free(): invalid pointer in mm_g_free_mattermost_user()

Jellyfrog commented 7 years ago

Pidgin 2.12.0 (libpurple 2.12.0)
purple-mattermost: 1.1.2017.10.26.git.d6aa4dd
Mattermost server: 4.2.0

#0  0x00007f9ad3d450d0 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
        set = {__val = {0, 140302974141531, 140725031090640, 0, 140725031207020, 140302955907224, 11, 140725031090608, 140724603453448, 16, 108, 140302976436816, 11, 183919194367405568, 143, 140725031090608}}
        pid = <optimized out>
        tid = <optimized out>
#1  0x00007f9ad3d466b1 in __GI_abort () at abort.c:79
        save_stage = 1
        act = 
          {__sigaction_handler = {sa_handler = 0x7ffd197d3ab8, sa_sigaction = 0x7ffd197d3ab8}, sa_mask = {__val = {140725031090864, 140725031090860, 140725031090880, 6, 2906896664, 94371928324376, 94371928324448, 0, 183919194367405568, 108, 94371927396496, 94371927396496, 4294967295, 1, 140725031090992, 140725031091600}}, sa_flags = 427637552, sa_restorer = 0x1000}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007f9ad3d88427 in __libc_message (action=action@entry=(do_abort | do_backtrace), fmt=fmt@entry=0x7f9ad3e90e38 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:181
        ap = {{gp_offset = 40, fp_offset = 21972, overflow_arg_area = 0x7ffd197d3da0, reg_save_area = 0x7ffd197d3d30}}
        fd = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007f9ad3d8eb83 in malloc_printerr (action=<optimized out>, str=0x7f9ad3e8d7fa "free(): invalid pointer", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5411
        buf = "000055d4ae5c0ac0"
        cp = <optimized out>
        ar_ptr = <optimized out>
        ptr = <optimized out>
        str = 0x7f9ad3e8d7fa "free(): invalid pointer"
        action = <optimized out>
#4  0x00007f9ad3d90489 in _int_free (av=0x7f9ad40c3c20 <main_arena>, p=<optimized out>, have_lock=<optimized out>) at malloc.c:4160
        size = <optimized out>
        fb = <optimized out>
        nextchunk = <optimized out>
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        errstr = <optimized out>
        locked = <optimized out>
        __func__ = "_int_free"
#5  0x00007f9abf7ac6da in mm_g_free_mattermost_user (a=0x55d4aeb68da0) at libmattermost.c:374
        u = 0x55d4aeb68da0
        a = 0x55d4aeb68da0
        u = 0x55d4aeb68da0
#6  0x00007f9abf7aca09 in mm_response_callback (http_conn=<optimized out>, user_data=0x55d4aeb690d0, url_text=<optimized out>, len=<optimized out>, error_message=0x0) at libmattermost.c:1134
        root = 0x55d4aeb688e0
        body = <optimized out>
        body_len = <optimized out>
        conn = 0x55d4aeb690d0
        parser = 0x55d4ae8a2560 [JsonParser]
#7  0x00007f9ad51d7ed5 in url_fetch_recv_cb (url_data=0x55d4aed41700, source=<optimized out>, cond=cond@entry=PURPLE_INPUT_READ) at util.c:4002
        gfud = 0x55d4aed41700
        len = <optimized out>
        buf = "HTTP/1.0 200 OK\r\nContent-Type: application/json\r\nEtag: 4.2.0.mrbpkxup5pn7fy5mwghtfzba9o.1510322983457.true.true\r\nExpires: 0\r\nX-Request-Id: ddxzxpyy8j86jmcjru4gwwt7ow\r\nX-Version-Id: 4.2.0.4.2.0.60cdb2b"...
        data_cursor = <optimized out>
        got_eof = <optimized out>
        __func__ = "url_fetch_recv_cb"
#8  0x000055d4acb9925e in pidgin_io_invoke (source=<optimized out>, condition=<optimized out>, data=0x55d4aeba4350) at gtkeventloop.c:73
        closure = 0x55d4aeba4350
        purple_cond = PURPLE_INPUT_READ
#9  0x00007f9ad467fe05 in g_main_dispatch (context=0x55d4ad28c580) at gmain.c:3148
        dispatch = 0x7f9ad46c5bf0 <g_io_unix_dispatch>
---Type <return> to continue, or q <return> to quit---
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x55d4aeba4350
        callback = 0x55d4acb99230 <pidgin_io_invoke>
        cb_funcs = 0x7f9ad4946920 <g_source_callback_funcs>
        cb_data = 0x55d4aec220c0
        need_destroy = <optimized out>
        source = 0x55d4aed1f510
        current = 0x55d4ad5bdda0
        i = 1
#10 0x00007f9ad467fe05 in g_main_context_dispatch (context=context@entry=0x55d4ad28c580) at gmain.c:3813
#11 0x00007f9ad46801d0 in g_main_context_iterate (context=0x55d4ad28c580, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3886
        max_priority = 200
        timeout = 0
        some_ready = 1
        nfds = <optimized out>
        allocated_nfds = 42
        fds = 0x55d4ad15e200
#12 0x00007f9ad46804e2 in g_main_loop_run (loop=0x55d4ade9f420) at gmain.c:4082
        __func__ = "g_main_loop_run"
#13 0x00007f9ad621ead7 in IA__gtk_main () at gtkmain.c:1268
        tmp_list = <optimized out>
        functions = 0x0
        init = <optimized out>
        loop = 0x55d4ade9f420
#14 0x000055d4acb60c28 in main (argc=<optimized out>, argv=<optimized out>) at gtkmain.c:941
        opt_force_online = 0
        opt_help = <optimized out>
        opt_login = 0
        opt_nologin = 0
        opt_version = <optimized out>
        opt_si = <optimized out>
        opt_config_dir_arg = <optimized out>
        opt_login_arg = <optimized out>
        opt_session_arg = <optimized out>
        search_path = <optimized out>
        accounts = <optimized out>
        sig_indx = 1
        sigset = {__val = {91142, 0 <repeats 15 times>}}
        errmsg = '\000' <repeats 232 times>...
        signal_channel = <optimized out>
        signal_status = <optimized out>
        signal_channel_watcher = 1
        segfault_message_tmp = <optimized out>
        error = 0x0
        opt = <optimized out>
        gui_check = <optimized out>
        debug_enabled = <optimized out>
        migration_failed = 0
        active_accounts = <optimized out>
        long_options = 
            {{name = 0x55d4acbf9bb1 "config", has_arg = 1, flag = 0x0, val = 99}, {name = 0x55d4acbe7ff9 "debug", has_arg = 0, flag = 0x0, val = 100}, {name = 0x55d4acbf5b94 "force-online", has_arg = 0, flag = 0x0, val = 102}, {name = 0x55d4acbe9b26 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x55d4acbf5a3e "login", has_arg = 2, flag = 0x0, val = 108}, {name = 0x55d4acbf5ba1 "multiple", has_arg = 0, flag = 0x0, val = 109}, {name = 0x55d4acbf5baa "nologin", has_arg = 0, flag = 0x0, val = 110}, {name = 0x55d4acbf9ba7 "session", has_arg = 1, flag = 0x0, val = 115}, {name = 0x55d4acbec29d "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x55d4acbf9bba "display", has_arg = 1, flag = 0x0, val = 68}, {name = 0x55d4acbf668a "sync", has_arg = 0, flag = 0x0, val = 83}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}

EionRobb commented 7 years ago

Hopefully that commit helps.

Is there a repeatable way of causing the crash?

Jellyfrog commented 7 years ago

Sorry can't reproduce. But I will compile and try. Thanks for a quick fix

Jellyfrog commented 7 years ago

Will reopen if im seeing this again

EionRobb / purple-mattermost

free(): invalid pointer in mm_g_free_mattermost_user() #68