[Pidgin] #3470: crash with pidgin 2.5.1 using msn

Pidgin trac at pidgin.im
Thu Sep 25 23:08:19 EDT 2008


#3470: crash with pidgin 2.5.1 using msn
--------------------------------+-------------------------------------------
 Reporter:  JosephHeenan        |        Owner:  khc
     Type:  defect              |       Status:  new
Milestone:                      |    Component:  MSN
  Version:  2.5.1               |   Resolution:     
 Keywords:  msn crash valgrind  |  
--------------------------------+-------------------------------------------

Old description:

> I've been suffering crashes with recent pidgin versions on debian stable.
>
> There doesn't seem to be an obvious pattern to when the crashes happen.
>
> Here's a backtrace:
>
> {{{
> (gdb) run
> Starting program: /usr/local/bin/pidgin
> [Thread debugging using libthread_db enabled]
> [New Thread -1219705152 (LWP 19155)]
> *** glibc detected *** corrupted double-linked list: 0x08765ca0 ***
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread -1219705152 (LWP 19155)]
> 0xb754a947 in raise () from /lib/tls/libc.so.6
> (gdb) bt full
> #0  0xb754a947 in raise () from /lib/tls/libc.so.6
> No symbol table info available.
> #1  0xb754c0c9 in abort () from /lib/tls/libc.so.6
> No symbol table info available.
> #2  0xb758016a in __fsetlocking () from /lib/tls/libc.so.6
> No symbol table info available.
> #3  0xb75861ec in malloc_usable_size () from /lib/tls/libc.so.6
> No symbol table info available.
> #4  0xb7587807 in mallopt () from /lib/tls/libc.so.6
> No symbol table info available.
> #5  0xb7587ad2 in free () from /lib/tls/libc.so.6
> No symbol table info available.
> #6  0xb77f7b31 in g_free () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #7  0xb71f5f5b in msn_transaction_destroy (trans=0x8765d40) at
> transaction.c:60
>         __PRETTY_FUNCTION__ = "msn_transaction_destroy"
> #8  0xb71e1920 in msn_history_destroy (history=0x8730728) at history.c:45
> No locals.
> #9  0xb71dffc5 in msn_cmdproc_destroy (cmdproc=0x8765db8) at cmdproc.c:51
> No locals.
> #10 0xb71ee773 in msn_servconn_destroy (servconn=0x87a21f0) at
> servconn.c:87
>         __PRETTY_FUNCTION__ = "msn_servconn_destroy"
> #11 0xb71e2b73 in read_cb (data=0x87a2248, source=13,
> cond=PURPLE_INPUT_READ)
>     at httpconn.c:395
>         full_session_id = 0x87adef0 "\230:P\b323853.287713497"
>         cur = (char **) 0x85b2818
>         tokens = (char **) 0x87b3290
>         httpconn = <value optimized out>
>         buf = "HTTP/1.0 200 OK\r\nContent-Length: 200\r\nContent-Type:
> application/x-msn-messenger\r\nX-MSN-Messenger:
> SessionID=1969323853.287713497; GW-IP=64.4.36.21\r\nDate: Sat, 06 Oct
> 2007 21:18:08 GMT\r\nX-Cache: MISS f"...
>         end = 0xb <Address 0xb out of bounds>
>         len = <value optimized out>
>         cur_len = <value optimized out>
>         result_msg = 0x87ade00 "MSG xxxxx_at_work at ntlworld.com Frank 151"
>         result_len = 200
> #12 0x080a0113 in pidgin_io_invoke (source=0x8796780, condition=G_IO_IN,
>     data=0x85a45c0) at gtkeventloop.c:78
>         purple_cond = PURPLE_INPUT_READ
> #13 0xb7819c7f in g_io_channel_unix_get_fd () from
> /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #14 0xb77f0731 in g_main_context_dispatch () from
> /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #15 0xb77f37a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #16 0xb77f3b67 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
> No symbol table info available.
> #17 0xb7da8281 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
> No symbol table info available.
> #18 0x080b747f in main (argc=Cannot access memory at address 0x6
> ) at gtkmain.c:853
>         display = <value optimized out>
>         opt_help = <value optimized out>
>         opt_login = 0
>         opt_nologin = 0
>         opt_version = <value optimized out>
>         opt_si = 1
>         opt_config_dir_arg = 0x0
>         opt_login_arg = 0x0
>         opt_session_arg = 0x0
>         accounts = (GList *) 0x0
>         sig_indx = <value optimized out>
>         sigset = {__val = {91143, 0 <repeats 31 times>}}
>         prev_sig_disp = <value optimized out>
>         errmsg = '\0' <repeats 508 times>, "Ðtf·H#£¿i
> û·\004ëL·Ütf·ô¿û·\220rf·@Qe·È%£¿\234Æú·\004ëL·\025We·", '\0' <repeats 16
> times>, "\004ëL·\000\000\000\000 Àû·", '\0' <repeats 12 times>, "\b3O·",
> '\0' <repeats 16 times>, "\025We·\000\000\000\000Ðtf·¼#£¿i
> û·~BM·Ütf·ô¿û·\220rf·@Qe·<&£¿\234Æú·~BM·\025We·", '\0' <repeats 16
> times>, "~BM·\000\000\000\000 Àû·", '\0' <repeats 13 times>, "0O·", '\0'
> <repeats 16 times>...
>         segfault_message_tmp = <value optimized out>
>         error = (GError *) 0x0
>         opt = <value optimized out>
>         gui_check = <value optimized out>
>

>

>
>         debug_enabled = <value optimized out>
>         migration_failed = <value optimized out>
>         active_accounts = <value optimized out>
>         long_options = {{name = 0x80f560d "config", has_arg = 1, flag =
> 0x0,
>     val = 99}, {name = 0x80e6d3f "debug", has_arg = 0, flag = 0x0, val =
> 100},
>   {name = 0x80e9968 "help", has_arg = 0, flag = 0x0, val = 104}, {
>     name = 0x80e6ff7 "login", has_arg = 2, flag = 0x0, val = 108}, {
>     name = 0x80f21b3 "multiple", has_arg = 0, flag = 0x0, val = 109}, {
>     name = 0x80f21bc "nologin", has_arg = 0, flag = 0x0, val = 110}, {
>     name = 0x80f5603 "session", has_arg = 1, flag = 0x0, val = 115}, {
>     name = 0x80eb363 "version", has_arg = 0, flag = 0x0, val = 118}, {
>     name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
> }}}
>
> Here's some relevant looking output when run under valgrind:
>

> {{{
> ==21715== Invalid read of size 4
> ==21715==    at 0x4FE1453: ack_cmd (switchboard.c:770)
> ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
> ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
> ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
> ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
> ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4799730: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479CB66: g_main_loop_run (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4184280: gtk_main (in
> /usr/lib/libgtk-x11-2.0.so.0.800.20)
> ==21715==    by 0x80B747E: main (gtkmain.c:853)
> ==21715==  Address 0x510533C is 108 bytes inside a block of size 124
> free'd
> ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
> ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
> ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
> ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
> ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
> ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
> ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
> ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
> ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
> ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
> ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
> ==21715==
> ==21715== Invalid read of size 4
> ==21715==    at 0x4FE145A: ack_cmd (switchboard.c:771)
> ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
> ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
> ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
> ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
> ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4799730: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479CB66: g_main_loop_run (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4184280: gtk_main (in
> /usr/lib/libgtk-x11-2.0.so.0.800.20)
> ==21715==    by 0x80B747E: main (gtkmain.c:853)
> ==21715==  Address 0x5105344 is 116 bytes inside a block of size 124
> free'd
> ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
> ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
> ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
> ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
> ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
> ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
> ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
> ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
> ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
> ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
> ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
> ==21715==
> ==21715== Invalid read of size 4
> ==21715==    at 0x4FDFF82: msg_ack (slplink.c:280)
> ==21715==    by 0x4FE1465: ack_cmd (switchboard.c:771)
> ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
> ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
> ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
> ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
> ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4799730: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479CB66: g_main_loop_run (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4184280: gtk_main (in
> /usr/lib/libgtk-x11-2.0.so.0.800.20)
> ==21715==    by 0x80B747E: main (gtkmain.c:853)
> ==21715==  Address 0x510530C is 60 bytes inside a block of size 124
> free'd
> ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
> ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
> ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
> ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
> ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
> ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
> ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
> ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
> ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
> ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
> ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
> ==21715==
> ==21715== Invalid read of size 4
> ==21715==    at 0x4FD19FE: msn_message_unref (msg.c:99)
> ==21715==    by 0x4FE1489: ack_cmd (switchboard.c:776)
> ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
> ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
> ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
> ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
> ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4799730: g_main_context_dispatch (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x479CB66: g_main_loop_run (in
> /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4184280: gtk_main (in
> /usr/lib/libgtk-x11-2.0.so.0.800.20)
> ==21715==    by 0x80B747E: main (gtkmain.c:853)
> ==21715==  Address 0x51052D0 is 0 bytes inside a block of size 124 free'd
> ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
> ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
> ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
> ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
> ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
> ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
> ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
> ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
> ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
> ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
> ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
> ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
> }}}

New description:

 I've been suffering crashes with recent pidgin versions on debian stable.

 There doesn't seem to be an obvious pattern to when the crashes happen.

 Here's a backtrace:

 {{{
 (gdb) run
 Starting program: /usr/local/bin/pidgin
 [Thread debugging using libthread_db enabled]
 [New Thread -1219705152 (LWP 19155)]
 *** glibc detected *** corrupted double-linked list: 0x08765ca0 ***

 Program received signal SIGABRT, Aborted.
 [Switching to Thread -1219705152 (LWP 19155)]
 0xb754a947 in raise () from /lib/tls/libc.so.6
 (gdb) bt full
 #0  0xb754a947 in raise () from /lib/tls/libc.so.6
 No symbol table info available.
 #1  0xb754c0c9 in abort () from /lib/tls/libc.so.6
 No symbol table info available.
 #2  0xb758016a in __fsetlocking () from /lib/tls/libc.so.6
 No symbol table info available.
 #3  0xb75861ec in malloc_usable_size () from /lib/tls/libc.so.6
 No symbol table info available.
 #4  0xb7587807 in mallopt () from /lib/tls/libc.so.6
 No symbol table info available.
 #5  0xb7587ad2 in free () from /lib/tls/libc.so.6
 No symbol table info available.
 #6  0xb77f7b31 in g_free () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.
 #7  0xb71f5f5b in msn_transaction_destroy (trans=0x8765d40) at
 transaction.c:60
         __PRETTY_FUNCTION__ = "msn_transaction_destroy"
 #8  0xb71e1920 in msn_history_destroy (history=0x8730728) at history.c:45
 No locals.
 #9  0xb71dffc5 in msn_cmdproc_destroy (cmdproc=0x8765db8) at cmdproc.c:51
 No locals.
 #10 0xb71ee773 in msn_servconn_destroy (servconn=0x87a21f0) at
 servconn.c:87
         __PRETTY_FUNCTION__ = "msn_servconn_destroy"
 #11 0xb71e2b73 in read_cb (data=0x87a2248, source=13,
 cond=PURPLE_INPUT_READ)
     at httpconn.c:395
         full_session_id = 0x87adef0 "\230:P\b323853.287713497"
         cur = (char **) 0x85b2818
         tokens = (char **) 0x87b3290
         httpconn = <value optimized out>
         buf = "HTTP/1.0 200 OK\r\nContent-Length: 200\r\nContent-Type:
 application/x-msn-messenger\r\nX-MSN-Messenger:
 SessionID=1969323853.287713497; GW-IP=64.4.36.21\r\nDate: Sat, 06 Oct 2007
 21:18:08 GMT\r\nX-Cache: MISS f"...
         end = 0xb <Address 0xb out of bounds>
         len = <value optimized out>
         cur_len = <value optimized out>
         result_msg = 0x87ade00 "MSG xxxxx_at_work at ntlworld.com Frank 151"
         result_len = 200
 #12 0x080a0113 in pidgin_io_invoke (source=0x8796780, condition=G_IO_IN,
     data=0x85a45c0) at gtkeventloop.c:78
         purple_cond = PURPLE_INPUT_READ
 #13 0xb7819c7f in g_io_channel_unix_get_fd () from
 /usr/lib/libglib-2.0.so.0
 No symbol table info available.
 #14 0xb77f0731 in g_main_context_dispatch () from
 /usr/lib/libglib-2.0.so.0
 No symbol table info available.
 #15 0xb77f37a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.
 #16 0xb77f3b67 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
 No symbol table info available.
 #17 0xb7da8281 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
 No symbol table info available.
 #18 0x080b747f in main (argc=Cannot access memory at address 0x6
 ) at gtkmain.c:853
         display = <value optimized out>
         opt_help = <value optimized out>
         opt_login = 0
         opt_nologin = 0
         opt_version = <value optimized out>
         opt_si = 1
         opt_config_dir_arg = 0x0
         opt_login_arg = 0x0
         opt_session_arg = 0x0
         accounts = (GList *) 0x0
         sig_indx = <value optimized out>
         sigset = {__val = {91143, 0 <repeats 31 times>}}
         prev_sig_disp = <value optimized out>
         errmsg = '\0' <repeats 508 times>, "Ðtf·H#£¿i
 û·\004ëL·Ütf·ô¿û·\220rf·@Qe·È%£¿\234Æú·\004ëL·\025We·", '\0' <repeats 16
 times>, "\004ëL·\000\000\000\000 Àû·", '\0' <repeats 12 times>, "\b3O·",
 '\0' <repeats 16 times>, "\025We·\000\000\000\000Ðtf·¼#£¿i
 û·~BM·Ütf·ô¿û·\220rf·@Qe·<&£¿\234Æú·~BM·\025We·", '\0' <repeats 16 times>,
 "~BM·\000\000\000\000 Àû·", '\0' <repeats 13 times>, "0O·", '\0' <repeats
 16 times>...
         segfault_message_tmp = <value optimized out>
         error = (GError *) 0x0
         opt = <value optimized out>
         gui_check = <value optimized out>






         debug_enabled = <value optimized out>
         migration_failed = <value optimized out>
         active_accounts = <value optimized out>
         long_options = {{name = 0x80f560d "config", has_arg = 1, flag =
 0x0,
     val = 99}, {name = 0x80e6d3f "debug", has_arg = 0, flag = 0x0, val =
 100},
   {name = 0x80e9968 "help", has_arg = 0, flag = 0x0, val = 104}, {
     name = 0x80e6ff7 "login", has_arg = 2, flag = 0x0, val = 108}, {
     name = 0x80f21b3 "multiple", has_arg = 0, flag = 0x0, val = 109}, {
     name = 0x80f21bc "nologin", has_arg = 0, flag = 0x0, val = 110}, {
     name = 0x80f5603 "session", has_arg = 1, flag = 0x0, val = 115}, {
     name = 0x80eb363 "version", has_arg = 0, flag = 0x0, val = 118}, {
     name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
 }}}

 Here's some relevant looking output when run under valgrind:


 {{{
 ==21715== Invalid read of size 4
 ==21715==    at 0x4FE1453: ack_cmd (switchboard.c:770)
 ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
 ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
 ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
 ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
 ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4799730: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479CB66: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4184280: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.800.20)
 ==21715==    by 0x80B747E: main (gtkmain.c:853)
 ==21715==  Address 0x510533C is 108 bytes inside a block of size 124
 free'd
 ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
 ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
 ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
 ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
 ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
 ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
 ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
 ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
 ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
 ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
 ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
 ==21715==
 ==21715== Invalid read of size 4
 ==21715==    at 0x4FE145A: ack_cmd (switchboard.c:771)
 ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
 ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
 ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
 ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
 ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4799730: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479CB66: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4184280: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.800.20)
 ==21715==    by 0x80B747E: main (gtkmain.c:853)
 ==21715==  Address 0x5105344 is 116 bytes inside a block of size 124
 free'd
 ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
 ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
 ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
 ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
 ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
 ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
 ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
 ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
 ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
 ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
 ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
 ==21715==
 ==21715== Invalid read of size 4
 ==21715==    at 0x4FDFF82: msg_ack (slplink.c:280)
 ==21715==    by 0x4FE1465: ack_cmd (switchboard.c:771)
 ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
 ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
 ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
 ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
 ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4799730: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479CB66: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4184280: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.800.20)
 ==21715==    by 0x80B747E: main (gtkmain.c:853)
 ==21715==  Address 0x510530C is 60 bytes inside a block of size 124 free'd
 ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
 ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
 ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
 ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
 ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
 ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
 ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
 ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
 ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
 ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
 ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
 ==21715==
 ==21715== Invalid read of size 4
 ==21715==    at 0x4FD19FE: msn_message_unref (msg.c:99)
 ==21715==    by 0x4FE1489: ack_cmd (switchboard.c:776)
 ==21715==    by 0x4FCD91B: msn_cmdproc_process_cmd (cmdproc.c:313)
 ==21715==    by 0x4FCDA83: msn_cmdproc_process_cmd_text (cmdproc.c:335)
 ==21715==    by 0x4FD0A0E: read_cb (httpconn.c:380)
 ==21715==    by 0x80A0112: pidgin_io_invoke (gtkeventloop.c:78)
 ==21715==    by 0x47C2C7E: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4799730: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479C7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x479CB66: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4184280: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.800.20)
 ==21715==    by 0x80B747E: main (gtkmain.c:853)
 ==21715==  Address 0x51052D0 is 0 bytes inside a block of size 124 free'd
 ==21715==    at 0x401CFA5: free (vg_replace_malloc.c:233)
 ==21715==    by 0x47A0B30: g_free (in /usr/lib/libglib-2.0.so.0.1200.4)
 ==21715==    by 0x4FD1999: msn_message_destroy (msg.c:78)
 ==21715==    by 0x4FD1A20: msn_message_unref (msg.c:109)
 ==21715==    by 0x4FE1611: msg_error_helper (switchboard.c:468)
 ==21715==    by 0x4FE24BE: msn_switchboard_destroy (switchboard.c:105)
 ==21715==    by 0x4FE25E8: msn_switchboard_close (switchboard.c:1208)
 ==21715==    by 0x4FE2656: msn_switchboard_release (switchboard.c:1230)
 ==21715==    by 0x4FE015A: msn_slplink_remove_slpcall (slplink.c:199)
 ==21715==    by 0x4FDEEFD: msn_slp_call_destroy (slpcall.c:118)
 ==21715==    by 0x4FDFE38: msn_slplink_process_msg (slplink.c:653)
 ==21715==    by 0x4FDDD8C: msn_p2p_msg (slp.c:762)
 }}}

--

Comment(by khc):

 ugh of course, the valgrind trace is really old, but I thought it's
 updated because trac claims the description was modified

-- 
Ticket URL: <http://developer.pidgin.im/ticket/3470#comment:12>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list