[OTR-dev] Crash when receiving message after canceling encrypted chat (with gdb backtrace)
Evan Schoenberg
evan.s at dreskin.net
Wed Feb 9 17:15:21 EST 2005
Here's a normal output with my logging. (The second set of information
in lines 2 through 4 is the pointer as output by %x).
otrl_proto_create_data: starting with context->lastmessage: "[resent]
<HTML>Message sent while secure</HTML>" msg: "<HTML>Another message
sent while secure</HTML>"
otrl_proto_create_data: will do strcpy("", "[resent] "), which is
strcpy(70ed248, 68596c4)
otrl_proto_create_data: will do strcat("[resent] ", "<HTML>Another
message sent while secure</HTML>"), which is strcat(70ed248, 634ce90)
otrl_proto_create_data: SUCCESS: generated [resent] <HTML>Another
message sent while secure</HTML> (70ed248)
Here's the crash:
otrl_proto_create_data: starting with context->lastmessage: "[resent]
<HTML>Another message sent while secure</HTML>" msg: "<HTML>Now, a
message sent after being notified the other side is no longer using
encryption</HTML>"
otrl_proto_create_data: will do strcpy("", "[resent] "), which is
strcpy(70f3e88, 68596c4)
otrl_proto_create_data: will do strcat("[resent] ", "<HTML>Now, a
message sent after being notified the other side is no longer using
encryption</HTML>"), which is strcat(70f3e88, 70f03e0)
otrl_proto_create_data: SUCCESS: generated [resent] <HTML>Now, a
message sent after being notified the other side is no longer using
encryption</HTML> (70f3e88)
otrl_proto_create_data: starting with context->lastmessage: "[resent]
<HTML>Now, a message sent after being notified the other side is no
longer using encryption</HTML>", "[resent] <HTML>Now, a message sent
after being notified the other side is no longer using
encryption</HTML>"
otrl_proto_create_data: will do strcpy("", "[resent] "), which is
strcpy(70f3e88, 68596c4)
otrl_proto_create_data: will do strcat("[resent] ", msg: "[resent] "),
which is strcat(70f3e88, 70f3e88)
*** malloc[19494]: error for object 0x70f1db0: Double free
<CRASH>
Two interesting things I notice here... First, that method is getting
called twice; presumably the second time is after encryption is
re-established. Second, the second call attempts to do strcat(x, x),
which crashes.
-Evan
On Feb 9, 2005, at 1:04 PM, Evan Schoenberg wrote:
>
> On Feb 9, 2005, at 12:59 PM, Ian Goldberg wrote:
>
>> On Wed, Feb 09, 2005 at 12:21:35PM -0600, Evan Schoenberg wrote:
>>> How would you recommend going about watching context->lastmessage?
>>
>> You could set a gdb watch on it, or more simply, just put printf's at
>> the handful of places where it's changed. Printing the value of the
>> msg
>> parameter at the beginning of otrl_proto_create_data may also help.
>>
> k, I'll do that this evening and let you know what it turns up.
>
>>> I'm still getting the exact same crash in 2.0.0, every time. I'm
>>> mystified.
>>
>> Is this using gaim, or using Adium? [I thought you were having
>> trouble
>> building gaim.]
>>
> Using Adium, which uses gaim-otr. So specifically, using gaim-otr
> 2.0.0, libotr 2.0.0, and Adium 0.8svn. Given that the backtrace is
> wholly within gaim, gaim-otr, and libgaim code, I'm unsure of how any
> Adium code could be responsible.... but then, if you're not seeing it,
> it stands to reason that it's either a problem in Adium or a problem
> in how OS X is handling something your system handles differently, I
> guess. We'll know more after some debug logging.
>
> (I have no problems building and using gaim. I can not build
> gaim-otr.)
>
> -Evan
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
More information about the OTR-dev
mailing list