Bug 340473

Summary: crash if i send a message in a otr session
Product: [Unmaintained] telepathy Reporter: dev.frandom
Component: OTRAssignee: Telepathy Bugs <kde-telepathy-bugs>
Status: RESOLVED UPSTREAM    
Severity: crash CC: dev.frandom, zieminn
Priority: NOR    
Version: unspecified   
Target Milestone: Future   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description dev.frandom 2014-10-29 18:23:50 UTC 
Chatting with KTP works like a charm, expect when it comes to OTR. Starting a OTR session works, receiving messages works, but sending messages always fails.

Reproducible: Always

Steps to Reproduce:
1. Start a OTR session, wait for its establishment
2. write a message
3. send the message

Actual Results:  
The message is discarded at the input field but not displayed at the chat window.

ktp-proxy segfaults immediately:
ktp-proxy[2162]: segfault at 0 ip 00000000004151f8 sp 00007fffafa108c8 error 4 in ktp-proxy[400000+3c000]

Expected Results:  
The message should be send encrypted to the chat partner and displayed in the chat window

I'm on Gentoo, mostly stable, exept for things i want, like ktp with otr ;).

Wrapping ktp-proxy in a gdb session got me this:
===============================================================================
Reading symbols from /usr/lib64/kde4/libexec/exe/ktp-proxy...done.
(gdb) Starting program: /usr/lib64/kde4/libexec/exe/ktp-proxy 
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
OTR::(anonymous namespace)::max_message_size (opdata=0x0, context=0x7095a0)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-manager.cpp:129
129     /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-manager.cpp: Datei oder Verzeichnis nicht gefunden.
(gdb) (gdb) Copying output to /tmp/backtrace.log.
(gdb) quit
===============================================================================
The backtrace file does not provide additional details.
Comment 1 Marcin Ziemiński 2014-10-29 19:26:54 UTC 
Unfortunately I am not able to reproduce it.
Null value at max_message_size is really alarming.  Some more information on the sequence of steps leading to this would be very helpful. I understand that ktp-text-ui doesn't crush?
What protocol were you using?
Comment 2 dev.frandom 2014-10-29 19:48:32 UTC 
Yes, ktp-text-ui does not crash at all, only ktp-proxy. The protocol i'm using is jabber, but it happens with icq also.

As i said, this happens every time i try to send a message in a otr session. In ktp-text-ui, i click on "OTR > Start Session", wait until the info "not verified OTR session started"/"private OTR session started" (doesn't matter, happens both times) pops up and then type and send a message.

I first tried to strace ktp-proxy, but i could not read the actual error from its output:
=================================================================================
read(3, 0x7fff9736f790, 16)             = -1 EAGAIN (Resource temporarily unavailable)
recvmsg(6, {msg_name(0)=NULL, msg_iov(1)=[{"l\1\0\1p\0\0\0\334\0\0\0/\1\0\0\1\1o\0p\0\0\0/org/fre"..., 2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 704
recvmsg(6, 0x7fff9736f2e0, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
write(3, "\1\0\0\0\0\0\0\0", 8)         = 8
write(3, "\1\0\0\0\0\0\0\0", 8)         = 8
write(3, "\1\0\0\0\0\0\0\0", 8)         = 8
poll([{fd=3, events=POLLIN}, {fd=6, events=POLLIN}], 2, 0) = 1 ([{fd=3, revents=POLLIN}])
getrusage(RUSAGE_SELF, {ru_utime={0, 54000}, ru_stime={0, 27000}, ...}) = 0
clock_gettime(CLOCK_PROCESS_CPUTIME_ID, {0, 81415867}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++
=================================================================================

I do not know how to provide more information how to redproduce it. If you could point me into the right direction how to debug that thing, i could provide more information. As ktp-proxy is triggerd via dbus(?) i was lucky to get that short backtrace with gdb.

Do i need to setup a development environment? I'm not a c++-Programmer, so this could use a while...
Comment 3 Marcin Ziemiński 2014-10-29 20:05:46 UTC 
Debug output would be invaluable. Just make sure ktp-proxy is not running (i.e. close ktp-text-ui) then exec it from console and try to reproduce the bug.
Comment 4 dev.frandom 2014-10-29 20:16:51 UTC 
Ah, thanks. That way it is much easier to debug. First results: a full backtrace of the crash, if that helps. I'll debug it a bit deeper tomorrow...

================================================================================
#0  OTR::(anonymous namespace)::max_message_size (opdata=0x0, context=0x70c2e0)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-manager.cpp:129
#1  0x00007ffff7bcffbd in ?? () from /usr/lib64/libotr.so.5
#2  0x00007ffff7bd0894 in otrl_message_sending () from /usr/lib64/libotr.so.5
#3  0x0000000000413fc9 in OTR::Session::encrypt (this=this@entry=0x70b3a0, message=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-session.cpp:204
#4  0x000000000040f031 in OtrProxyChannel::Adaptee::sendMessage (this=0x70b370, message=..., flags=0, context=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-proxy-channel-adaptee.cpp:252
#5  0x000000000041e12b in OtrProxyChannel::Adaptee::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized out>)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_otr-proxy-channel-adaptee.cpp:148
#6  0x00007ffff6345bca in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const ()
   from /usr/lib64/qt4/libQtCore.so.4
#7  0x00007ffff6347fba in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) ()
   from /usr/lib64/qt4/libQtCore.so.4
#8  0x0000000000426078 in invokeMethod (val9=..., val8=..., val7=..., val6=..., val5=..., val4=..., val3=..., val2=..., val1=..., val0=..., 
    member=0x43178a "sendMessage", obj=<optimized out>) at /usr/include/qt4/QtCore/qobjectdefs.h:434
#9  Tp::Service::ChannelProxyInterfaceOTRAdaptor::SendMessage (this=0x6db4d0, message=..., flags=0, dbusMessage=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/svc-channel-proxy.cpp:98
#10 0x000000000041dc23 in Tp::Service::ChannelProxyInterfaceOTRAdaptor::qt_static_metacall (_o=0x0, _o@entry=0x6db4d0, _c=7389920, 
    _c@entry=QMetaObject::InvokeMetaMethod, _id=0, _id@entry=13, _a=0x7fffffffce30)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_svc-channel-proxy.cpp:169
#11 0x000000000041efaf in Tp::Service::ChannelProxyInterfaceOTRAdaptor::qt_metacall (this=0x6db4d0, _c=QMetaObject::InvokeMetaMethod, _id=13, 
    _a=0x7fffffffce30)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_svc-channel-proxy.cpp:218
#12 0x00007ffff66c8ef6 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#13 0x00007ffff66ca028 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#14 0x00007ffff66caae3 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#15 0x00007ffff66cabbb in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#16 0x00007ffff6355c26 in QObject::event(QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#17 0x00007ffff633de5c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#18 0x00007ffff6340ec0 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib64/qt4/libQtCore.so.4
#19 0x00007ffff636adee in ?? () from /usr/lib64/qt4/libQtCore.so.4
#20 0x00007ffff122ac8b in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#21 0x00007ffff122aea8 in ?? () from /usr/lib64/libglib-2.0.so.0
#22 0x00007ffff122af4c in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#23 0x00007ffff636a5fe in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#24 0x00007ffff633cb67 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#25 0x00007ffff633ce2d in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#26 0x00007ffff6341f49 in QCoreApplication::exec() () from /usr/lib64/qt4/libQtCore.so.4
#27 0x0000000000409d98 in main (argc=1, argv=<optimized out>)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/main.cpp:92
================================================================================
Comment 5 dev.frandom 2014-10-29 20:19:26 UTC 
.... aaaand i'll rebuild the packages with debug flags enabled, sorry for that. I saw the missing code lines just after i committed the comment.
Comment 6 dev.frandom 2014-10-30 16:37:04 UTC 
As promised, a moe meaningful backtrace. There still are some symbols missing, but they probably does not matter at all? Please let me know if you need more details.

==========================================================================
#0  OTR::(anonymous namespace)::max_message_size (opdata=0x0, context=0x70c4c0)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-manager.cpp:129
#1  0x00007ffff7bcffbd in fragment_and_send (opdata=0x0, context=0x70c4c0, 
    message=0x6d7b00 "?OTR:AAIDAAAAAAEAAAABAAAAwDptke2wlaFfdJkkT9JsGoHBEIduWuYDz7UCe0zuUMI6lYSgjkQ9Knix5khv5WUdnrwwHwS2sVWZQYOVcu4avlyw5iUpg2O4ruyjE+HdLrV7zMSD7e3u8jK/XIXcqHFm5cr59DqR3UFCQFr0Ws0Yw8/tLRRUPGgMWDsnfU0l6U7Q7t7"..., fragPolicy=OTRL_FRAGMENT_SEND_ALL_BUT_LAST, 
    returnFragment=returnFragment@entry=0x7fffffffc3a0, ops=<optimized out>, ops=<optimized out>) at message.c:81
#2  0x00007ffff7bd0894 in otrl_message_sending (us=<optimized out>, ops=0x42cae0 <OTR::global::appOps>, opdata=<optimized out>, 
    accountname=<optimized out>, protocol=<optimized out>, recipient=<optimized out>, their_instag=0, original_msg=0x6e19e8 "hello world", tlvs=0x0, 
    messagep=0x7fffffffc3a0, fragPolicy=OTRL_FRAGMENT_SEND_ALL_BUT_LAST, contextp=0x7fffffffc3b0, add_appdata=0x0, data=0x0) at message.c:444
#3  0x0000000000413fc9 in OTR::Session::encrypt (this=this@entry=0x70aed0, message=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-session.cpp:204
#4  0x000000000040f031 in OtrProxyChannel::Adaptee::sendMessage (this=0x70aea0, message=..., flags=0, context=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/otr-proxy-channel-adaptee.cpp:252
#5  0x000000000041e12b in OtrProxyChannel::Adaptee::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized out>)     
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_otr-proxy-channel-adaptee.cpp:148     
#6  0x00007ffff6345bca in QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const ()                          
   from /usr/lib64/qt4/libQtCore.so.4                                                                                                                        
#7  0x00007ffff6347fba in QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) ()             
   from /usr/lib64/qt4/libQtCore.so.4                                                                                                                        
#8  0x0000000000426078 in invokeMethod (val9=..., val8=..., val7=..., val6=..., val5=..., val4=..., val3=..., val2=..., val1=..., val0=..., 
    member=0x43178a "sendMessage", obj=<optimized out>) at /usr/include/qt4/QtCore/qobjectdefs.h:434
#9  Tp::Service::ChannelProxyInterfaceOTRAdaptor::SendMessage (this=0x6fb490, message=..., flags=0, dbusMessage=...)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0/otr-proxy/KTpProxy/svc-channel-proxy.cpp:98
#10 0x000000000041dc23 in Tp::Service::ChannelProxyInterfaceOTRAdaptor::qt_static_metacall (_o=0x0, _o@entry=0x6fb490, _c=7390400, 
    _c@entry=QMetaObject::InvokeMetaMethod, _id=0, _id@entry=13, _a=0x7fffffffce30)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_svc-channel-proxy.cpp:169
#11 0x000000000041efaf in Tp::Service::ChannelProxyInterfaceOTRAdaptor::qt_metacall (this=0x6fb490, _c=QMetaObject::InvokeMetaMethod, _id=13, 
    _a=0x7fffffffce30)
    at /var/tmp/portage/net-im/ktp-common-internals-0.9.0/work/ktp-common-internals-0.9.0_build/otr-proxy/KTpProxy/moc_svc-channel-proxy.cpp:218
#12 0x00007ffff66c8ef6 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#13 0x00007ffff66ca028 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#14 0x00007ffff66caae3 in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#15 0x00007ffff66cabbb in ?? () from /usr/lib64/qt4/libQtDBus.so.4
#16 0x00007ffff6355c26 in QObject::event(QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#17 0x00007ffff633de5c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#18 0x00007ffff6340ec0 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib64/qt4/libQtCore.so.4
#19 0x00007ffff636adee in ?? () from /usr/lib64/qt4/libQtCore.so.4
#20 0x00007ffff122ac8b in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#21 0x00007ffff122aea8 in ?? () from /usr/lib64/libglib-2.0.so.0
#22 0x00007ffff122af4c in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#23 0x00007ffff636a5fe in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#24 0x00007ffff633cb67 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#25 0x00007ffff633ce2d in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#26 0x00007ffff6341f49 in QCoreApplication::exec() () from /usr/lib64/qt4/libQtCore.so.4
#27 0x0000000000409d98 in main (argc=1, argv=<optimized out>)
Comment 7 dev.frandom 2015-01-12 21:44:05 UTC 
Sorry that i lost track of this topic. I updated libotr from 4.0.0 to 4.1.0 today. Now, i do not have this issue anymore.