Bug 971451 - Pidgin 2.10.x crash when erasing <hr >s in chat window
Summary: Pidgin 2.10.x crash when erasing <hr >s in chat window
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: pidgin
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Stu Tomlinson
QA Contact: Fedora Extras Quality Assurance
URL: https://developer.pidgin.im/ticket/15994
Whiteboard: abrt_hash:d1f6f19b952284ee24cd997ace9...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-06 14:43 UTC by Eric L
Modified: 2015-06-29 11:59 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1236550 (view as bug list)
Environment:
Last Closed: 2015-06-29 11:59:26 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (67.07 KB, text/plain)
2013-06-06 14:43 UTC, Eric L
no flags Details
File: cgroup (127 bytes, text/plain)
2013-06-06 14:43 UTC, Eric L
no flags Details
File: core_backtrace (10.10 KB, text/plain)
2013-06-06 14:43 UTC, Eric L
no flags Details
File: dso_list (22.36 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: environ (1.66 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: limits (1.29 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: maps (113.38 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: open_fds (1.73 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: proc_pid_status (947 bytes, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: smolt_data (3.25 KB, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
File: xsession_errors (87 bytes, text/plain)
2013-06-06 14:44 UTC, Eric L
no flags Details
Trivial HTML file which make Pidgin crash (35 bytes, text/html)
2014-05-09 13:09 UTC, Seb L.
no flags Details

Description Eric L 2013-06-06 14:43:48 UTC
Description of problem:
Was erasing HTML-formatted text  from an XMPP message box when it completely crashed after I backspaced an <hr/> (from Pidign's own <hr>s splitting old vs current chat history)

Version-Release number of selected component:
pidgin-2.10.7-2.fc18

Additional info:
backtrace_rating: 4
cmdline:        pidgin
crash_function: sighandler
executable:     /usr/bin/pidgin
kernel:         3.8.4-202.fc18.x86_64
uid:            1000
ureports_counter: 1
var_log_messages: Jun  6 10:24:02 ericdesktop abrt[4569]: Saved core dump of pid 17063 (/usr/bin/pidgin) to /var/tmp/abrt/ccpp-2013-06-06-10:24:01-17063 (106803200 bytes)

Truncated backtrace:
Thread no. 1 (10 frames)
 #2 sighandler at gtkmain.c:179
 #5 gtk_widget_set_size_request at gtkwidget.c:8048
 #6 gtk_imhtml_size_allocate at gtkimhtml.c:414
 #11 gtk_widget_size_allocate at gtkwidget.c:4122
 #12 gtk_scrolled_window_size_allocate at gtkscrolledwindow.c:1436
 #13 g_cclosure_marshal_VOID__BOXEDv at gmarshal.c:1160
 #14 _g_closure_invoke_va at gclosure.c:840
 #17 gtk_widget_size_allocate at gtkwidget.c:4122
 #18 gtk_box_size_allocate at gtkbox.c:500
 #19 g_cclosure_marshal_VOID__BOXEDv at gmarshal.c:1160

Comment 1 Eric L 2013-06-06 14:43:52 UTC
Created attachment 757705 [details]
File: backtrace

Comment 2 Eric L 2013-06-06 14:43:55 UTC
Created attachment 757706 [details]
File: cgroup

Comment 3 Eric L 2013-06-06 14:43:58 UTC
Created attachment 757707 [details]
File: core_backtrace

Comment 4 Eric L 2013-06-06 14:44:01 UTC
Created attachment 757708 [details]
File: dso_list

Comment 5 Eric L 2013-06-06 14:44:04 UTC
Created attachment 757709 [details]
File: environ

Comment 6 Eric L 2013-06-06 14:44:09 UTC
Created attachment 757710 [details]
File: limits

Comment 7 Eric L 2013-06-06 14:44:12 UTC
Created attachment 757711 [details]
File: maps

Comment 8 Eric L 2013-06-06 14:44:15 UTC
Created attachment 757712 [details]
File: open_fds

Comment 9 Eric L 2013-06-06 14:44:19 UTC
Created attachment 757713 [details]
File: proc_pid_status

Comment 10 Eric L 2013-06-06 14:44:21 UTC
Created attachment 757714 [details]
File: smolt_data

Comment 11 Eric L 2013-06-06 14:44:24 UTC
Created attachment 757715 [details]
File: xsession_errors

Comment 12 Fedora End Of Life 2013-12-21 13:53:34 UTC
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 13 Fedora End Of Life 2014-02-05 21:42:24 UTC
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 14 Christoph Wickert 2014-04-23 11:54:16 UTC
Reopening. As you can see at https://retrace.fedoraproject.org/faf/problems/740148/ the crash still occurs in Fedora 20.

Comment 15 Eric L 2014-04-23 12:03:21 UTC
Although Pidgin still occasionally crashes, I don't remember the newer FC20 versions ever hanging after pasting in HTML-formatted text from Chrome--the trigger for the initial crash report.

Comment 16 Seb L. 2014-05-09 12:48:25 UTC
Hi,

I just got exactly the same problem on Fedora 20: crash immediately after deleting (delete key, not backspace) a <hr/>-like object, pasted from Firefox.

Here is the corresponding report from the problem tracker:
  https://retrace.fedoraproject.org/faf/reports/71137/

Comment 17 Seb L. 2014-05-09 13:09:19 UTC
Created attachment 894031 [details]
Trivial HTML file which make Pidgin crash

Bug reproduction is trivial:
1) open the attached "make_pidgin_crash.html" with firefox;
2) copy the whole content;
3) paste it into pidgin's message composition area;
4) backspace until you reach the <hr />, which will cause Pidgin to crash.
[Pidgin crash]

Comment 18 Eric L 2014-05-09 16:29:03 UTC
Beautiful! As soon as I start backspacing (after doing a normal paste from Chrome), Pidgin crashes and spams variations of this to the terminal (during an strace):

brk(0)                                  = 0x2990000
brk(0x29b1000)                          = 0x29b1000
poll([{fd=6, events=POLLIN|POLLOUT}], 1, 4294967295) = 1 ([{fd=6, revents=POLLIN|POLLOUT}])
recvfrom(6, "\34\0\257T?\2\0\4(\0\0\0\371\315N\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096, 0, NULL, NULL) = 4096
writev(6, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0"..., 16384}, {NULL, 0}, {"", 0}], 3) = 16384
recvfrom(6, "\34\0/U?\2\0\4(\0\0\0\371\315N\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096, 0, NULL, NULL) = 1344
recvfrom(6, 0xaa88f4, 4096, 0, 0, 0)    = -1 EAGAIN (Resource temporarily unavailable)

The final recvfrom() call is repeated exactly as is, whereas the other recvfrom()s and writev() vary in their addresses/parameters/whatever they're called.

Pasting as unformatted text (so that test HTML simply becomes "A\nB") does not lead to a crash.

Comment 19 Eric L 2014-05-09 16:31:50 UTC
This is under version 2.10.9-1.fc20 (libpurple 2.10.9)

Comment 20 Eric L 2014-05-09 16:34:44 UTC
Found reference on the official Pidgin bug tracker to what is presumably the same bug.
https://developer.pidgin.im/ticket/15994

Comment 21 Alexandr 2014-11-15 11:02:06 UTC
Another user experienced a similar problem:

i have copied previous messages into message input, tried to remove empty lines and it crashed.

reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        pidgin
crash_function: sighandler
executable:     /usr/bin/pidgin
kernel:         3.17.2-200.fc20.x86_64
package:        pidgin-2.10.10-1.fc20
reason:         pidgin killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000

Comment 22 Fedora End Of Life 2015-05-29 09:05:57 UTC
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 23 Fedora End Of Life 2015-06-29 11:59:26 UTC
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.