Bug 971451 - Pidgin 2.10.x crash when erasing <hr >s in chat window
Pidgin 2.10.x crash when erasing <hr >s in chat window
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: pidgin (Show other bugs)
20
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Stu Tomlinson
Fedora Extras Quality Assurance
https://developer.pidgin.im/ticket/15994
abrt_hash:d1f6f19b952284ee24cd997ace9...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-06 10:43 EDT by Eric L
Modified: 2015-06-29 07:59 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1236550 (view as bug list)
Environment:
Last Closed: 2015-06-29 07:59:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (67.07 KB, text/plain)
2013-06-06 10:43 EDT, Eric L
no flags Details
File: cgroup (127 bytes, text/plain)
2013-06-06 10:43 EDT, Eric L
no flags Details
File: core_backtrace (10.10 KB, text/plain)
2013-06-06 10:43 EDT, Eric L
no flags Details
File: dso_list (22.36 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: environ (1.66 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: limits (1.29 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: maps (113.38 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: open_fds (1.73 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: proc_pid_status (947 bytes, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: smolt_data (3.25 KB, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
File: xsession_errors (87 bytes, text/plain)
2013-06-06 10:44 EDT, Eric L
no flags Details
Trivial HTML file which make Pidgin crash (35 bytes, text/html)
2014-05-09 09:09 EDT, Seb L.
no flags Details

  None (edit)
Description Eric L 2013-06-06 10:43:48 EDT
Description of problem:
Was erasing HTML-formatted text  from an XMPP message box when it completely crashed after I backspaced an <hr/> (from Pidign's own <hr>s splitting old vs current chat history)

Version-Release number of selected component:
pidgin-2.10.7-2.fc18

Additional info:
backtrace_rating: 4
cmdline:        pidgin
crash_function: sighandler
executable:     /usr/bin/pidgin
kernel:         3.8.4-202.fc18.x86_64
uid:            1000
ureports_counter: 1
var_log_messages: Jun  6 10:24:02 ericdesktop abrt[4569]: Saved core dump of pid 17063 (/usr/bin/pidgin) to /var/tmp/abrt/ccpp-2013-06-06-10:24:01-17063 (106803200 bytes)

Truncated backtrace:
Thread no. 1 (10 frames)
 #2 sighandler at gtkmain.c:179
 #5 gtk_widget_set_size_request at gtkwidget.c:8048
 #6 gtk_imhtml_size_allocate at gtkimhtml.c:414
 #11 gtk_widget_size_allocate at gtkwidget.c:4122
 #12 gtk_scrolled_window_size_allocate at gtkscrolledwindow.c:1436
 #13 g_cclosure_marshal_VOID__BOXEDv at gmarshal.c:1160
 #14 _g_closure_invoke_va at gclosure.c:840
 #17 gtk_widget_size_allocate at gtkwidget.c:4122
 #18 gtk_box_size_allocate at gtkbox.c:500
 #19 g_cclosure_marshal_VOID__BOXEDv at gmarshal.c:1160
Comment 1 Eric L 2013-06-06 10:43:52 EDT
Created attachment 757705 [details]
File: backtrace
Comment 2 Eric L 2013-06-06 10:43:55 EDT
Created attachment 757706 [details]
File: cgroup
Comment 3 Eric L 2013-06-06 10:43:58 EDT
Created attachment 757707 [details]
File: core_backtrace
Comment 4 Eric L 2013-06-06 10:44:01 EDT
Created attachment 757708 [details]
File: dso_list
Comment 5 Eric L 2013-06-06 10:44:04 EDT
Created attachment 757709 [details]
File: environ
Comment 6 Eric L 2013-06-06 10:44:09 EDT
Created attachment 757710 [details]
File: limits
Comment 7 Eric L 2013-06-06 10:44:12 EDT
Created attachment 757711 [details]
File: maps
Comment 8 Eric L 2013-06-06 10:44:15 EDT
Created attachment 757712 [details]
File: open_fds
Comment 9 Eric L 2013-06-06 10:44:19 EDT
Created attachment 757713 [details]
File: proc_pid_status
Comment 10 Eric L 2013-06-06 10:44:21 EDT
Created attachment 757714 [details]
File: smolt_data
Comment 11 Eric L 2013-06-06 10:44:24 EDT
Created attachment 757715 [details]
File: xsession_errors
Comment 12 Fedora End Of Life 2013-12-21 08:53:34 EST
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 13 Fedora End Of Life 2014-02-05 16:42:24 EST
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 14 Christoph Wickert 2014-04-23 07:54:16 EDT
Reopening. As you can see at https://retrace.fedoraproject.org/faf/problems/740148/ the crash still occurs in Fedora 20.
Comment 15 Eric L 2014-04-23 08:03:21 EDT
Although Pidgin still occasionally crashes, I don't remember the newer FC20 versions ever hanging after pasting in HTML-formatted text from Chrome--the trigger for the initial crash report.
Comment 16 Seb L. 2014-05-09 08:48:25 EDT
Hi,

I just got exactly the same problem on Fedora 20: crash immediately after deleting (delete key, not backspace) a <hr/>-like object, pasted from Firefox.

Here is the corresponding report from the problem tracker:
  https://retrace.fedoraproject.org/faf/reports/71137/
Comment 17 Seb L. 2014-05-09 09:09:19 EDT
Created attachment 894031 [details]
Trivial HTML file which make Pidgin crash

Bug reproduction is trivial:
1) open the attached "make_pidgin_crash.html" with firefox;
2) copy the whole content;
3) paste it into pidgin's message composition area;
4) backspace until you reach the <hr />, which will cause Pidgin to crash.
[Pidgin crash]
Comment 18 Eric L 2014-05-09 12:29:03 EDT
Beautiful! As soon as I start backspacing (after doing a normal paste from Chrome), Pidgin crashes and spams variations of this to the terminal (during an strace):

brk(0)                                  = 0x2990000
brk(0x29b1000)                          = 0x29b1000
poll([{fd=6, events=POLLIN|POLLOUT}], 1, 4294967295) = 1 ([{fd=6, revents=POLLIN|POLLOUT}])
recvfrom(6, "\34\0\257T?\2\0\4(\0\0\0\371\315N\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096, 0, NULL, NULL) = 4096
writev(6, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0"..., 16384}, {NULL, 0}, {"", 0}], 3) = 16384
recvfrom(6, "\34\0/U?\2\0\4(\0\0\0\371\315N\17\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096, 0, NULL, NULL) = 1344
recvfrom(6, 0xaa88f4, 4096, 0, 0, 0)    = -1 EAGAIN (Resource temporarily unavailable)

The final recvfrom() call is repeated exactly as is, whereas the other recvfrom()s and writev() vary in their addresses/parameters/whatever they're called.

Pasting as unformatted text (so that test HTML simply becomes "A\nB") does not lead to a crash.
Comment 19 Eric L 2014-05-09 12:31:50 EDT
This is under version 2.10.9-1.fc20 (libpurple 2.10.9)
Comment 20 Eric L 2014-05-09 12:34:44 EDT
Found reference on the official Pidgin bug tracker to what is presumably the same bug.
https://developer.pidgin.im/ticket/15994
Comment 21 Alexandr 2014-11-15 06:02:06 EST
Another user experienced a similar problem:

i have copied previous messages into message input, tried to remove empty lines and it crashed.

reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        pidgin
crash_function: sighandler
executable:     /usr/bin/pidgin
kernel:         3.17.2-200.fc20.x86_64
package:        pidgin-2.10.10-1.fc20
reason:         pidgin killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 22 Fedora End Of Life 2015-05-29 05:05:57 EDT
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 23 Fedora End Of Life 2015-06-29 07:59:26 EDT
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.