Bug 19524

Summary: Gabble crashes when removing a handle from the known list
Product: Telepathy Reporter: Marco Barisione <marco.barisione>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Marco Barisione 2009-01-12 12:09:39 UTC 
I was trying to completely reset the contact list in one of my test accounts,

I deleted all of the contacts in Empathy trying to completely reset the contact list in one of my test accounts, but Empathy doesn't show the known list so I tried with telepathy-inspector but gabble crashed.

Exact steps to reproduce the crash:
1 - Connect to your account with empathy
2 - Have some contacts that are only in the XMPP known list (it happened when deleting them from empathy)
3 - Start telepathy-inspector
4 - Show the active connection
5 - In the connection tab double-click on the known list
6 - In the group tab remove a handle
→ Gabble crashes

Log:
** (telepathy-gabble:6473): DEBUG: _gabble_roster_channel_remove_member_cb: called on known with handle 2 (test1@collabora.co.uk) ""
** (telepathy-gabble:6473): DEBUG: gabble_roster_handle_remove: immediate edit to contact#2 - change subscription to REMOVE
** (telepathy-gabble:6473): DEBUG: _gabble_roster_get_channel: Looking up channel 3:1 "publish"
** (telepathy-gabble:6473): DEBUG: _gabble_roster_get_channel: Looking up channel 3:2 "subscribe"
** (telepathy-gabble:6473): DEBUG: _gabble_roster_item_update: name for contact#2 changed to (null)
** (telepathy-gabble:6473): DEBUG: _gabble_roster_item_update: Checking which groups contact#2 was just added to:
** (telepathy-gabble:6473): DEBUG: _gabble_roster_item_update: Checking which groups contact#2 was just removed from:
** (telepathy-gabble:6473): DEBUG: gabble_roster_iq_cb: jid: test1@collabora.co.uk, subscription: remove
** (telepathy-gabble:6473): DEBUG: gabble_roster_iq_cb: calling change members on publish channel
(telepathy-gabble:6473): tp-glib-DEBUG: tp_group_mixin_change_members: not emitting signal, nothing changed
** (telepathy-gabble:6473): DEBUG: gabble_roster_iq_cb: calling change members on subscribe channel
(telepathy-gabble:6473): tp-glib-DEBUG: tp_group_mixin_change_members: not emitting signal, nothing changed
** (telepathy-gabble:6473): DEBUG: _gabble_roster_get_channel: Looking up channel 3:3 "known"
** (telepathy-gabble:6473): DEBUG: gabble_roster_iq_cb: calling change members on known channel
tp_group_mixin_change_members: emitting members changed
  message       : ""
  added         : []
  removed       : [2 (test1@collabora.co.uk)]
  local_pending : []
  remote_pending: []
  actor         : 0
  reason        : 0: unspecified reason
** (telepathy-gabble:6473): DEBUG: gabble_roster_iq_cb: calling change members on any group channels
**
ERROR:roster.c:459:_gabble_roster_item_get: assertion failed: (tp_handle_is_valid (contact_repo, handle, NULL))

Program received signal SIGABRT, Aborted.
0x00007f234c6f8ed5 in raise () from /lib/libc.so.6


Backtrace:
#0  0x00007f234c6f8ed5 in raise () from /lib/libc.so.6
#1  0x00007f234c6fa3f3 in abort () from /lib/libc.so.6
#2  0x00007f234cd4f8a0 in g_assertion_message () from /usr/lib/libglib-2.0.so.0
#3  0x00007f234cd4fd32 in g_assertion_message_expr () from /usr/lib/libglib-2.0.so.0
#4  0x00000000004309ea in _gabble_roster_item_get (roster=0x2375c00, handle=2) at roster.c:459
#5  0x000000000043417b in roster_edited_cb (conn=0x23780a0, sent_msg=0x23872f0, reply_msg=0x2675390, roster_obj=0x2375c00, user_data=0x2)
    at roster.c:2053
#6  0x0000000000412d2b in message_send_reply_cb (handler=0x236aba0, connection=0x2376a10, reply_msg=0x2675390, user_data=0x2675860)
    at connection.c:939
#7  0x00007f234d1edd9f in ?? () from /usr/lib/libloudmouth-1.so.0
#8  0x00007f234d1ef1e7 in ?? () from /usr/lib/libloudmouth-1.so.0
#9  0x00007f234cd29aab in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#10 0x00007f234cd2d26d in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00007f234cd2d79d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#12 0x00007f234caae3ec in tp_run_connection_manager (prog_name=0x47a2f8 "telepathy-gabble", version=0x47a2ef "0.7.18.1", 
    construct_cm=0x41066c <construct_cm>, argc=1, argv=0x7fff55cbf278) at run.c:264
#13 0x00000000004107bb in gabble_main (argc=1, argv=0x7fff55cbf278) at gabble.c:76
#14 0x0000000000410667 in main (argc=1, argv=0x7fff55cbf278) at main.c:27
Comment 1 Senko Rasic 2009-01-20 04:39:35 UTC 
Crash was due to handle not being referenced when the call+callback
is set, so in the event of item deletion handle could become invalid
before the roster_edited_cb callback finishes with it.

The fix is to properly ref/unref handles when using roster_edited_cb.
Fix is merged to git master and will be included in the next
gabble release.
Comment 2 Simon McVittie 2009-02-09 07:19:34 UTC 
Fixed in 0.7.19

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.