[BUG SUB] gaim crashes with libsilcgaim.so on Solaris Nevada - gaim
Vladimir Kotal
vlada at devnull.cz
Wed Sep 13 10:33:39 CEST 2006
Software: gaim
Version: 2.0.0beta3.1
Operating System: Solaris Nevada build 44
Installation: source
Severity: major
Description:
I am trying to get SILC plugin for gaim working on Solaris Nevada. I was able to compile libraries from silc-toolkit (albeit the irssi part of the toolkit has serious problems with portability) and installed. I was able to configure SILC account to use SOCKS5 proxy but just after successfull connect to SILC server gaim crashed.
The output of \"gaim -d\" looked like this:
account: Connecting to account vlada at silcnet.org
connection: Connecting. gc = 84f5128
Generating RSA Public and Private keys, might take a while...
Finding p: ...........
Finding q: .........................................Gaim has segfaulted and attempted to dump a core file.
This is a bug in the software and has happened through
no fault of your own.
It is possible that this bug is already fixed in CVS.
If you can reproduce the crash, please notify the gaim
developers by reporting a bug at
http://gaim.sourceforge.net/bug.php
Please make sure to specify what you were doing at the time
and post the backtrace from the core file. If you do not know
how to get the backtrace, please read the instructions at
http://gaim.sourceforge.net/gdb.php. If you need further
assistance, please IM either SeanEgn or LSchiere (via AIM).
Contact information for Sean and Luke on other protocols is at
http://gaim.sourceforge.net/contactinfo.php.
Abort (core dumped)
The stacktrace:
(gdb) backtrace
#0 0xfef55797 in _lwp_kill () from /lib/libc.so.1
#1 0xfef52c3f in thr_kill () from /lib/libc.so.1
#2 0xfef0f20f in raise () from /lib/libc.so.1
#3 0xfeef15a8 in abort () from /lib/libc.so.1
#4 0x080e5a30 in sighandler ()
#5 0xfef54b4f in __sighndlr () from /lib/libc.so.1
#6 0xfef4a695 in call_user_handler () from /lib/libc.so.1
#7 <signal handler called>
#8 0xfc36215a in _mp_move () from /lib/libmp.so.2
#9 0xfc36085b in mp_gcd () from /lib/libmp.so.2
#10 0xfae5d1fd in silc_mp_gcd (dst=0x8045098, mp1=0xfb590178, mp2=0xfaeb2b18)
at mp_tma.c:193
#11 0xfae39b6a in rsa_generate_keys (key=0x8514e00, bits=0, p=0x80450e0,
q=0x80450d0) at rsa.c:810
#12 0xfae39e13 in silc_rsa_init (context=0x8514e00, keylen=2048, rng=0x851b298)
at rsa.c:129
#13 0xfae4b8c0 in silc_pkcs_generate_key (pkcs=0x8519d58, bits_key_len=2048,
rng=0x851b298) at silcpkcs.c:295
#14 0xfae6b172 in silc_create_key_pair (pkcs_name=0xfaed9b3e \"rsa\",
key_len_bits=2048,
pub_filename=0x850d488 \"/local/vklocal/.silc/private_key.prv\",
prv_filename=0x84faf30 \"\", pub_identifier=0x0, passphrase=0xfaed9b3d \"\",
return_pkcs=0x0, return_public_key=0x0, return_private_key=0x0,
---Type <return> to continue, or q <return> to quit---
interactive=0 \'\\0\') at silcapputil.c:201
#15 0xfaed5a5d in silcgaim_check_silc_dir (gc=0x84f5128) at util.c:207
#16 0xfaec77b6 in silcgaim_login (account=0x8172cf0) at silc.c:333
#17 0x080842b2 in gaim_connection_new ()
#18 0x08077635 in gaim_account_connect ()
#19 0x080780b0 in gaim_account_set_enabled ()
#20 0x080bd52e in enable_account_cb ()
#21 0xfecaeb4d in g_cclosure_marshal_VOID__VOID ()
from /usr/lib/libgobject-2.0.so.0
#22 0xfec9a42a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#23 0xfecae3cc in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#24 0xfecad6d1 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#25 0xfecad86d in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#26 0xfc9f644c in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#27 0xfc922046 in gtk_menu_shell_activate_item ()
from /usr/lib/libgtk-x11-2.0.so.0
#28 0xfc9214bd in gtk_menu_shell_button_release ()
from /usr/lib/libgtk-x11-2.0.so.0
#29 0xfc91a663 in gtk_menu_button_release () from /usr/lib/libgtk-x11-2.0.so.0
#30 0xfc913f21 in _gtk_marshal_BOOLEAN__BOXED ()
from /usr/lib/libgtk-x11-2.0.so.0
#31 0xfec9a725 in g_type_class_meta_marshal ()
from /usr/lib/libgobject-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#32 0xfec9a42a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#33 0xfecae591 in signal_emit_unlocked_R () from /usr/lib/libgobject-2.0.so.0
#34 0xfecad467 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#35 0xfecad86d in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#36 0xfc9f62be in gtk_widget_event_internal ()
from /usr/lib/libgtk-x11-2.0.so.0
#37 0xfc9f5f4d in gtk_widget_event () from /usr/lib/libgtk-x11-2.0.so.0
#38 0xfc912a96 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#39 0xfc911ad4 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#40 0xfee6e27a in gdk_event_dispatch () from /usr/lib/libgdk-x11-2.0.so.0
#41 0xfedb9690 in g_main_dispatch () from /usr/lib/libglib-2.0.so.0
#42 0xfedba779 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#43 0xfedbab99 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#44 0xfedbb19e in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#45 0xfc9113f7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#46 0x080e63eb in main ()
(gdb)
Looking into silc-toolkit:
silc-toolkit-1.0.2/lib/silcmath/mp_tma.c:
void silc_mp_gcd(SilcMPInt *dst, SilcMPInt *mp1, SilcMPInt *mp2)
{
(void)mp_gcd(mp1, mp2, dst);
}
mp_gcd() comes from libmp.so (src/lib/libmp/common/util.c)
http://cvs.opensolaris.org/source/xref/on/usr/src/lib/libmp/common/gcd.c#27
6 void
27 mp_gcd(MINT *a, MINT *b, MINT *c)
28 {
29 MINT x, y, z, w;
30
31 x.len = y.len = z.len = w.len = 0;
32 _mp_move(a, &x);
33 _mp_move(b, &y);
34 while (y.len != 0) {
35 mp_mdiv(&x, &y, &w, &z);
36 _mp_move(&y, &x);
37 _mp_move(&z, &y);
38 }
39 _mp_move(&x, c);
40 _mp_xfree(&x);
41 _mp_xfree(&y);
42 _mp_xfree(&z);
43 _mp_xfree(&w);
44 }
30 _mp_move(MINT *a, MINT *b)
31 {
32 int i, j;
33
34 _mp_xfree(b);
35 b->len = a->len;
36 if ((i = a->len) < 0) {
37 i = -i;
38 }
39 if (i == 0) {
40 return;
41 }
42 b->val = _mp_xalloc(i, \"_mp_move\");
43 for (j = 0; j < i; j++) {
44 b->val[j] = a->val[j];
45 }
46 }
SilcMPInt is defined in silc-toolkit-1.0.2/lib/silcmath/silcmp.h as:
/****d* silcmath/SilcMPAPI/SilcMPInt
*
* NAME
*
* typedef SILC_MP_INT SilcMPInt;
*
* DESCRIPTION
*
* The SILC MP Integer definition. This is the actual MP integer.
* The type is defined as SILC_MP_INT as it is implementation specific
* and is unknown to the application.
*
* SOURCE
*/
typedef SILC_MP_INT SilcMPInt;
- SILC_MP_INT is:
./lib/silcmath/mp_tma.h
#define SILC_MP_INT mp_int
- mp_int is structure defined in ./lib/silcmath/tma.h as:
/* the infamous mp_int structure */
typedef struct {
int used, alloc, sign;
mp_digit *dp;
} mp_int;
- MINT in libmp in Solaris is defined like this:
http://cvs.opensolaris.org/source/xref/on/usr/src/head/mp.h#44
44 struct mint {
45 int len;
46 short *val;
47 };
48 typedef struct mint MINT;
- the contents of the first arg:
(gdb) x/16x 0x8045098
0x8045098: 0x08045108 0xfae39e13 0x08514e00 0x00000800
0x80450a8: 0x080450e0 0x080450d0 0xfaea19c9 0xfaea19bd
0x80450b8: 0x080450c0 0x00000400 0x00000000 0x00000000
0x80450c8: 0x00000000 0x00000000 0x00000025 0x00000040
(gdb) x/16d 0x8045098
0x8045098: 134500616 -85746157 139546112 2048
0x80450a8: 134500576 134500560 -85321271 -85321283
0x80450b8: 134500544 1024 0 0
0x80450c8: 0 0 37 64
The math library wrapper supplied with silc-toolkit does not check the format of arguments it passes to libmp hence the crash.
How to repeat:
Compile libsilcgaim.so and other silc libs from silc-toolkit and install them into /usr/lib/gaim/ resp. /usr/lib/
Remote Environment:
N/A
Fix:
- use another libmp library
- silc-toolkit should be more careful what it compiles against
More information about the silc-devel
mailing list