Bug 27131

Summary: crashes when connecting from 2 machines on the same jabber
Product: Telepathy Reporter: Sebastien Bacher <seb128>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: 0.8   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Sebastien Bacher 2010-03-17 08:43:50 UTC 
Using lucid and telepathy-gablle 0.8.11, when connecting with empathy from 2 machines telepathy-gabble crashes

valgrind log shows

"==19046== Invalid read of size 4
==19046==    at 0x807EDBE: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:655)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AFDC: gabble_presence_set_capabilities (presence.c:266)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046==  Address 0x5c8463c is 4 bytes inside a block of size 12 free'd
==19046==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==19046==    by 0x4365DB5: g_free (gmem.c:191)
==19046==    by 0x807EDD4: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:658)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AE6D: gabble_presence_set_capabilities (presence.c:224)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046== 
==19046== Invalid free() / delete / delete[]
==19046==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==19046==    by 0x4365DB5: g_free (gmem.c:191)
==19046==    by 0x807EDCC: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:656)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AFDC: gabble_presence_set_capabilities (presence.c:266)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046==  Address 0x5c84800 is 0 bytes inside a block of size 55 free'd
==19046==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==19046==    by 0x4365DB5: g_free (gmem.c:191)
==19046==    by 0x807EDCC: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:656)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AE6D: gabble_presence_set_capabilities (presence.c:224)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046== 
==19046== Invalid free() / delete / delete[]
==19046==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==19046==    by 0x4365DB5: g_free (gmem.c:191)
==19046==    by 0x807EDD4: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:658)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AFDC: gabble_presence_set_capabilities (presence.c:266)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046==  Address 0x5c84638 is 0 bytes inside a block of size 12 free'd
==19046==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==19046==    by 0x4365DB5: g_free (gmem.c:191)
==19046==    by 0x807EDD4: gabble_private_tubes_factory_free_feat (private-tubes-factory.c:658)
==19046==    by 0x434EBA7: g_hash_table_remove_all_nodes (ghash.c:488)
==19046==    by 0x434F0DC: g_hash_table_remove_all (ghash.c:1166)
==19046==    by 0x434F18C: g_hash_table_destroy (ghash.c:873)
==19046==    by 0x807FA83: gabble_private_tubes_factory_free_caps (private-tubes-factory.c:715)
==19046==    by 0x80AFD7F: gabble_caps_channel_manager_free_capabilities (caps-channel-manager.c:122)
==19046==    by 0x807C184: free_caps_helper (presence-cache.c:866)
==19046==    by 0x434E25B: g_hash_table_foreach (ghash.c:1325)
==19046==    by 0x807BCB7: gabble_presence_cache_free_cache_entry (presence-cache.c:876)
==19046==    by 0x807AE6D: gabble_presence_set_capabilities (presence.c:224)
==19046==    by 0x807E39C: gabble_presence_cache_lm_message_cb (presence-cache.c:1366)
==19046==    by 0x40BFF7F: _lm_message_handler_handle_message (lm-message-handler.c:47)
==19046==    by 0x40BDED7: connection_message_queue_cb (lm-connection.c:291)
==19046==    by 0x40C0B7E: message_queue_dispatch_func (lm-message-queue.c:100)
==19046==    by 0x435D394: g_main_context_dispatch (gmain.c:1960)
==19046==    by 0x4361087: g_main_context_iterate (gmain.c:2591)
==19046==    by 0x43615C6: g_main_loop_run (gmain.c:2799)
==19046==    by 0x41A899E: tp_run_connection_manager (in /usr/lib/libtelepathy-glib.so.0.32.1)
==19046==    by 0x8057343: gabble_main (gabble.c:161)
==19046==    by 0x805726F: main (main.c:28)
==19046== 
"
Comment 1 Guillaume Desmottes 2010-03-18 08:30:07 UTC 
Fixed in 0.8.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.