Control: reassign 631729 libloudmouth1-0 Control: retitle 631729 libloudmouth1-0: segfaults when connecting to a dual-stacked host Control: tags 631729 = ipv6
I am able to reproduce this now, both on i386 and amd64. The key is to connect to a hostname that resolves to both an IPv4 and an IPv6 address (there seems to have been a time when new installs created an /etc/hosts where this was the case for 'localhost', hence the difference between local and remote connections for some users). This is valgrind's memcheck output: ==11869== Invalid read of size 4 ==11869== at 0x4F384EE: socket_connect_cb (lm-socket.c:518) ==11869== by 0x427417D: g_io_unix_dispatch (giounix.c:166) ==11869== by 0x4233D85: g_main_context_dispatch (gmain.c:2539) ==11869== by 0x4234124: g_main_context_iterate.isra.21 (gmain.c:3146) ==11869== by 0x4234200: g_main_context_iteration (gmain.c:3207) ==11869== by 0x45204D2: (below main) (libc-start.c:226) ==11869== Address 0x512e58c is 4 bytes inside a block of size 24 free'd ==11869== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==11869== by 0x4239D0A: standard_free (gmem.c:98) ==11869== by 0x4239F8F: g_free (gmem.c:252) ==11869== by 0x4F37A0D: _lm_socket_succeeded (lm-socket.c:415) ==11869== by 0x4F386E9: socket_connect_cb (lm-socket.c:552) ==11869== by 0x427417D: g_io_unix_dispatch (giounix.c:166) ==11869== by 0x4233D85: g_main_context_dispatch (gmain.c:2539) ==11869== by 0x4234124: g_main_context_iterate.isra.21 (gmain.c:3146) ==11869== by 0x4234200: g_main_context_iteration (gmain.c:3207) ==11869== by 0x45204D2: (below main) (libc-start.c:226) And the backtrace is, as above: #0 lm_socket_ref (socket=0x1000100000003) at lm-socket.c:1208 #1 0x00007faa7563f6df in socket_connect_cb (source=0x1297750, condition=G_IO_OUT, connect_data=0x1294020) at lm-socket.c:518 #2 0x00007faa77752355 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007faa77752688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #4 0x00007faa77752744 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #5 0x000000000041905c in main () Looking at loudmouth's loudmouth/lm-socket.c, it seems clear to me that socket_connect_cb is called twice with condition G_IO_OUT, while expecting for this to happen no more than once, so that on the second invocation, connect_data->socket has already been freed. As this only happens for me when connecting to a host that resolves to both ipv4 and ipv6 (for irssi-plugin-xmpp that is: '/xmppconnect -h localhost <jid>', NOT '/xmppconnect -h 127.0.0.1 <jid>'), I suppose the GIO watch is triggered once for each protocol version. This may either be a bug in glib, or needs to be caught in libloudmouth. Florian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
