[Bug 52362] Crash on startup (version 0.16.1)

Tue Nov 6 16:49:17 CET 2012

https://bugs.freedesktop.org/show_bug.cgi?id=52362

Will Thompson <will.thompson at collabora.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|telepathy-bugs at lists.freede |will.thompson at collabora.co.
                   |sktop.org                   |uk

--- Comment #1 from Will Thompson <will.thompson at collabora.co.uk> ---
(In reply to comment #0)
> (gdb) bt full
> #0  g_logv (log_domain=0x7fee782fa5ce "GLib",
> log_level=G_LOG_LEVEL_CRITICAL, format=0x7fee7830351a "%s: assertion `%s'
> failed", 
>     args1=args1 at entry=0x7fffa79c66c8) at gmessages.h:101
>         domain = 0x0
>         data = <optimized out>
>         depth = <optimized out>
>         log_func = <optimized out>
>         domain_fatal_mask = <optimized out>
>         masquerade_fatal = <optimized out>
>         test_level = <optimized out>
>         was_fatal = <optimized out>
>         was_recursion = <optimized out>
>         i = <optimized out>
> #1  0x00007fee782c2682 in g_log (log_domain=<optimized out>,
> log_level=log_level at entry=G_LOG_LEVEL_CRITICAL, format=format at entry=
>     0x7fee7830351a "%s: assertion `%s' failed") at gmessages.c:792
>         args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
> 0x7fffa79c67a0, reg_save_area = 0x7fffa79c66e0}}
> #2  0x00007fee782c26a9 in g_return_if_fail_warning (log_domain=<optimized
> out>, pretty_function=<optimized out>, 
>     expression=<optimized out>) at gmessages.c:801
> No locals.
> #3  0x00000000004811d0 in gabble_muc_factory_broadcast_presence
> (self=<optimized out>) at muc-factory.c:833
>         priv = <optimized out>
>         iter = {dummy1 = 0x8f8590, dummy2 = 0x0, dummy3 = 0x874e50, dummy4 =
> 9077616, dummy5 = 0, dummy6 = 0x108a0f0}
>         channel = 0x0
>         __PRETTY_FUNCTION__ = "gabble_muc_factory_broadcast_presence"

In 0.16.1, line 833 is:

  g_hash_table_iter_init (&iter, priv->text_channels);

Peering inside g_hash_table_iter_init, there are unsurprisingly two
g_return_if_fail()s:

  g_return_if_fail (iter != NULL);
  g_return_if_fail (hash_table != NULL);

So this case must be the latter case: priv->text_channels is NULL. It is set to
NULL in gabble_muc_factory_close_all(), which is called from dispose() and when
the GabbleConnection goes to state DISCONNECTED.

So a surface-level fix is to check if text_channels is NULL in
gabble_muc_factory_broadcast_presence(), for which a patch will follow. But I'm
interested in figuring out how this can happen. Onwards down the stack trace:

> #4  0x0000000000469d7c in set_shared_status_cb (source_object=<optimized
> out>, res=0x108a420, user_data=<optimized out>)
>     at conn-presence.c:349
>         result = 0x108a0f0 [GSimpleAsyncResult]
>         self = 0x8a8370 [GabbleConnection]
>         priv = 0x86f500
>         presence = 0x8b69a0 [GabblePresence]
>         error = 0x0

This is the successful path, where we've got a positive reply to our IQ setting
a new Google shared status.

So this looks like the following sequence of events:

• Sign in;
• Change status, triggering a shared status IQ being sent;
• Before we get a reply, Disconnect(), which will cause
GabbleMucFactory->priv->text_channels to be NULL;
• Now get a reply from the server. set_shared_status_cb() calls
gabble_muc_factory_broadcast_presence() which crashes.

But I wrote a test case for this, and it passed :/

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.