Bug 76465

Summary: telepathy-gabble segfaults in stun_server_resolved_cb()
Product: Telepathy Reporter: Sebastien Bacher <seb128>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: wocky-jingle-info: don't try using self if it's NULL

Description Sebastien Bacher 2014-03-21 18:30:03 UTC 
The bug has been reported on https://bugs.launchpad.net/ubuntu/+source/telepathy-gabble/+bug/1237191

The reports seem to have started with 0.18 in raring

Backtrace of the issue

"#0  stun_server_resolved_cb (resolver=0x1296310, result=0x15aab60, user_data=0x18f4ce0) at wocky-jingle-info.c:277
        data = 0x18f4ce0
        self = 0x0
        priv = <optimized out>
        e = 0x0
        address = <optimized out>
        entries = <optimized out>
        __func__ = "stun_server_resolved_cb"
#1  0x00007f25c98dae3b in g_task_return_now (task=0x15aab60) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1108
No locals.
#2  0x00007f25c98db4a6 in g_task_return (task=0x15aab60, type=<optimized out>) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1161
        source = 0x126c750
        type = <optimized out>
        task = 0x15aab60
#3  0x00007f25c96203b7 in _g_closure_invoke_va (closure=0x12ac070, return_value=0x0, instance=0x7f25c00079a0, args=0x7fffee1f2f48, n_params=0, param_types=0x0) at /build/buildd/glib2.0-2.38.0/./gobject/gclosure.c:840
        marshal = 0x7f25c9621f10 <g_cclosure_marshal_VOID__VOIDv>
        marshal_data = 0x0
        in_marshal = 0
        real_closure = 0x12ac050
        __PRETTY_FUNCTION__ = "_g_closure_invoke_va"
#4  0x00007f25c9638e82 in g_signal_emit_valist (instance=0x7f25c00079a0, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffee1f2f48) at /build/buildd/glib2.0-2.38.0/./gobject/gsignal.c:3238
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        accumulator = 0x0
        emission = {next = 0x0, instance = 0x7f25c00079a0, ihint = {signal_id = 47, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 19281632}
        signal_id = 47
        instance_type = <optimized out>
        emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        rtype = 4
        static_scope = 0
        fastpath_handler = <optimized out>
        closure = 0x12ac070
        run_type = <optimized out>
        l = <optimized out>
        fastpath = <optimized out>
        instance_and_params = <optimized out>
        signal_return_type = <optimized out>
        param_values = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __PRETTY_FUNCTION__ = "g_signal_emit_valist"
        __FUNCTION__ = "g_signal_emit_valist"
#5  0x00007f25c9639ae2 in g_signal_emit (instance=instance@entry=0x7f25c00079a0, signal_id=<optimized out>, detail=detail@entry=0) at /build/buildd/glib2.0-2.38.0/./gobject/gsignal.c:3386
        var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffee1f3020, reg_save_area = 0x7fffee1f2f60}}
#6  0x00007f25c98975f5 in g_cancellable_cancel (cancellable=0x7f25c00079a0) at /build/buildd/glib2.0-2.38.0/./gio/gcancellable.c:503
        priv = 0x7f25c0007990
#7  0x00007f25c9623c8f in weak_refs_notify (data=0x1f07e50) at /build/buildd/glib2.0-2.38.0/./gobject/gobject.c:2643
        wstack = 0x1f07e50
        i = 1
#8  0x00007f25c9624abc in g_object_unref (_object=0x19a8c90) at /build/buildd/glib2.0-2.38.0/./gobject/gobject.c:3160
        weak_locations = 0x0
        object = 0x19a8c90
        old_ref = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_unref"
#9  0x00007f25ca2499de in wocky_jingle_factory_dispose (object=0x129de20) at wocky-jingle-factory.c:149
        _pp = 0x129de10
        _p = <optimized out>
        fac = 0x129de20
        priv = 0x129dde0
        iter = {dummy1 = 0x1295c00, dummy2 = 0x3d, dummy3 = 0x129de30, dummy4 = 8, dummy5 = 0, dummy6 = 0x0}
        val = 0x0
        __func__ = "wocky_jingle_factory_dispose"
#10 0x00007f25c9624abc in g_object_unref (_object=0x129de20) at /build/buildd/glib2.0-2.38.0/./gobject/gobject.c:3160
        weak_locations = 0x0
        object = 0x129de20
        old_ref = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_unref"
#11 0x00000000004380d8 in gabble_jingle_mint_dispose (object=0x15d7f60) at jingle-mint.c:151
        _pp = <optimized out>
        _p = <optimized out>
        self = <optimized out>
        priv = <optimized out>
        parent_class = 0x122cf40
#12 0x00007f25c9624abc in g_object_unref (_object=0x15d7f60) at /build/buildd/glib2.0-2.38.0/./gobject/gobject.c:3160
        weak_locations = 0x0
        object = 0x15d7f60
        old_ref = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_unref"
#13 0x00000000004557fc in gabble_connection_dispose (object=0x12648c0) at connection.c:1281
        _tp_clear_pointer_tmp = <optimized out>
        self = 0x12648c0
        base = 0x12648c0
        priv = 0x12646d0
        __func__ = "gabble_connection_dispose"
#14 0x00007f25c9624abc in g_object_unref (_object=0x12648c0) at /build/buildd/glib2.0-2.38.0/./gobject/gobject.c:3160
        weak_locations = 0x0
        object = 0x12648c0
        old_ref = <optimized out>
        __PRETTY_FUNCTION__ = "g_object_unref"
#15 0x00007f25c96395ef in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffee1f32f8) at /build/buildd/glib2.0-2.38.0/./gobject/gsignal.c:3288
        return_accu = <optimized out>
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        accumulator = <optimized out>
        emission = {next = 0x0, instance = 0x12648c0, ihint = {signal_id = 18, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
        signal_id = <optimized out>
        instance_type = <optimized out>
        emission_return = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        rtype = <optimized out>
        static_scope = <optimized out>
        fastpath_handler = <optimized out>
        closure = 0x1ecb6c0
        run_type = <optimized out>
        l = <optimized out>
        fastpath = <optimized out>
        instance_and_params = <optimized out>
        signal_return_type = <optimized out>
        param_values = <optimized out>
        i = <optimized out>
        n_params = <optimized out>
        __PRETTY_FUNCTION__ = "g_signal_emit_valist"
        __FUNCTION__ = "g_signal_emit_valist"
#16 0x00007f25c9639ae2 in g_signal_emit (instance=instance@entry=0x12648c0, signal_id=<optimized out>, detail=detail@entry=0) at /build/buildd/glib2.0-2.38.0/./gobject/gsignal.c:3386
        var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffee1f33d0, reg_save_area = 0x7fffee1f3310}}
#17 0x00007f25c9e5d4f7 in tp_base_connection_finish_shutdown (self=self@entry=0x12648c0) at base-connection.c:2864
        contexts = <optimized out>
        i = <optimized out>
        __PRETTY_FUNCTION__ = "tp_base_connection_finish_shutdown"
#18 0x0000000000456cce in closed_cb (source=0x12b3330, res=0x19a8f50, user_data=<optimized out>) at connection.c:2319
        self = <optimized out>
        priv = 0x12646d0
        base = 0x12648c0
        error = 0x0
        __func__ = "closed_cb"
#19 0x00007f25c98cea67 in g_simple_async_result_complete (simple=0x19a8f50) at /build/buildd/glib2.0-2.38.0/./gio/gsimpleasyncresult.c:777
        current_source = 0x126c750
        current_context = 0x18a3e80
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
#20 0x00007f25ca238647 in complete_close (self=<optimized out>) at wocky-c2s-porter.c:815
        priv = 0x12b3270
        tmp = 0x19a8f50
#21 0x00007f25ca239ac5 in close_sent_cb (source=0x24a3f20, res=0x2208070, user_data=<optimized out>) at wocky-c2s-porter.c:1426
        self = 0x12b3330
        priv = 0x12b3270
        error = 0x0
#22 0x00007f25c98cea67 in g_simple_async_result_complete (simple=0x2208070) at /build/buildd/glib2.0-2.38.0/./gio/gsimpleasyncresult.c:777
        current_source = 0x126c750
        current_context = 0x18a3e80
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
#23 0x00007f25ca26f47f in wocky_xmpp_connection_write_cb (source=0x7f25b4001b10, res=0x1240aa0, user_data=<optimized out>) at wocky-xmpp-connection.c:338
        r = 0x2208070
        self = <optimized out>
        priv = 0x24a3aa0
        written = <optimized out>
        error = 0x0
#24 0x00007f25c98dae3b in g_task_return_now (task=0x1240aa0) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1108
No locals.
#25 0x00007f25c98db4a6 in g_task_return (task=0x1240aa0, type=<optimized out>) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1161
        source = 0x126c750
        type = <optimized out>
        task = 0x1240aa0
#26 0x00007f25c98c73db in async_ready_write_callback_wrapper (source_object=0x7f25b4001b10, res=0x19a8ee0, user_data=0x1240aa0) at /build/buildd/glib2.0-2.38.0/./gio/goutputstream.c:644
        stream = 0x7f25b4001b10
        class = <optimized out>
        task = 0x1240aa0
        nwrote = <optimized out>
        error = 0x0
#27 0x00007f25c98cea67 in g_simple_async_result_complete (simple=0x19a8ee0) at /build/buildd/glib2.0-2.38.0/./gio/gsimpleasyncresult.c:777
        current_source = 0x126c750
        current_context = 0x18a3e80
        __PRETTY_FUNCTION__ = "g_simple_async_result_complete"
#28 0x00007f25ca27345e in wocky_tls_job_result_gssize (job=<optimized out>, result=17) at wocky-tls.c:369
        simple = 0x19a8ee0
#29 0x00007f25c98dae3b in g_task_return_now (task=0x15aa9c0) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1108
No locals.
#30 0x00007f25c98db4a6 in g_task_return (task=0x15aa9c0, type=<optimized out>) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1161
        source = 0x126c750
        type = <optimized out>
        task = 0x15aa9c0
#31 0x00007f25c98c73db in async_ready_write_callback_wrapper (source_object=0x19645b0, res=0x15aa820, user_data=0x15aa9c0) at /build/buildd/glib2.0-2.38.0/./gio/goutputstream.c:644
        stream = 0x19645b0
        class = <optimized out>
        task = 0x15aa9c0
        nwrote = <optimized out>
        error = 0x0
#32 0x00007f25c98dae3b in g_task_return_now (task=0x15aa820) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1108
No locals.
#33 0x00007f25c98dae59 in complete_in_idle_cb (task=0x15aa820) at /build/buildd/glib2.0-2.38.0/./gio/gtask.c:1117
No locals.
#34 0x00007f25c91533a6 in g_main_dispatch (context=0x12332e0) at /build/buildd/glib2.0-2.38.0/./glib/gmain.c:3065
        dispatch = 0x7f25c9150440 <g_idle_dispatch>
        was_in_call = 0
        user_data = 0x15aa820
        callback = 0x7f25c98dae50 <complete_in_idle_cb>
        cb_funcs = 0x7f25c940a940 <g_source_callback_funcs>
        cb_data = 0x18e2350
        need_destroy = <optimized out>
        current_source_link = {data = 0x126c750, next = 0x0}
        source = 0x126c750
        current = 0x1241960
        i = 6
#35 g_main_context_dispatch (context=context@entry=0x12332e0) at /build/buildd/glib2.0-2.38.0/./glib/gmain.c:3641
No locals.
#36 0x00007f25c91536f8 in g_main_context_iterate (context=0x12332e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.38.0/./glib/gmain.c:3712
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 8
        fds = 0x18e6190
#37 0x00007f25c9153afa in g_main_loop_run (loop=0x12405b0) at /build/buildd/glib2.0-2.38.0/./glib/gmain.c:3906
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#38 0x00007f25c9f32f72 in tp_run_connection_manager (prog_name=prog_name@entry=0x4a4787 "telepathy-gabble", version=version@entry=0x4abe6d "0.18.1", construct_cm=construct_cm@entry=0x426a10 <construct_cm>, argc=argc@entry=1, argv=argv@entry=0x7fffee1f3888) at run.c:285
        connection = 0x1230320
        bus_daemon = 0x1234a50
        error = 0x0
        ret = 1
        __PRETTY_FUNCTION__ = "tp_run_connection_manager"
#39 0x0000000000426d0c in gabble_main (argc=1, argv=0x7fffee1f3888) at gabble.c:177
        loader = 0x122ca70
        out = <optimized out>
        fatal_mask = <optimized out>
#40 0x00007f25c8b48de5 in __libc_start_main (main=0x426900 <main>, argc=1, ubp_av=0x7fffee1f3888, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffee1f3878) at libc-start.c:260
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -7241299887337116461, 4352288, 140737188411520, 0, 0, 7241330942358449363, 7334724933526482131}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x4a4670 <__libc_csu_init>, 0x7fffee1f3888}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4867696}}}
        not_first_call = <optimized out>
#41 0x0000000000426949 in _start ()
No symbol table info available."
Comment 1 Guillaume Desmottes 2014-05-07 12:28:05 UTC 
Created attachment 98618 [details] [review]
wocky-jingle-info: don't try using self if it's NULL
Comment 2 Guillaume Desmottes 2014-05-07 14:22:20 UTC 
Fixed for 0.18.2 and 0.19.0 (which may actually be 1.0).
Comment 3 Guillaume Desmottes 2014-05-07 15:08:32 UTC 
(In reply to comment #2)
> Fixed for 0.18.2 and 0.19.0 (which may actually be 1.0).

And I just released 0.18.3

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.