Modify ↓
Opened at 2016-02-10T00:20:33Z
Closed at 2016-02-18T11:31:00Z
#1248 closed defect (fixed)
Double free on channel rejoin
Reported by: | revmischa | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | BitlBee | Version: | devel |
Keywords: | Cc: | ||
IRC client+version: | Client-independent | Operating System: | Linux |
OS version/distro: | Centos7 |
Description
For some reason it keeps sending me JOIN #twitter_xyz over and over again. After a while it crashes.
recvfrom(17, "*\2\207u\3\317", 6, 0, NULL, NULL) = 6 recvfrom(17, "\0\r\0\t\0\0\0\0\0\24\0\2\0\1\21\0\3\0<\0\2\0\n\0\3\0\1\26\0\4\0\2"..., 975, 0, NULL, NULL) = 975 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 read(9, "JOIN #twitter_xyz \r\n", 512) = 28 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 read(9, "JOIN #twitter_xyz \r\nJOIN"..., 512) = 112 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 read(4, 0x7fffba9c0be0, 16) = -1 EAGAIN (Resource temporarily unavailable) write(4, "\1\0\0\0\0\0\0\0", 8) = 8 read(9, "JOIN #twitter_xyz \r\n", 512) = 28 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 getsockopt(24, SOL_SOCKET, SO_ERROR, [110], [4]) = 0 close(24) = 0 close(24) = -1 EBADF (Bad file descriptor) open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = -1 ENXIO (No such device or address) writev(2, [{"*** Error in `", 14}, {"/usr/local/sbin/bitlbee", 23}, {"': ", 3}, {"double free or corruption (fastt"..., 35}, {": 0x", 4}, {"00007f59d13352f0", 16}, {" ***\n", 5}], 7Feb 09 15:56:36 [redacted] bitlbee[17918]: *** Error in `/usr/local/sbin/bitlbee': double free or corruption (fasttop): 0x00007f59d13352f0 *** ) = 100
git version: db5ef3a204c3a518adb7cedde0ffb067d6336add
Attachments (0)
Change History (4)
comment:2 Changed at 2016-02-10T00:27:42Z by
Can you run it under valgrind? Just install valgrind, stop bitlbee and start it with "valgrind bitlbee -Dnv". That will give more useful output
comment:3 Changed at 2016-02-10T03:47:21Z by
==10181== Command: ./bitlbee -Dnv ==10181== ==10181== Invalid read of size 4 ==10181== at 0x5374800: g_int_hash (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x53734FB: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x146F98: phb_free (proxy.c:71) ==10181== by 0x1471EF: proxy_connected (proxy.c:128) ==10181== by 0x13F3FC: gaim_io_invoke (events_glib.c:86) ==10181== by 0x53847A9: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384AF7: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384DC9: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x13F36E: b_main_run (events_glib.c:59) ==10181== by 0x13CFB2: main (unix.c:172) ==10181== Address 0x114e113c is 44 bytes inside a block of size 72 free'd ==10181== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==10181== by 0x538A37E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x14701A: phb_free (proxy.c:85) ==10181== by 0x1483C5: proxy_disconnect (proxy.c:578) ==10181== by 0x16B54E: aim_conn_close (conn.c:319) ==10181== by 0x16B257: connkill_real (conn.c:155) ==10181== by 0x16B527: aim_conn_kill (conn.c:299) ==10181== by 0x17AA2D: oscar_chatnav_connect (oscar.c:755) ==10181== by 0x1471DE: proxy_connected (proxy.c:127) ==10181== by 0x13F3FC: gaim_io_invoke (events_glib.c:86) ==10181== by 0x53847A9: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384AF7: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== ==10181== Invalid read of size 8 ==10181== at 0x146FE6: phb_free (proxy.c:81) ==10181== by 0x1471EF: proxy_connected (proxy.c:128) ==10181== by 0x13F3FC: gaim_io_invoke (events_glib.c:86) ==10181== by 0x53847A9: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384AF7: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384DC9: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x13F36E: b_main_run (events_glib.c:59) ==10181== by 0x13CFB2: main (unix.c:172) ==10181== Address 0x114e1148 is 56 bytes inside a block of size 72 free'd ==10181== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==10181== by 0x538A37E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x14701A: phb_free (proxy.c:85) ==10181== by 0x5384AF7: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384DC9: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x13F36E: b_main_run (events_glib.c:59) ==10181== by 0x13CFB2: main (unix.c:172) ==10181== Address 0x114e1110 is 0 bytes inside a block of size 72 free'd ==10181== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==10181== by 0x538A37E: g_free (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x14701A: phb_free (proxy.c:85) ==10181== by 0x1483C5: proxy_disconnect (proxy.c:578) ==10181== by 0x16B54E: aim_conn_close (conn.c:319) ==10181== by 0x16B257: connkill_real (conn.c:155) ==10181== by 0x16B527: aim_conn_kill (conn.c:299) ==10181== by 0x17AA2D: oscar_chatnav_connect (oscar.c:755) ==10181== by 0x1471DE: proxy_connected (proxy.c:127) ==10181== by 0x13F3FC: gaim_io_invoke (events_glib.c:86) ==10181== by 0x53847A9: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181== by 0x5384AF7: ??? (in /usr/lib64/libglib-2.0.so.0.4200.2) ==10181==
comment:4 Changed at 2016-02-18T11:31:00Z by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note: See
TracTickets for help on using
tickets.