search

tieto / sipe

A third-party Pidgin plugin for Microsoft Lync/OCS - clone of upstream http://repo.or.cz/w/siplcs.git
GNU General Public License v2.0
129 stars 24 forks source link

Pidgin crash on end of incoming screen sharing #104

Open dwmw2 opened 8 years ago

dwmw2 commented 8 years ago

libnice commit 30a0c230ae9 ("conncheck: Remove pairs before freeing candidate") sipe commit 7db9f6e4d6ac ("Fix build with Pidgin 2.x again")

Lots of use-after-free bugs fixed in the last couple of days, but still one crasher left (at least it crashes in valgrind; perhaps we get luckier if not in valgrind).

This happens when an 1:1 incoming screen share is terminated by the peer:

...
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20: inbound STUN packet for 1/1 (stream/component) from [92.59.38.244]:53626 (108 octets) :
(Pidgin:142411): libnice-stun-DEBUG: STUN demux: OK!
(Pidgin:142411): libnice-stun-DEBUG: Comparing username/ufrag of len 12 and 4, equal=0
(Pidgin:142411): libnice-stun-DEBUG:   username: 0x474c71433a75793065000000
(Pidgin:142411): libnice-stun-DEBUG:   ufrag:    0x474c7143
(Pidgin:142411): libnice-stun-DEBUG: Found valid username, returning password: 'BJ41FANDdL+nxYE9ylI2/N'
(Pidgin:142411): libnice-stun-DEBUG:  Message HMAC-SHA1 fingerprint:
(Pidgin:142411): libnice-stun-DEBUG:   key     : 0x424a343146414e44644c2b6e78594539796c49322f4e
(Pidgin:142411): libnice-stun-DEBUG:   expected: 0xf57d6ddb6a6e3bb0738edbf9b3711b6687deaf4e
(Pidgin:142411): libnice-stun-DEBUG:   received: 0xf57d6ddb6a6e3bb0738edbf9b3711b6687deaf4e
(Pidgin:142411): libnice-stun-DEBUG: STUN auth: OK!
(Pidgin:142411): libnice-stun-DEBUG: STUN unknown: 0 mandatory attribute(s)!
(Pidgin:142411): libnice-stun-DEBUG: STUN Reply (buffer size = 1300)...
(Pidgin:142411): libnice-stun-DEBUG:  Message HMAC-SHA1 message integrity:
(Pidgin:142411): libnice-stun-DEBUG:   key     : 0x424a343146414e44644c2b6e78594539796c49322f4e
(Pidgin:142411): libnice-stun-DEBUG:   sent    : 0x8ecd6f2cc689ae340d365869072c0a357174f674
(Pidgin:142411): libnice-stun-DEBUG:  Message HMAC-SHA1 fingerprint: 0xa41ba50e
(Pidgin:142411): libnice-stun-DEBUG:  All done (response size: 80)
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : STUN-CC RESP to '92.59.38.244:53626', socket=81, len=80, cand=0x31e1cd50 (c-id:1), use-cand=1.
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : Found a matching pair 0x31e61450 for triggered check.
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : Skipping triggered check, already completed..
(Pidgin:142411): libnice-DEBUG: Agent XXX: Finding highest priority for component 1
(Pidgin:142411): libnice-DEBUG: Agent XXX: Pruning pending checks. Highest nominated priority is 7956173873291466750
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : conn.check list status: 2 nominated, 2 valid, c-id 1.
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : marking pair 0x31e61450 (24:remote-1) as nominated
(Pidgin:142411): libnice-DEBUG: Agent XXX: Finding highest priority for component 1
(Pidgin:142411): libnice-DEBUG: Agent XXX: Pruning pending checks. Highest nominated priority is 7956173873291466750
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : conn.check list status: 2 nominated, 2 valid, c-id 1.
(Pidgin:142411): libnice-DEBUG: agent_recv_message_unlocked: Valid STUN packet received.
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20: agent_recv_message_unlocked returned -1, errno (11) : Resource temporarily unavailable
(Pidgin:142411): libnice-DEBUG: component_io_cb: error receiving message
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : Retransmissions failed, giving up on connectivity check 0x33d0bb30
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : pair 0x33d0bb30 state FAILED
(Pidgin:142411): libnice-DEBUG: Detach socket 0x2b0e7910.
(Pidgin:142411): libnice-DEBUG: Detaching source 0x2a66ff90 (socket 0x2b0e7910, FD 82) from context 0x2a991e70
(Pidgin:142411): libnice-DEBUG: Detaching source (nil) (socket 0x2b0e7910, FD 82) from context (nil)
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20: NiceSocket 0x2e4c9530 has received HUP
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : Retransmissions failed, giving up on connectivity check 0x31e61450
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20 : pair 0x31e61450 state FAILED
(Pidgin:142411): libnice-DEBUG: Detach socket 0x2e4c9530.
(Pidgin:142411): libnice-DEBUG: Detaching source 0x2de7f180 (socket 0x2e4c9530, FD 81) from context 0x2a991e70
(Pidgin:142411): libnice-DEBUG: Detaching source (nil) (socket 0x2e4c9530, FD 81) from context (nil)
(Pidgin:142411): libnice-DEBUG: Agent 0x1b961b20: NiceSocket 0x2dfe8bb0 has received HUP
(Pidgin:142411): libnice-DEBUG: Detach socket 0x2dfe8bb0.
(Pidgin:142411): libnice-DEBUG: Detaching source 0x3192f850 (socket 0x2dfe8bb0, FD 83) from context 0x2a991e70
(Pidgin:142411): libnice-DEBUG: Detaching source (nil) (socket 0x2dfe8bb0, FD 83) from context (nil)
==142411== Thread 4:
==142411== Invalid read of size 8
==142411==    at 0x208C8340: nice_socket_send_messages (socket.c:153)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==  Address 0x2e4c9560 is 48 bytes inside a block of size 112 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x9157CD6: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0B9: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:99)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 8
==142411==    at 0x208C9F9A: socket_send_messages (tcp-bsd.c:354)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==  Address 0x2e4c9598 is 104 bytes inside a block of size 112 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x9157CD6: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0B9: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:99)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 8
==142411==    at 0x208C9C6E: socket_send_message (tcp-bsd.c:288)
==142411==    by 0x208C9FDA: socket_send_messages (tcp-bsd.c:360)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==  Address 0x2e4c9598 is 104 bytes inside a block of size 112 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x9157CD6: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0B9: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:99)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 4
==142411==    at 0x208C9C94: socket_send_message (tcp-bsd.c:298)
==142411==    by 0x208C9FDA: socket_send_messages (tcp-bsd.c:360)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==  Address 0x2d48f2c8 is 72 bytes inside a block of size 96 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208C85DB: nice_socket_free (socket.c:280)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0C6: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:100)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 8
==142411==    at 0x9960027: g_queue_is_empty (gqueue.c:159)
==142411==    by 0x208C9CC2: socket_send_message (tcp-bsd.c:305)
==142411==    by 0x208C9FDA: socket_send_messages (tcp-bsd.c:360)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==  Address 0x2d48f2a0 is 32 bytes inside a block of size 96 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208C85DB: nice_socket_free (socket.c:280)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0C6: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:100)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 8
==142411==    at 0x208C9D40: socket_send_message (tcp-bsd.c:306)
==142411==    by 0x208C9FDA: socket_send_messages (tcp-bsd.c:360)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==  Address 0x2e4c9550 is 32 bytes inside a block of size 112 free'd
==142411==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==142411==    by 0x9955F6D: g_free (gmem.c:189)
==142411==    by 0x996D44F: g_slice_free1 (gslice.c:1136)
==142411==    by 0x208AA7E4: socket_source_free (component.c:144)
==142411==    by 0x208B559E: component_io_cb (agent.c:4879)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411==    by 0x3CFD6D23: gst_nice_src_create (gstnicesrc.c:291)
==142411==    by 0x915631E: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x9157CD6: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==  Block was alloc'd at
==142411==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==142411==    by 0x9955E58: g_malloc (gmem.c:94)
==142411==    by 0x996CD42: g_slice_alloc (gslice.c:1025)
==142411==    by 0x996D36D: g_slice_alloc0 (gslice.c:1051)
==142411==    by 0x208CA0B9: nice_tcp_bsd_socket_new_from_gsock (tcp-bsd.c:99)
==142411==    by 0x208CA946: nice_tcp_passive_socket_accept (tcp-passive.c:306)
==142411==    by 0x208B4C27: agent_recv_message_unlocked (agent.c:3487)
==142411==    by 0x208B5AA2: component_io_cb (agent.c:4969)
==142411==    by 0x6EF9160: socket_source_dispatch (gsocket.c:3543)
==142411==    by 0x9950702: g_main_dispatch (gmain.c:3154)
==142411==    by 0x9950702: g_main_context_dispatch (gmain.c:3769)
==142411==    by 0x9950AAF: g_main_context_iterate.isra.29 (gmain.c:3840)
==142411==    by 0x9950DD1: g_main_loop_run (gmain.c:4034)
==142411== 
==142411== Invalid read of size 8
==142411==    at 0x6EFC8B4: g_socket_send_message (gsocket.c:4255)
==142411==    by 0x208C9D5F: socket_send_message (tcp-bsd.c:306)
==142411==    by 0x208C9FDA: socket_send_messages (tcp-bsd.c:360)
==142411==    by 0x208B2B85: nice_agent_send_messages_nonblocking_internal (agent.c:4539)
==142411==    by 0x3CFD7381: gst_nice_sink_render_buffers (gstnicesink.c:297)
==142411==    by 0x3CFD7D42: gst_nice_sink_render (gstnicesink.c:331)
==142411==    by 0x9151266: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x91526AF: ??? (in /usr/lib64/libgstbase-1.0.so.0.802.0)
==142411==    by 0x93F9686: ??? (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x9401691: gst_pad_push (in /usr/lib64/libgstreamer-1.0.so.0.802.0)
==142411==    by 0x37611439: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==    by 0x376118F8: ??? (in /usr/lib64/gstreamer-1.0/libgstcoreelements.so)
==142411==  Address 0x18 is not stack'd, malloc'd or (recently) free'd
==142411== 
Pidgin 2.10.12-5.fc25 has segfaulted and attempted to dump a core file.
This is a bug in the software and has happened through
no fault of your own.

If you can reproduce the crash, please notify the developers
by reporting a bug at:
http://developer.pidgin.im/simpleticket/

Please make sure to specify what you were doing at the time
and post the backtrace from the core file.  If you do not know
how to get the backtrace, please read the instructions at
http://developer.pidgin.im/wiki/GetABacktrace
==142411== 
==142411== Process terminating with default action of signal 6 (SIGABRT)
==142411==    at 0xAA0F6F5: raise (in /usr/lib64/libc-2.23.so)
==142411==    by 0xAA112F9: abort (in /usr/lib64/libc-2.23.so)
==142411==    by 0x1923E9: sighandler (gtkmain.c:179)
==142411==    by 0xA7CFC2F: ??? (in /usr/lib64/libpthread-2.23.so)
==142411==    by 0x6EFC8B3: g_socket_send_message (gsocket.c:4251)
==142411== 
==142411== HEAP SUMMARY:
==142411==     in use at exit: 22,304,761 bytes in 305,088 blocks
==142411==   total heap usage: 2,729,696 allocs, 2,424,608 frees, 227,287,014 bytes allocated
==142411== 
==142411== LEAK SUMMARY:
==142411==    definitely lost: 70,703 bytes in 84 blocks
==142411==    indirectly lost: 90,760 bytes in 3,769 blocks
==142411==      possibly lost: 2,844,797 bytes in 4,036 blocks
==142411==    still reachable: 18,355,125 bytes in 291,000 blocks
==142411==                       of which reachable via heuristic:
==142411==                         length64           : 10,464 bytes in 147 blocks
==142411==                         newarray           : 2,336 bytes in 66 blocks
==142411==         suppressed: 0 bytes in 0 blocks
==142411== Rerun with --leak-check=full to see details of leaked memory
==142411== 
==142411== For counts of detected and suppressed errors, rerun with: -v
==142411== Use --track-origins=yes to see where uninitialised values come from
==142411== ERROR SUMMARY: 81 errors from 12 contexts (suppressed: 0 from 0)
Killed