Bug 137045

Summary:	gaim-1.5.0 crashes with "free(): invalid pointer"
Product:	Gentoo Linux	Reporter:	Lindsay Haisley <fmouse-gentoo>
Component:	Current packages	Assignee:	Gentoo Net-im project <net-im>
Status:	RESOLVED UPSTREAM
Severity:	normal	CC:	Martin.vGagern
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	gaim debugging when trying to log onto an ICQ account debug output of crash when trying to chat with an AIM user

Description Lindsay Haisley 2006-06-16 17:53:09 UTC

The summary says it all.  The full dialog is:

$ gaim > gaim_debug 
*** glibc detected *** free(): invalid pointer: 0x083c81a8 ***
dns[16187]: Oops, father has gone, wait for me, wait...!
Aborted

Gaim crashes in this way when I try to log on to an ICQ account.  I can log on to an AIM account however the same crash occurs when I try to chat with another user online.

I've run revdep-rebuild and dynamic linking is apparently consistent.

I have emerged gaim with USE=debug and the debugging output is attached separately.

$ emerge --info
Portage 2.1 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r3,glibc-2.3.4.20040808-r1, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz
Gentoo Base System version 1.6.14
ccache version 2.3 [disabled]
dev-lang/python:     2.4.2
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/gcc-config: 1.3.13-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fprefetch-loop-arrays -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-O2 -march=pentium4 -fprefetch-loop-arrays -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo http://cudlug.cudenver.edu/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo"
LANG="en"
LC_ALL="en_US"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X Xaw3d acl acpi alsa apache2 apm arts avi berkdb bindist bitmap-fonts bonobo cdr cli crypt cups curl doc dri dvd dvdr eds emboss encode esd evo fastcgi flash foomaticdb fortran gdbm gif gimp gnome gpm gps gstreamer gtk gtk2 gtkhtml hal imap imlib ipv6 isdnlog java jikes jpeg kde ldap libg++ libwww mad maildir mcal mikmod motif mozilla mp3 mpeg mysql ncurses nls nptl ogg oggvorbis opengl oss pam pcre pdflib perl plotutils png ppds pppd python qt quicktime readline reflection samba sasl scanner sdl session slang slp snmp spell spl sse ssl svga tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts udev usb vorbis xml xml2 xmms xorg xosd xv zeo zlib elibc_glibc kernel_linux userland_GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Lindsay Haisley 2006-06-16 17:55:44 UTC

Created attachment 89359 [details]
gaim debugging when trying to log onto an ICQ account

Comment 2 Lindsay Haisley 2006-06-16 18:22:52 UTC

Created attachment 89360 [details]
debug output of crash when trying to chat with an AIM user

As before, gaim fails as follows:

$ gaim > gaim_debug2 
*** glibc detected *** free(): invalid pointer: 0x083b4700 ***
dns[16850]: Oops, father has gone, wait for me, wait...!
Aborted

Comment 3 Lindsay Haisley 2006-06-16 19:03:51 UTC

If I set MALLOC_CHECK_=0 in the env, the "invalid pointer" error goes away, and I get:

oscar: Claiming to have a buddy icon
oscar: Sending IM, charset=0x0000, charsubset=0x0000, length=27
Hi, user.  We need to talk.
I think something's gone wrong here.  It's probably my fault.
No, really, it's not you... it's me... no no no, I think we get along well
it's just that.... well, I want to see other people.  I... what?!?  NO!  I haven't
been cheating on you!!  How many times do you want me to tell you?!  And for the
last time, it's just a rash!
dns[29110]: Oops, father has gone, wait for me, wait...!
Aborted

[sic]

Comment 4 Lindsay Haisley 2006-06-16 19:51:23 UTC

Here's a backtrace:

(gdb) run
Starting program: /usr/bin/gaim 
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 6290)]
*** glibc detected *** free(): invalid pointer: 0x083afc40 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread 16384 (LWP 6290)]
0xb77060a1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb77060a1 in kill () from /lib/libc.so.6
#1  0xb7f45cdf in pthread_kill () from /lib/libpthread.so.0
#2  0xb7f4605a in raise () from /lib/libpthread.so.0
#3  0xb7705e40 in raise () from /lib/libc.so.6
#4  0xb77071d4 in abort () from /lib/libc.so.6
#5  0xb7738f31 in __fsetlocking () from /lib/libc.so.6
#6  0xb773e77f in malloc_usable_size () from /lib/libc.so.6
#7  0xb773f133 in free () from /lib/libc.so.6
#8  0xb592e5cd in operator delete () from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libstdc++.so.6
#9  0xb590f8a1 in std::string::_Rep::_M_destroy () from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/libstdc++.so.6
#10 0xb50587ff in Arts::MCOPUtils::readConfigEntry () from /usr/kde/3.5/lib/libmcop.so.1
#11 0xb5040795 in Arts::Dispatcher::Dispatcher () from /usr/kde/3.5/lib/libmcop.so.1
#12 0xb6a071b2 in arts_backend_init () from /usr/kde/3.5/lib/libartscbackend.so.0
#13 0xb734d2ce in arts_init () from /usr/kde/3.5/lib/libartsc.so.0
#14 0xb7f98935 in ao_plugin_test () from /usr/lib/ao/plugins-2/libarts.so
#15 0xb7f90364 in ?? () from /usr/lib/libao.so.2
#16 0xb7f8f56c in ?? () from /usr/lib/libao.so.2
#17 0x081345e8 in ?? ()
#18 0xffffffff in ?? ()
#19 0xb7f92100 in ?? () from /usr/lib/libao.so.2
#20 0x081345f2 in ?? ()
#21 0x081077d3 in __PRETTY_FUNCTION__.0 ()
#22 0xbfec5078 in ?? ()
#23 0xb7f90e48 in ao_default_driver_id () from /usr/lib/libao.so.2
#24 0xb7f90e48 in ao_default_driver_id () from /usr/lib/libao.so.2
#25 0x080ef33e in _pref_sound_method_changed (name=0x81369c0 "\220Q\023\b g\023\bXR\023\b/lib\030", 
    type=GAIM_PREF_STRING, val=0xb7351b38, data=0x0) at gtksound.c:362
#26 0x0808333e in do_callbacks (name=0x81077d3 "/gaim/gtk/sound/method", pref=0x8134598) at prefs.c:394
#27 0x080eed36 in gaim_gtk_sound_play_file (filename=0x8376e30 "/usr/share/sounds/gaim/send.wav") at gtksound.c:160
#28 0x080ef1fe in gaim_gtk_sound_play_event (event=GAIM_SOUND_BUDDY_ARRIVE) at gtksound.c:324
#29 0x080bf042 in gaim_gtkconv_write_im (conv=0x81b8640, who=0x0, message=0x0, flags=GAIM_MESSAGE_SEND, mtime=0)
    at gtkconv.c:5094
#30 0x08074ea4 in common_send (conv=0x81b8640, 
    message=0x83f84c0 "<font size=\"4\">Yo!  Gaim keeps crashing on me.  Trying to debug it.</font>")
    at conversation.c:199
#31 0x080b6abb in send_cb (widget=0x0, conv=0x81b8640) at gtkconv.c:554
#32 0x080bc244 in entry_key_press_cb (entry=0x83a21b8, event=0x83cc5a0, data=0x81b8640) at gtkconv.c:1845
#33 0xb7d46f4c in gtk_marshal_VOID__UINT_STRING () from /usr/lib/libgtk-x11-2.0.so.0
#34 0xb798ba9e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#35 0xb79a0533 in g_signal_has_handler_pending () from /usr/lib/libgobject-2.0.so.0
#36 0xb79a11bf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#37 0xb79a1757 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#38 0xb7e38a12 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#39 0xb7e48d58 in gtk_window_propagate_key_event () from /usr/lib/libgtk-x11-2.0.so.0
#40 0xb7e4d660 in gtk_window_activate_key () from /usr/lib/libgtk-x11-2.0.so.0
#41 0xb7d46f4c in gtk_marshal_VOID__UINT_STRING () from /usr/lib/libgtk-x11-2.0.so.0
#42 0xb798bd9c in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#43 0xb798ba9e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#44 0xb79a0094 in g_signal_has_handler_pending () from /usr/lib/libgobject-2.0.so.0
#45 0xb79a11bf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#46 0xb79a1757 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#47 0xb7e38a12 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#48 0xb7d45614 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#49 0xb7d457d5 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#50 0xb7be5d46 in gdk_event_get_graphics_expose () from /usr/lib/libgdk-x11-2.0.so.0
#51 0xb791b35a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#52 0xb791cbc7 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
#53 0xb791ced3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#54 0xb7d44b5f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#55 0x080f51fb in main (argc=1, argv=0xbfecd1a4) at main.c:961

Comment 5 Kathryn Kulick (RETIRED) gentoo-dev

2006-06-30 09:29:17 UTC

There is at least one bug upstream regarding the invalid pointer. I am monitoring them, going to close as upstream.

Comment 6 Martin von Gagern 2006-07-19 04:03:03 UTC

(In reply to comment #5)
> There is at least one bug upstream regarding the invalid pointer. I am
> monitoring them, going to close as upstream.

Can you provide a link to the upstream bug(s)?
I could find only 1434547, which is about MSN which I'm not using but still I experience this problem here.
http://sourceforge.net/tracker/index.php?func=detail&aid=1434547&group_id=235&atid=100235

Possibly related to bug 130728. But there a compiler switch lies at the heart of the issue, which I would deem a rather gentooish kind of problem and not upstream at all. I'm not yet sure if they are the same, and if so, what is the real reason of this problem.

Comment 7 Martin von Gagern 2006-08-16 12:12:27 UTC

I traced my issue to the AIM/ICQ plugin, disabling that prevented the crash.
Upgrading to the Gaim 2.0.0 beta 3 solved the problem as well.

Comment 8 Martin von Gagern 2006-10-07 15:45:47 UTC

Now I got the same bug on my stable x86 system. Maybe it's some package update that hit stable the last few weeks. Unfortunately I know neither when I last started Gaim successfully, nor what packages were updated since. I know cups and gnutls were among those updates, and caused some rev deps to break. But according to revdep-rebuild, my system is clean now (except for bug 125728), and remerging gaim does not help either. And Gaim 2 is still to buggy to use on stable x86.