"...
offset = 0
len = 359
__PRETTY_FUNCTION__ = "msn_slplink_process_msg"
#9 0xb7a780e5 in msn_p2p_msg (cmdproc=0x8cc7f08, msg=0x8c3e800) at
slp.c:762
slplink = (MsnSlpLink *) 0x9923e78
#10 0xb7a68d0f in msn_cmdproc_process_msg (cmdproc=0x8cc7f08,
msg=0x8c3e800)
at cmdproc.c:248
cb = (MsnMsgTypeCb) 0
#11 0xb7a7bd97 in msg_cmd_post (cmdproc=0x8cc7f08, cmd=0x95efff0,
payload=0x0,
len=0) at switchboard.c:739
msg = (MsnMessage *) 0x8c3e800
#12 0xb7a68c98 in msn_cmdproc_process_payload (cmdproc=0x8cc7f08,
payload=0x82723aa "MIME-Version: 1.0\r\nContent-Type:
application/x-msnmsgrp2p\r\nP2P-Dest: xxxxxxxx at hotmail.com\r\n\r\n",
payload_len=510)
at cmdproc.c:223
last = (MsnCommand *) 0x95efff0
__PRETTY_FUNCTION__ = "msn_cmdproc_process_payload"
#13 0xb7a770e9 in read_cb (data=0x9348368, source=127,
cond=PURPLE_INPUT_READ)
at servconn.c:441
buf = "MSG yyyyyyyyyyy at netbrasilcargas.com.br YYYYYYYY 510\r
\nMIME-Version: 1.0\r\nContent-Type: application/x-msnmsgrp2p\r\nP2P-Dest:
xxxxxxxxxx at hotmail.com\r\n\r\n\000\000\000\000j��\n\000\000\000\000\000\000\000\000\000\000\001k\000\000\000\000\000\000\001k\000\000\000\000~\234�y",
'\0' <repeats 12 times>, "MSNSL"...
end = 0x82725a8 ""
old_rx_buf = 0x8272378 "MSG yyyyyyyyyy at netbrasilcargas.com.br
YYYYYYYY 510"
len = <value optimized out>
cur_len = 6
#14 0x0805373f in purple_glib_io_invoke (source=0x9926ac0,
condition=G_IO_IN,
data=0x8a21888) at file.c:48
closure = (PurpleGLibIOClosure *) 0x8a21888
purple_cond = PURPLE_INPUT_READ
#15 0xb7cb052c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#16 0xb7c898d6 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#17 0xb7c8c996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#18 0xb7c8ccb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#19 0x08054046 in main (argc=9, argv=0xbfa1bf74) at file.c:343
}}}
Comment:
Can you provide an example of how to reproduce this? do you know what
client the other party was using?
--
Ticket URL: <http://developer.pidgin.im/ticket/2273#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list