Bug 9075

Summary: segfault when upgrading to pidgin 2.10.7
Product: Mageia Reporter: Simon Putt <lemonzest>
Component: RPM PackagesAssignee: Damien Lallement <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: alien, luigiwalser, oe
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: pidgin CVE:
Status comment:

Description Simon Putt 2013-02-14 13:15:10 CET 
upgraded to pidgin 2.10.7 this morning and getting the following when run from a term

Pidgin 2.10.7 has segfaulted and attempted to dump a core file.
This is a bug in the software and has happened through
no fault of your own.

If you can reproduce the crash, please notify the developers
by reporting a bug at:
http://developer.pidgin.im/simpleticket/

Please make sure to specify what you were doing at the time
and post the backtrace from the core file.  If you do not know
how to get the backtrace, please read the instructions at
http://developer.pidgin.im/wiki/GetABacktrace
Aborted
Comment 1 Manuel Hiebel 2013-02-14 13:23:49 CET 
maybe you have a backtrace ?

Assignee: bugsquad => mageia
Source RPM: (none) => pidgin

Comment 2 Simon Putt 2013-02-14 13:24:57 CET 
(gdb) run
Starting program: /usr/bin/pidgin 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
warning: cannot close "/usr/lib64/purple-2/libjabber.so": Invalid operation
warning: cannot close "/usr/lib64/purple-2/liboscar.so": Invalid operation
warning: cannot close "/usr/lib64/purple-2/libymsg.so": Invalid operation
Detaching after fork from child process 15211.
Detaching after fork from child process 15212.
Detaching after fork from child process 15213.
Detaching after fork from child process 15214.
Detaching after fork from child process 15215.
Detaching after fork from child process 15216.
Detaching after fork from child process 15217.
Detaching after fork from child process 15218.
Detaching after fork from child process 15219.
Detaching after fork from child process 15220.
Detaching after fork from child process 15221.
Detaching after fork from child process 15222.
Detaching after fork from child process 15223.
Detaching after fork from child process 15224.
Detaching after fork from child process 15225.
Detaching after fork from child process 15226.
Detaching after fork from child process 15227.
Detaching after fork from child process 15228.
Detaching after fork from child process 15229.
Detaching after fork from child process 15230.
Detaching after fork from child process 15231.
warning: cannot close "/usr/lib64/gio/modules/libgsettingsgconfbackend.so": Invalid operation
warning: cannot close "/lib64/libgconf-2.so.4": Invalid operation
[New Thread 0x7fffde09f700 (LWP 15232)]
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 9: reading configurations from ~/.fonts.conf is deprecated.
Fontconfig warning: "/etc/fonts/conf.d/65-4-sazanami-gothic.conf", line 8: Having multiple values in <test> isn't supported and may not work as expected
Fontconfig warning: "/etc/fonts/conf.d/65-4-sazanami-mincho.conf", line 8: Having multiple values in <test> isn't supported and may not work as expected
Fontconfig warning: "/etc/fonts/conf.d/65-google-droid-sans.conf", line 61: Having multiple values in <test> isn't supported and may not work as expected
Fontconfig warning: "/etc/fonts/conf.d/65-google-droid-sans.conf", line 96: Having multiple values in <test> isn't supported and may not work as expected
Detaching after fork from child process 15233.
Detaching after fork from child process 15235.
Detaching after fork from child process 15237.
Detaching after fork from child process 15238.
Detaching after fork from child process 15240.
Detaching after fork from child process 15242.
Detaching after fork from child process 15244.
Detaching after fork from child process 15246.
Detaching after fork from child process 15251.
Detaching after fork from child process 15252.
Detaching after fork from child process 15254.
Detaching after fork from child process 15256.
Detaching after fork from child process 15257.
Detaching after fork from child process 15259.
Detaching after fork from child process 15260.
Detaching after fork from child process 15262.
Detaching after fork from child process 15263.
Detaching after fork from child process 15265.
Detaching after fork from child process 15267.
Detaching after fork from child process 15269.
Detaching after fork from child process 15271.
Detaching after fork from child process 15273.
Detaching after fork from child process 15275.
Detaching after fork from child process 15277.
Detaching after fork from child process 15279.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff14aa6fb in get_stats_for () from /usr/lib64/pidgin/cap.so
(gdb)
Comment 3 AL13N 2013-02-14 13:26:54 CET 
after this, you still need to do "thread apply all bt full" to get the actual backtrace

CC: (none) => alien

Comment 4 AL13N 2013-02-14 13:28:10 CET 
> cannot close "/usr/lib64/gio/modules/libgsettingsgconfbackend.so": 

could be leftover from gnome 3.8? maybe wait until olav fixes this first
Comment 5 Simon Putt 2013-02-14 13:28:32 CET 
(gdb) bt full
#0  0x00007ffff14aa6fb in get_stats_for () from /usr/lib64/pidgin/cap.so
No symbol table info available.
#1  0x00007ffff14aa979 in buddy_signed_on () from /usr/lib64/pidgin/cap.so
No symbol table info available.
#2  0x00007ffff7d38dd2 in purple_signal_emit_vargs () from /lib64/libpurple.so.0
No symbol table info available.
#3  0x00007ffff7d38f21 in purple_signal_emit () from /lib64/libpurple.so.0
No symbol table info available.
#4  0x00007ffff7cf85c9 in purple_blist_update_buddy_status () from /lib64/libpurple.so.0
No symbol table info available.
#5  0x00007ffff7d307f8 in purple_prpl_got_user_status () from /lib64/libpurple.so.0
No symbol table info available.
#6  0x00007fffe88e41fd in twitter_verify_authen () from /usr/lib64/purple-2/libtwitter.so
No symbol table info available.
#7  0x00007fffe88e7157 in ?? () from /usr/lib64/purple-2/libtwitter.so
No symbol table info available.
#8  0x00007ffff7d50f12 in url_fetch_recv_cb () from /lib64/libpurple.so.0
No symbol table info available.
#9  0x000000000046cf0d in pidgin_io_invoke ()
No symbol table info available.
#10 0x00000030752476d5 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
No symbol table info available.
#11 0x0000003075247a08 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
No symbol table info available.
#12 0x0000003075247e02 in g_main_loop_run () from /lib64/libglib-2.0.so.0
No symbol table info available.
#13 0x0000003a4a331eb7 in gtk_main () from /lib64/libgtk-x11-2.0.so.0
No symbol table info available.
#14 0x0000000000431ba9 in main ()
No symbol table info available.
(gdb)
Comment 6 David Walser 2013-02-14 14:45:00 CET 
Please install pidgin-debug, glib2.0-debug, and gtk+2.0-debug from the debug repository (they might be called debuginfo now) and do the backtrace again.

CC: (none) => luigiwalser, oe

Comment 7 Simon Putt 2013-02-14 15:07:55 CET 
deleting my prefs.xml fixed the segfault
Comment 8 David Walser 2013-02-14 15:11:30 CET 
Yes but now we can't debug it.  We don't want users to have to delete it.  Do you still have a copy of it?
Comment 9 Simon Putt 2013-02-14 15:13:59 CET 
it segged again after a few mins, maybe its a config problem
Comment 10 David Walser 2013-02-14 15:36:33 CET 
It still shouldn't segfault.  Please install those debug packages and post a new backtrace.
Comment 11 Simon Putt 2013-02-14 15:46:37 CET 
most of it is the same as before, but the segfault says this

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff14aa6fb in generate_prediction_for (buddy=0xfe8160) at cap.c:99
99		if(sta_id && !strcmp(sta_id, "offline")) {
Comment 12 Simon Putt 2013-02-14 15:51:38 CET 
sorry, forgot the do the bt full, its very long, how to i redirect to a file?
Comment 13 Simon Putt 2013-02-14 15:52:12 CET 
(gdb) bt full
#0  0x00007ffff14aa6fb in generate_prediction_for (buddy=0xfe8160) at cap.c:99
        buddy_name = 0xfe8140 "twitter.com"
        stmt = 0x16cf2a8
        tail = 0x16cf296 ""
        protocol_id = <optimized out>
        account_id = 0x8f6c20 "lemonzest2008@api.twitter.com"
        min_minute = <optimized out>
        sql = 0x16cf1b8 "\230\306\032p0"
        rc = <optimized out>
        generated = 1
        current_minute = <optimized out>
        threshold = <optimized out>
        sta_id = 16 '\020'
        prediction = 0.9997520114625813
        status_id = 0x8f6b10 "available"
        t = 1360853424
        current_time = <optimized out>
        max_minute = <optimized out>
#1  generate_prediction (statistics=<optimized out>) at cap.c:28
No locals.
#2  get_stats_for (buddy=<optimized out>) at cap.c:130
        stats = 0x16cc470
#3  0x00007ffff14aa979 in buddy_signed_on (buddy=0xfe8160) at cap.c:414
        stats = <optimized out>
#4  0x00007ffff7d38dd2 in purple_signal_emit_vargs (instance=<optimized out>, signal=signal@entry=
    0x7ffff7d82257 "buddy-signed-on", args=args@entry=0x7fffffff9f18) at signals.c:482
        instance_data = <optimized out>
        signal_data = 0x8e5380
        handler_data = <optimized out>
        l = <optimized out>
        l_next = 0xbb9d20 = {0xbbd3c0, 0xb8a9a0, 0x93b9d0, 0x9320f0}
        tmp = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffff9ff0, reg_save_area = 0x7fffffff9f30}}
        __PRETTY_FUNCTION__ = "purple_signal_emit_vargs"
#5  0x00007ffff7d38f21 in purple_signal_emit (instance=<optimized out>, signal=signal@entry=0x7ffff7d82257 "buddy-signed-on")
    at signals.c:434
        args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffff9ff0, reg_save_area = 0x7fffffff9f30}}
        __PRETTY_FUNCTION__ = "purple_signal_emit"
#6  0x00007ffff7cf85c9 in purple_blist_update_buddy_status (buddy=0xfe8160, old_status=0xfe8390) at blist.c:918
        ops = <optimized out>
        presence = <optimized out>
        status = 0xfe80c0
        cnode = <optimized out>
---Type <return> to continue, or q <return> to quit---
        __PRETTY_FUNCTION__ = "purple_blist_update_buddy_status"
#7  0x00007ffff7d307f8 in purple_prpl_got_user_status (account=0x8f6b60, name=0xfe8140 "twitter.com", status_id=
    0x7ffff7d9562f "available") at prpl.c:284
        list = 0xfee250 = {0xfe8160}
        l = <optimized out>
        buddy = 0xfe8160
        presence = <optimized out>
        status = 0xfe80c0
        old_status = 0xfe8390
        args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffa140, reg_save_area = 0x7fffffffa050}}
        __PRETTY_FUNCTION__ = "purple_prpl_got_user_status"
#8  0x00007fffe88e41fd in twitter_verify_authen () from /usr/lib64/purple-2/libtwitter.so
No symbol table info available.
#9  0x00007fffe88e7157 in ?? () from /usr/lib64/purple-2/libtwitter.so
No symbol table info available.
#10 0x00007ffff7d50f12 in url_fetch_recv_cb (url_data=0x15c71d0, source=<optimized out>, cond=<optimized out>) at util.c:3930
        gfud = 0x15c71d0
        len = <optimized out>
        buf = 
    "d>\n    <geo/>\n    <coordinates/>\n    <place/>\n    <contributors/>\n  </status>\n</user>\n99ae5a0a8ca12fd235995b78d8f576e\r\nX-RateLimit-Limit: 150\r\nX-RateLimit-Remaining: 145\r\nX-Frame-Options: SAMEORIGIN\r\n"...
        data_cursor = <optimized out>
#11 0x000000000046cf0d in pidgin_io_invoke (source=<optimized out>, condition=<optimized out>, data=0x159e7a0) at gtkeventloop.c:73
        closure = 0x159e7a0
        purple_cond = PURPLE_INPUT_READ
#12 0x00000030752476d5 in g_main_dispatch (context=0x6fa500) at gmain.c:2715
        dispatch = 0x3075285410 <g_io_unix_dispatch>
        was_in_call = 0
        user_data = 0x159e7a0
        callback = 0x46ced0 <pidgin_io_invoke>
        cb_funcs = 0x30754f49e0 <g_source_callback_funcs>
        cb_data = 0x1651ed0
        current_source_link = {data = 0x1622eb0, next = 0x0}
        need_destroy = <optimized out>
        source = 0x1622eb0
        current = 0xd31210
        i = <optimized out>
#13 g_main_context_dispatch (context=context@entry=0x6fa500) at gmain.c:3219
No locals.
#14 0x0000003075247a08 in g_main_context_iterate (context=0x6fa500, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3290
        max_priority = 2147483647
---Type <return> to continue, or q <return> to quit---
        timeout = 3376
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = <optimized out>
        fds = 0x15cc7c0
#15 0x0000003075247e02 in g_main_loop_run (loop=0x15c7ee0) at gmain.c:3484
        __PRETTY_FUNCTION__ = "g_main_loop_run"
#16 0x0000003a4a331eb7 in IA__gtk_main () at gtkmain.c:1257
        tmp_list = 0x0
        functions = 0x0
        init = <optimized out>
        loop = 0x15c7ee0
#17 0x0000000000431ba9 in main (argc=1, argv=0x7fffffffd7f8) at gtkmain.c:934
        opt_force_online = 0
        opt_help = <optimized out>
        opt_login = 0
        opt_nologin = 0
        opt_version = <optimized out>
        opt_si = 0
        opt_config_dir_arg = <optimized out>
        opt_login_arg = <optimized out>
        opt_session_arg = <optimized out>
        search_path = <optimized out>
        accounts = <optimized out>
        sig_indx = 1
        sigset = {__val = {82950, 0 <repeats 15 times>}}
        prev_sig_disp = <optimized out>
        errmsg = 
    '\000' <repeats 616 times>"\242, d`o0", '\000' <repeats 61 times>"\300, v8\000\000\000\000\020\300v8\000\000\000\370\002\300v8\000\000\000\370\002\300v8", '\000' <repeats 11 times>, "\001\000\000\000\000\000\000\000\000\000\340v8\000\000\000\000\020\340v8\000\000\000\000\020\340v8\000\000\000\000\020\340v8", '\000' <repeats 11 times>, "\003\000\000\000\000\000\000\000\000\000\000w8\000\000\000\000\340\025w8\000\000\000\021Pao0\000\000\000\223\333\025w8\000\000\000\000\020\311\367\377\177\000\000/\000\000\000\000\000\000\000}\245`o0\000\000\000\021\000\000\000\000\000\000\000\027\000\000\000\000\000\000\000\030\000\000\000\000\000\000\000\310$\311\367\000\000\000\000/\000\000\000\000\000\000\000%yao0\000\000\000"...
        signal_channel = <optimized out>
        signal_status = <optimized out>
        signal_channel_watcher = 1
        segfault_message_tmp = <optimized out>
        error = 0x0
        opt = <optimized out>
        gui_check = <optimized out>
        debug_enabled = <optimized out>
---Type <return> to continue, or q <return> to quit---
        migration_failed = <optimized out>
        active_accounts = <optimized out>
        st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, 
          st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {
            tv_sec = 0, tv_nsec = 0}, __unused = {0, 0, 0}}
        long_options = {{name = 0x4cfc8c "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x4be52e "debug", has_arg = 0, 
            flag = 0x0, val = 100}, {name = 0x4cb643 "force-online", has_arg = 0, flag = 0x0, val = 102}, {name = 0x4c011f "help", 
            has_arg = 0, flag = 0x0, val = 104}, {name = 0x4cb50a "login", has_arg = 2, flag = 0x0, val = 108}, {name = 
    0x4cb650 "multiple", has_arg = 0, flag = 0x0, val = 109}, {name = 0x4cb659 "nologin", has_arg = 0, flag = 0x0, val = 110}, {
            name = 0x4cfc82 "session", has_arg = 1, flag = 0x0, val = 115}, {name = 0x4c3c7b "version", has_arg = 0, flag = 0x0, 
            val = 118}, {name = 0x4cfc95 "display", has_arg = 1, flag = 0x0, val = 68}, {name = 0x4cb661 "sync", has_arg = 0, 
            flag = 0x0, val = 83}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
Comment 14 David Walser 2013-02-14 16:04:59 CET 
I'm not sure what the bt full is showing, can you post a regular bt?
Comment 15 Simon Putt 2013-02-14 16:14:58 CET 
(gdb) bt
#0  0x00007ffff14aa6fb in generate_prediction_for (buddy=0xfc4e70) at cap.c:99
#1  generate_prediction (statistics=<optimized out>) at cap.c:28
#2  get_stats_for (buddy=<optimized out>) at cap.c:130
#3  0x00007ffff14aa979 in buddy_signed_on (buddy=0xfc4e70) at cap.c:414
#4  0x00007ffff7d38dd2 in purple_signal_emit_vargs (instance=<optimized out>, signal=signal@entry=
    0x7ffff7d82257 "buddy-signed-on", args=args@entry=0x7fffffffabf8) at signals.c:482
#5  0x00007ffff7d38f21 in purple_signal_emit (instance=<optimized out>, signal=signal@entry=0x7ffff7d82257 "buddy-signed-on")
    at signals.c:434
#6  0x00007ffff7cf85c9 in purple_blist_update_buddy_status (buddy=0xfc4e70, old_status=0xfc61c0) at blist.c:918
#7  0x00007ffff7d307f8 in purple_prpl_got_user_status (account=account@entry=0x938d60, name=name@entry=
    0x1675050 "0egxcs3ljzghh0hrju4rnp5jiw@public.talk.google.com", status_id=0x7fffe754bd7c "available") at prpl.c:284
#8  0x00007fffe753f420 in handle_presence_contact (presence=0x7fffffffae90, js=0x1578b90) at presence.c:887
#9  jabber_presence_parse (js=js@entry=0x1578b90, packet=<optimized out>) at presence.c:1035
#10 0x00007fffe753054b in jabber_process_packet (js=js@entry=0x1578b90, packet=packet@entry=0x7fffffffafa8) at jabber.c:347
#11 0x00007fffe753d1d7 in jabber_parser_element_end_libxml (user_data=0x1578b90, element_name=<optimized out>, 
    prefix=<optimized out>, namespace=<optimized out>) at parser.c:169
#12 0x0000003946e461b3 in xmlParseEndTag2 () from /lib64/libxml2.so.2
#13 0x0000003946e4d19e in xmlParseTryOrFinish () from /lib64/libxml2.so.2
#14 0x0000003946e4ea3f in xmlParseChunk () from /lib64/libxml2.so.2
#15 0x00007fffe753d67d in jabber_parser_process (js=0x1578b90, buf=<optimized out>, len=<optimized out>) at parser.c:279
#16 0x00007fffe752c24e in jabber_recv_cb_ssl (data=0x157eeb0, gsc=0xba9af0, cond=<optimized out>) at jabber.c:659
#17 0x000000000046cf0d in pidgin_io_invoke (source=<optimized out>, condition=<optimized out>, data=0x15d4f10) at gtkeventloop.c:73
#18 0x00000030752476d5 in g_main_dispatch (context=0x6fa500) at gmain.c:2715
#19 g_main_context_dispatch (context=context@entry=0x6fa500) at gmain.c:3219
#20 0x0000003075247a08 in g_main_context_iterate (context=0x6fa500, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3290
#21 0x0000003075247e02 in g_main_loop_run (loop=0x15bf2c0) at gmain.c:3484
#22 0x0000003a4a331eb7 in IA__gtk_main () at gtkmain.c:1257
#23 0x0000000000431ba9 in main (argc=1, argv=0x7fffffffd7f8) at gtkmain.c:934
Comment 16 David Walser 2013-02-14 16:47:41 CET 
Oh, I understand the bt full now, it was actually VERY helpful.

So the issue is a stupid programming error, here's the patch I just added:

--- pidgin-2.10.7/pidgin/plugins/cap/cap.c~     2013-02-11 04:16:54.000000000 -0500
+++ pidgin-2.10.7/pidgin/plugins/cap/cap.c      2013-02-14 10:44:27.743029516 -0500
@@ -43,7 +43,7 @@
        int threshold = purple_prefs_get_int("/plugins/gtk/cap/threshold");
        int min_minute = (current_minute - threshold) % 1440;
        int max_minute = (current_minute + threshold) % 1440;
-       char *sql, sta_id = NULL;
+       char *sql, *sta_id = NULL;
        sqlite3_stmt *stmt = NULL;
        const char *tail = NULL;
        int rc;

This needs to be reported upstream.

Should be fixed in pidgin-2.10.7-2.mga3.
Comment 17 Simon Putt 2013-02-14 17:55:56 CET 
no more seg faults here, and running normally, thanks guys
Comment 18 David Walser 2013-02-14 18:15:39 CET 
fixed in pidgin-2.10.7-2.mga3.

Status: NEW => RESOLVED
Resolution: (none) => FIXED