Crash when disconnecting from partially-connected SSL jabber account

[Kena]

Program received signal SIGSEGV, Segmentation fault. 0xff1427f0 in gnutls_certificate_free_keys () from /usr/local/lib/libgnutls.so.13 (gdb) bt #0 0xff1427f0 in gnutls_certificate_free_keys () from /usr/local/lib/libgnutls.so.13 #1 0xff142b84 in gnutls_certificate_free_credentials () from /usr/local/lib/libgnutls.so.13 #2 0x0003e738 in ssl_disconnect (conn_=0x62dd8) at ssl_gnutls.c:218 #3 0x00030e7c in jabber_close (gc=0x64118) at jabber.c:205 #4 0x00029f4c in signoff (gc=0x64118) at nogaim.c:293 #5 0x00015828 in account_off (irc=0x59388, a=0x5fb78) at account.c:226 #6 0x00023394 in cmd_account (irc=0x59388, cmd=0xffbfec78) at root_commands.c:341 #7 0x000226a4 in root_command (irc=0x59388, cmd=0xffbfec78) at root_commands.c:95 #8 0x00022588 in root_command_string (irc=0x59388, u=0x59568, command=0xffbfee9a "account", flags=0) at root_commands.c:77 #9 0x0001d544 in irc_send (irc=0x59388, nick=0x56d98 "root", s=0xffbfee9a "account", flags=0) at irc.c:1034 #10 0x0001f120 in irc_cmd_privmsg (irc=0x59388, cmd=0x60068) at irc_commands.c:265 #11 0x000207cc in irc_exec (irc=0x59388, cmd=0x60068) at irc_commands.c:639 #12 0x0001ace0 in irc_process (irc=0x59388) at irc.c:354 #13 0x0001604c in bitlbee_io_current_client_read (data=0x59388, fd=12, cond=GAIM_INPUT_READ) at bitlbee.c:204 #14 0x00036b34 in b_event_passthrough (fd=12, event=2, data=0x59418) at events_libevent.c:112 #15 0xff245cf4 in event_process_active () from /usr/local/lib/libevent-1.2a.so.1 #16 0xff2461a4 in event_base_loop () from /usr/local/lib/libevent-1.2a.so.1 #17 0xff245e68 in event_loop () from /usr/local/lib/libevent-1.2a.so.1 #18 0xff245d28 in event_dispatch () from /usr/local/lib/libevent-1.2a.so.1 #19 0x00036a00 in b_main_run () at events_libevent.c:71 #20 0x00028a38 in main (argc=3, argv=0xffbff764, envp=0xffbff774) at unix.c:117 (gdb) up #1 0xff142b84 in gnutls_certificate_free_credentials () from /usr/local/lib/libgnutls.so.13 (gdb) #2 0x0003e738 in ssl_disconnect (conn_=0x62dd8) at ssl_gnutls.c:218 218 gnutls_certificate_free_credentials( conn->xcred ); (gdb) print *conn $1 = {func = 0x2d49c <jabber_connected_ssl>, data = 0x64118, fd = 15, established = 0, inpa = -1, session = 0x0, xcred = 0x0}

Looks like gnutls_certificate_free_credentials should not be called if xcred is NULL.

Or maybe it should not be NULL in the first place?

[Kena]

Sorry for the formatting...

Program received signal SIGSEGV, Segmentation fault.
0xff1427f0 in gnutls_certificate_free_keys () from /usr/local/lib/libgnutls.so.13
(gdb) bt
#0  0xff1427f0 in gnutls_certificate_free_keys () from /usr/local/lib/libgnutls.so.13
#1  0xff142b84 in gnutls_certificate_free_credentials () from /usr/local/lib/libgnutls.so.13
#2  0x0003e738 in ssl_disconnect (conn_=0x62dd8) at ssl_gnutls.c:218
#3  0x00030e7c in jabber_close (gc=0x64118) at jabber.c:205
#4  0x00029f4c in signoff (gc=0x64118) at nogaim.c:293
#5  0x00015828 in account_off (irc=0x59388, a=0x5fb78) at account.c:226
#6  0x00023394 in cmd_account (irc=0x59388, cmd=0xffbfec78) at root_commands.c:341
#7  0x000226a4 in root_command (irc=0x59388, cmd=0xffbfec78) at root_commands.c:95
#8  0x00022588 in root_command_string (irc=0x59388, u=0x59568, command=0xffbfee9a "account", flags=0) at root_commands.c:77
#9  0x0001d544 in irc_send (irc=0x59388, nick=0x56d98 "root", s=0xffbfee9a "account", flags=0) at irc.c:1034
#10 0x0001f120 in irc_cmd_privmsg (irc=0x59388, cmd=0x60068) at irc_commands.c:265
#11 0x000207cc in irc_exec (irc=0x59388, cmd=0x60068) at irc_commands.c:639
#12 0x0001ace0 in irc_process (irc=0x59388) at irc.c:354
#13 0x0001604c in bitlbee_io_current_client_read (data=0x59388, fd=12, cond=GAIM_INPUT_READ) at bitlbee.c:204
#14 0x00036b34 in b_event_passthrough (fd=12, event=2, data=0x59418) at events_libevent.c:112
#15 0xff245cf4 in event_process_active () from /usr/local/lib/libevent-1.2a.so.1
#16 0xff2461a4 in event_base_loop () from /usr/local/lib/libevent-1.2a.so.1
#17 0xff245e68 in event_loop () from /usr/local/lib/libevent-1.2a.so.1
#18 0xff245d28 in event_dispatch () from /usr/local/lib/libevent-1.2a.so.1
#19 0x00036a00 in b_main_run () at events_libevent.c:71
#20 0x00028a38 in main (argc=3, argv=0xffbff764, envp=0xffbff774) at unix.c:117
(gdb) up
#1  0xff142b84 in gnutls_certificate_free_credentials () from /usr/local/lib/libgnutls.so.13
(gdb) 
#2  0x0003e738 in ssl_disconnect (conn_=0x62dd8) at ssl_gnutls.c:218
218             gnutls_certificate_free_credentials( conn->xcred );
(gdb) print *conn
$1 = {func = 0x2d49c <jabber_connected_ssl>, data = 0x64118, fd = 15, established = 0, inpa = -1, session = 0x0, xcred = 0x0}

Looks like gnutls_certificate_free_credentials should not be called if xcred is NULL.

Or maybe it should not be NULL in the first place?

[Kena]

Note: this happened when doing "account off" after "account on", before authentication takes place.

[darkk]

valgrind log for very alike bug

==19501== Invalid read of size 4
==19501==    at 0x806A082: jabber_connected_plain (io.c:246)
==19501==    by 0x80A1456: s5_canread_again (proxy.c:351)
==19501==    by 0x809D7D2: gaim_io_invoke (events_glib.c:84)
==19501==    by 0x408052B: (within /usr/lib/libglib-2.0.so.0.1000.3)
==19501==    by 0x40598D5: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1000.3)
==19501==    by 0x405C995: (within /usr/lib/libglib-2.0.so.0.1000.3)
==19501==    by 0x405CCB7: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1000.3)
==19501==    by 0x809D75F: b_main_run (events_glib.c:63)
==19501==    by 0x80612DB: main (unix.c:117)
==19501==  Address 0x44B83CC is 268 bytes inside a block of size 276 free'd
==19501==    at 0x401CFCF: free (vg_replace_malloc.c:235)
==19501==    by 0x4060EEB: g_free (in /usr/lib/libglib-2.0.so.0.1000.3)
==19501==    by 0x8061F0D: imc_free (nogaim.c:182)
==19501==    by 0x806265B: imc_logout (nogaim.c:357)
==19501==    by 0x8053073: account_off (account.c:226)
==19501==    by 0x805D102: cmd_account (root_commands.c:344)
==19501==    by 0x805C7A8: root_command (root_commands.c:95)
==19501==    by 0x805C709: root_command_string (root_commands.c:77)
==19501==    by 0x80591C1: irc_send (irc.c:1034)
==19501==    by 0x805A49E: irc_cmd_privmsg (irc_commands.c:265)
==19501==    by 0x805B571: irc_exec (irc_commands.c:639)
==19501==    by 0x805739A: irc_process (irc.c:354)

[darkk]

seems, that's because I use socks5 proxy and bitlbee does not remove socks5 events from event list while account off, not sure, but seems so.

[darkk]

#0  0x0805ec5f in set_find (head=0x150078, key=0x80af040 "strip_html") at set.c:64
#1  0x0805ecab in set_getstr (head=0x150078, key=0x80af040 "strip_html") at set.c:78
#2  0x08067f0d in serv_got_crap (ic=0x80de2d0, format=0x80af078 "Error: %s") at nogaim.c:188
#3  0x080680d3 in imcb_error (ic=0x80de2d0, format=0x80b0c24 "Could not connect to server") at nogaim.c:233
#4  0x0806fdc8 in jabber_connected_plain (data=0x80de2d0, source=-1, cond=GAIM_INPUT_READ) at io.c:244
#5  0x08066093 in s5_canread_again (data=0x80de0d8, source=7, cond=GAIM_INPUT_READ) at proxy.c:351
#6  0x0806240f in gaim_io_invoke (source=0x80dd1a0, condition=G_IO_IN, data=0x80dd488) at events_glib.c:84
#7  0xb7ee752c in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#8  0xb7ec08d6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#9  0xb7ec3996 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#10 0xb7ec3cb8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#11 0x0806239c in b_main_run () at events_glib.c:63
#12 0x08061444 in main (argc=1, argv=0xbff4f084, envp=0xbff4f08c) at unix.c:117

[wilmer]

Fixed. darkk, I think your problem is similar to #231 so I'll hopefully fix that issue in there. The valgrind info you paste looks like you're right about the cause of this crash.