Bug 41929

Summary: Crash when sending a message in a MUC
Product: Telepathy Reporter: Guillaume Desmottes <guillaume.desmottes>
Component: tp-glibAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: major    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: _tp_channel_contacts_queue_prepare_finish: don't assume item->contacts is not NULL

Description Guillaume Desmottes 2011-10-18 05:59:29 UTC 
- Join a XMPP muc
- Send a message

GLib-CRITICAL **: g_ptr_array_ref: assertion `array' failed

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007fffecae390c in g_logv (log_domain=0x7fffecb626c6 "GLib", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fffecb6b958 "%s: assertion `%s' failed", args1=0x7fffffffded0) at gmessages.c:570
570			G_BREAKPOINT ();
(gdb) bt full
#0  0x00007fffecae390c in g_logv (log_domain=0x7fffecb626c6 "GLib", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fffecb6b958 "%s: assertion `%s' failed", args1=0x7fffffffded0) at gmessages.c:570
        depth = 1
        domain = 0x0
        data = 0x52853b
        log_func = 0x43d1b0 <tp_debug_sender_log_handler@plt>
        domain_fatal_mask = 5
        masquerade_fatal = 0
        test_level = 10
        was_fatal = 0
        was_recursion = 0
        i = 3
#1  0x00007fffecae3a5c in g_log (log_domain=0x7fffecb626c6 "GLib", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fffecb6b958 "%s: assertion `%s' failed") at gmessages.c:591
        args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffdfb0, 
            reg_save_area = 0x7fffffffdef0}}
#2  0x00007fffecae3a9d in g_return_if_fail_warning (log_domain=0x7fffecb626c6 "GLib", 
    pretty_function=0x7fffecb628a0 "g_ptr_array_ref", expression=0x7fffecb626c0 "array") at gmessages.c:600
No locals.
#3  0x00007fffecaa48c6 in g_ptr_array_ref (array=0x0) at garray.c:905
        rarray = 0x0
        __PRETTY_FUNCTION__ = "g_ptr_array_ref"
#4  0x00007ffff2df9434 in _tp_channel_contacts_queue_prepare_finish (self=0xc32090, result=0xe6a240, 
    contacts=0x7fffffffe078, error=0x0) at channel-contacts.c:487
        simple = 0xe6a240
        item = 0xe0a3a0
        __PRETTY_FUNCTION__ = "_tp_channel_contacts_queue_prepare_finish"
#5  0x00007ffff2ea6243 in prepare_sender_finish (self=0xc32090, result=0xe6a240, error=0x0) at text-channel.c:289
        contacts = 0x100000000
        sender = 0x0
#6  0x00007ffff2ea698c in message_received_sender_ready_cb (object=0xc32090, result=0xe6a240, user_data=0xd73780)
    at text-channel.c:495
        self = 0xc32090
        parts = 0xd73780
        sender = 0x100000001
#7  0x00007fffed6b0820 in g_simple_async_result_complete (simple=0xe6a240) at gsimpleasyncresult.c:749
        current_source = 0xe52250
        current_context = 0x0
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
#8  0x00007ffff2df8ca3 in contacts_queue_head_ready (self=0xc32090, error=0x0) at channel-contacts.c:265
        item = 0xe0a3a0
        __PRETTY_FUNCTION__ = "contacts_queue_head_ready"
#9  0x00007ffff2df8e74 in contacts_queue_item_idle_cb (user_data=0xc32090) at channel-contacts.c:337
        self = 0xc32090
---Type <return> to continue, or q <return> to quit---
#10 0x00007fffecadc40f in g_idle_dispatch (source=0xe52250, 
    callback=0x7ffff2df8e4f <contacts_queue_item_idle_cb>, user_data=0xc32090) at gmain.c:4801
No locals.
#11 0x00007fffecad7cc3 in g_main_dispatch (context=0x794c70) at gmain.c:2441
        dispatch = 0x7fffecadc3c3 <g_idle_dispatch>
        was_in_call = 0
        user_data = 0xc32090
        callback = 0x7ffff2df8e4f <contacts_queue_item_idle_cb>
        cb_funcs = 0x7fffecdd0670
        cb_data = 0xf0aa50
        need_destroy = 200
        current_source_link = {data = 0xe52250, next = 0x0}
        source = 0xe52250
        current = 0x8f24b0
        i = 0
        __PRETTY_FUNCTION__ = "g_main_dispatch"
#12 0x00007fffecad9209 in g_main_context_dispatch (context=0x794c70) at gmain.c:3011
No locals.
#13 0x00007fffecad96b6 in g_main_context_iterate (context=0x794c70, block=1, dispatch=1, self=0x781450)
    at gmain.c:3089
        max_priority = 200
        timeout = 0
        some_ready = 1
        nfds = 10
        allocated_nfds = 10
        fds = 0xc81ca0
        __PRETTY_FUNCTION__ = "g_main_context_iterate"
#14 0x00007fffecad9e0f in g_main_loop_run (loop=0x858c70) at gmain.c:3297
        self = 0x781450
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#15 0x00007fffef76e28e in gtk_main () at gtkmain.c:1362
        loop = 0x858c70
#16 0x00007fffef6574cb in gtk_application_run_mainloop (application=0x7e90c0) at gtkapplication.c:115
No locals.
#17 0x00007fffed6ec6e1 in g_application_run (application=0x7e90c0, argc=1, argv=0x7fffffffe528)
    at gapplication.c:1323
        arguments = 0x858c70
        status = 0
        i = 1
        __PRETTY_FUNCTION__ = "g_application_run"
#18 0x0000000000459245 in main (argc=1, argv=0x7fffffffe528) at empathy.c:841
        app = 0x7e90c0
        retval = 0
Comment 1 Guillaume Desmottes 2011-10-18 06:47:32 UTC 
Created attachment 52474 [details] [review]
_tp_channel_contacts_queue_prepare_finish: don't assume item->contacts is not NULL

For example, when receiving a MUC delivery report we end up with a message
having no sender and so no contact to prepare.
Comment 2 Simon McVittie 2011-10-18 06:52:11 UTC 
Comment on attachment 52474 [details] [review]
_tp_channel_contacts_queue_prepare_finish: don't assume item->contacts is not NULL

Review of attachment 52474 [details] [review]:
-----------------------------------------------------------------

Looks good, with one trivial change:

::: tests/dbus/text-channel.c
@@ +923,4 @@
>    g_ptr_array_unref (parts);
>  }
>  
> +/* regression test for fdo #41929 */

g_test_bug ("41929") please?
Comment 3 Will Thompson 2011-10-18 06:52:29 UTC 
Comment on attachment 52474 [details] [review]
_tp_channel_contacts_queue_prepare_finish: don't assume item->contacts is not NULL

Review of attachment 52474 [details] [review]:
-----------------------------------------------------------------

Looks good, please commit to the stable branch and to master.
Comment 4 Guillaume Desmottes 2011-10-18 07:05:12 UTC 
Merged to 0.16; will be in 0.16.1
Comment 5 Guillaume Desmottes 2011-10-18 07:06:52 UTC 
(In reply to comment #2)
> Comment on attachment 52474 [details] [review] [review]
> _tp_channel_contacts_queue_prepare_finish: don't assume item->contacts is not
> NULL
> 
> Review of attachment 52474 [details] [review] [review]:
> -----------------------------------------------------------------
> 
> Looks good, with one trivial change:
> 
> ::: tests/dbus/text-channel.c
> @@ +923,4 @@
> >    g_ptr_array_unref (parts);
> >  }
> >  
> > +/* regression test for fdo #41929 */
> 
> g_test_bug ("41929") please?

Oh I missed this comment; I just added this in an extra commit.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.