[Pidgin] #8604: double free in oscar / purple_circ_buffer

Pidgin trac at pidgin.im
Thu Mar 19 20:28:19 EDT 2009 

#8604: double free in oscar / purple_circ_buffer
--------------------+-------------------------------------------------------
 Reporter:  tmm1    |           Owner:         
     Type:  defect  |          Status:  pending
Milestone:          |       Component:  AIM    
  Version:  2.5.5   |      Resolution:         
 Keywords:          |   Launchpad_bug:         
--------------------+-------------------------------------------------------
Changes (by tmm1):

  * status:  pending => new
  * version:  2.5.2 => 2.5.5


Comment:

 I ran into this again with 2.5.5.

 {{{
 *** glibc detected *** double free or corruption (!prev):
 0x000000000179e800 ***

 Program terminated with signal 6, Aborted.
 #0  0x00007f78136b107b in raise () from /lib/libc.so.6
 (gdb) bt
 #0  0x00007f78136b107b in raise () from /lib/libc.so.6
 #1  0x00007f78136b284e in abort () from /lib/libc.so.6
 #2  0x00007f78136e75f9 in __fsetlocking () from /lib/libc.so.6
 #3  0x00007f78136ee163 in mallopt () from /lib/libc.so.6
 #4  0x00007f78136ee1ee in free () from /lib/libc.so.6
 #5  0x00007f7814082581 in purple_circ_buffer_destroy (buf=0x193b600) at
 circbuffer.c:40
 #6  0x00007f78127847a5 in flap_connection_close (od=0x14df360,
 conn=0x147a810) at flap_connection.c:391
 #7  0x00007f78127848bd in flap_connection_destroy_cb (data=<value
 optimized out>) at flap_connection.c:475
 #8  0x00007f7813ec390b in g_timeout_dispatch () from
 /custom/lib/libglib-2.0.so.0
 #9  0x00007f7813ec31e2 in g_main_context_dispatch () from
 /custom/lib/libglib-2.0.so.0
 #10 0x00007f7813ec64c5 in g_main_context_iterate () from
 /custom/lib/libglib-2.0.so.0
 #11 0x00007f7813ec67bd in g_main_loop_run () from
 /custom/lib/libglib-2.0.so.0

 (gdb) frame 5
 #5  0x00007f7814082581 in purple_circ_buffer_destroy (buf=0x193b600) at
 circbuffer.c:40
 40              g_free(buf->buffer);

 (gdb) p buf
 $1 = (PurpleCircBuffer *) 0x193b600

 (gdb) p buf->buffer
 $2 = (gchar *) 0x179e800 "3\001?;"

 (gdb) frame 6
 #6  0x00007f78127847a5 in flap_connection_close (od=0x14df360,
 conn=0x147a810) at flap_connection.c:391
 391             purple_circ_buffer_destroy(conn->buffer_outgoing);

 (gdb) frame 7
 #7  0x00007f78127848bd in flap_connection_destroy_cb (data=<value
 optimized out>) at flap_connection.c:475
 475             flap_connection_close(od, conn);
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/8604#comment:2>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list