channels_list mangled, resulting in crash in xep/muc-reconnect.c

[irssibot]

• • • Issue #906 opened by @saper

I am idling on open_chat@conference.igniterealtime.org MUC channel (it's public) and from time to time (like once per two weeks) irssi crashes with SIGSEGV:

#0  0x0000000803c13071 in sig_conn_copy (dest=0x7fffffffe570, src=0x814a35100)
    at xep/muc-reconnect.c:39
#1  0x00000000004a2112 in signal_emit_real (rec=0x803ac4160, params=2, va=0x7fffffffe460, 
    first_hook=0x803b89160) at signals.c:242
#2  0x00000000004a2385 in signal_emit (signal=0x4cc51d "server connect copy", params=2)
    at signals.c:286
#3  0x000000000049c5d6 in server_connect_copy_skeleton (src=0x814a35100, connect_info=0)
    at servers-reconnect.c:154
#4  0x000000000049c9ca in sig_reconnect (server=0x813147580) at servers-reconnect.c:225
#5  0x00000000004a2112 in signal_emit_real (rec=0x803ab5240, params=2, va=0x7fffffffe6d0, 
    first_hook=0x803ab4d60) at signals.c:242
#6  0x00000000004a2385 in signal_emit (signal=0x4cc08f "server connect failed", params=2)
    at signals.c:286
#7  0x000000000049a664 in server_connect_failed (server=0x813147580, msg=0x0) at servers.c:47
#8  0x000000000049b769 in server_disconnect (server=0x813147580) at servers.c:482
#9  0x0000000803c0a0ae in check_connection_timeout (server=0x813147580) at xmpp-servers.c:444
#10 0x0000000800e15ca7 in g_source_get_time () from /usr/local/lib/libglib-2.0.so.0
#11 0x0000000800e15372 in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.0
#12 0x0000000800e18cee in g_main_context_prepare () from /usr/local/lib/libglib-2.0.so.0
#13 0x0000000800e192d2 in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.0
#14 0x000000000042e89d in main (argc=1, argv=0x7fffffffe9f0) at irssi.c:356
#0  0x0000000803c13071 in sig_conn_copy (dest=0x7fffffffe570, src=0x814a35100)
    at xep/muc-reconnect.c:39

39 conn->channels_list = g_slist_append(conn->channels_list, 34 if (!IS_XMPP_SERVER_CONNECT(src)) 35 return; 36 conn = (XMPP_SERVER_CONNECT_REC )dest; 37 conn->channels_list = NULL; 38 for (tmp = src->channels_list; tmp != NULL; tmp = tmp->next) { 39 conn->channels_list = g_slist_append(conn->channels_list, 40 g_strdup(tmp->data)); 41 } 42 } 43
$1 = (GSList ) 0x812bb3760 $2 = {data = 0x814af8a40, next = 0x0} $3 = (GSList ) 0x53440aaf Cannot access memory at address 0x53440aaf $4 = (GSList ) 0x80b7bed90 $5 = {data = 0x80b7a56b0, next = 0x53440aaf} $6 = (GSList ) 0x53440aaf

I have no idea why src->channels_list is corrupted.

[irssibot]

• • • Comment 1667 by @saper

Forgot to add - this might be important - this is 64bit FreeBSD