Irssi core bugs

Notice: Undefined index: tasklist_type in /var/www/bugs.irssi.org/includes/class.tpl.php(128) : eval()'d code on line 85 Notice: Undefined index: tasklist_type in /var/www/bugs.irssi.org/includes/class.tpl.php(128) : eval()'d code on line 90
  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category core
  • Assigned To No-one
  • Operating System Linux
  • Severity High
  • Priority Normal
  • Reported Version Irssi SVN
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 0
  • Private No
Attached to Project: Irssi core bugs
Opened by Georg Lukas (Ge0rG) - 2008-07-07

FS#602 - irssi svn 4864 segfaults on /connect when perl support is enabled

When compiled with perl support, irssi segfaults on the first connect with the backtrace quoted below. Compiled on Debian/etch x86, gcc 4.0.3-3 (Debian), Perl v5.8.8.

The variable server->userhost seems to be corrupted.

There is already a core dump in the ticket system <http://bugs.irssi.org/index.php?getfile=162> but I can not find its reference bug.

(gdb) bt
#0 0xb7a9ee3b in strlen () from /lib/tls/libc.so.6
#1 0xb7799549 in perl_irc_server_fill_hash (hv=0x8400dd8, server=0x840a480) at Irc.xs:17
#2 0x080f3e1a in irssi_bless_iobject (type=691, chat_type=67, object=0x840a480) at perl-common.c:138
#3 0xb77af4ff in perl_window_fill_hash (hv=0x84011e0, window=0x81d2dc8) at UI.xs:37
#4 0x080f3ef2 in irssi_bless_plain (stash=0xb77b882c "Irssi::UI::Window", object=0x81d2dc8) at perl-common.c:152
#5 0xb77afa83 in perl_text_dest_fill_hash (hv=0x84012c4, dest=0xbfe53818) at UI.xs:57
#6 0x080f3ef2 in irssi_bless_plain (stash=0x8117566 "Irssi::UI::TextDest", object=0xbfe53818) at perl-common.c:152
#7 0x080f91a7 in perl_call_signal (script=0x8334bd0, func=0x832cf74, signal_id=298, args=0xbfe535b4) at perl-signals.c:152
#8 0x080f98d7 in sig_func (p1=0xbfe53818, p2=0x840be88, p3=0x840bee0, p4=0x0, p5=0x0, p6=0x0) at perl-signals.c:221
#9 0x080ea30d in signal_emit_real (rec=0x815a110, params=3,
va=0xbfe536a4 "��\026\b�7�\200m\027\b03\025\b\210�@\b03\025\b\210�@\b��@\b�@\b�7�\203�\t\b\0308�8�@\b\0308�j",
first_hook=0x8165420) at signals.c:242
#10 0x080ea588 in signal_emit_id (signal_id=298, params=3) at signals.c:304
#11 0x0809ea3f in print_line (dest=0xbfe53818, text=0x840ce38 "I have 740 clients and 1 servers") at printtext.c:175
#12 0x0809e683 in printformat_module_dest_args (module=0x8101c33 "fe-common/irc", dest=0xbfe53818, formatnum=106,
va=0xbfe53884 "\200�?\b\220�@\b\236�?\b�8�\221ί�`P\026\b\003") at printtext.c:73
#13 0x0809e70c in printformat_module_args (module=0x8101c33 "fe-common/irc", server=0x840a480, target=0x0, level=1, formatnum=106,
va=0xbfe53884 "\200�?\b\220�@\b\236�?\b�8�\221ί�`P\026\b\003") at printtext.c:94
#14 0x0809e748 in printformat_module (module=0x8101c33 "fe-common/irc", server=0x840a480, target=0x0, level=1, formatnum=106)
at printtext.c:103
#15 0x0807c0bc in print_event_received (server=0x840a480, data=0x83ec224 "Ge0rG_ :I have 740 clients and 1 servers",
nick=0x83fee80 "irc.ham.de.euirc.net", target_param=0) at fe-events-numeric.c:576
#16 0x0807bf17 in event_numeric (server=0x840a480, data=0x83ec223 " Ge0rG_ :I have 740 clients and 1 servers",
nick=0x83fee80 "irc.ham.de.euirc.net") at fe-events-numeric.c:538
#17 0x080ea30d in signal_emit_real (rec=0x816a408, params=4, va=0xbfe539b8 "8:�\r�\016\b\200�@\b �>\b\200�?\b",
first_hook=0x816a348) at signals.c:242
#18 0x080ea4c8 in signal_emit (signal=0x8101ace "default event numeric", params=4) at signals.c:286
#19 0x08079e89 in event_received (server=0x840a480, data=0x83ec220 "255 Ge0rG_ :I have 740 clients and 1 servers",
nick=0x83fee80 "irc.ham.de.euirc.net", addr=0x0) at fe-events.c:410
#20 0x080ea30d in signal_emit_real (rec=0x81698d8, params=4,
va=0xbfe53a88 "�$����?\b�:�շ��\200�?\b\230�?\b\230�?\b��?\b\210�@\b �>\b\200�?\b\031\217@\b8;�\r�\016\b\200�@\b.\217@\b\031\217@\b", first_hook=0x81698f8) at signals.c:242
#21 0x080ea588 in signal_emit_id (signal_id=209, params=4) at signals.c:304
#22 0x080ab709 in irc_server_event (server=0x840a480, line=0x8408f2e "255 Ge0rG_ :I have 740 clients and 1 servers",
nick=0x8408f19 "irc.ham.de.euirc.net", address=0x0) at irc.c:319
#23 0x080ea30d in signal_emit_real (rec=0x81470c8, params=4, va=0xbfe53b88 " !@! ", first_hook=0x814dae8) at signals.c:242
#24 0x080ea588 in signal_emit_id (signal_id=96, params=4) at signals.c:304
#25 0x080ab8cb in irc_parse_incoming_line (server=0x840a480, line=0x8408f2e "255 Ge0rG_ :I have 740 clients and 1 servers")
at irc.c:375
#26 0x080ea30d in signal_emit_real (rec=0x814dbe0, params=2, va=0xbfe53c60 "�\001۷�X\022\b\210<�\030\217@\b\t",
first_hook=0x814dc80) at signals.c:242
#27 0x080ea588 in signal_emit_id (signal_id=208, params=2) at signals.c:304
#28 0x080ab947 in irc_parse_incoming (server=0x840a480) at irc.c:395
#29 0x080da501 in irssi_io_invoke (source=0x840d430, condition=G_IO_IN, data=0x840c3a0) at misc.c:54
#30 0xb7d73c7f in g_io_channel_unix_get_fd () from /usr/lib/libglib-2.0.so.0
#31 0xb7d4a731 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#32 0xb7d4d7a6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#33 0xb7d4dd27 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#34 0x08072962 in main (argc=2, argv=0xbfe53e54) at irssi.c:359
(gdb) frame 1
#1 0xb7799549 in perl_irc_server_fill_hash (hv=0x8400dd8, server=0x840a480) at Irc.xs:17
17 hv_store(hv, "userhost", 8, new_pv(server->userhost), 0);
(gdb) print server->userhost
$2 = 0xb3e <Address 0xb3e out of bounds>

This task does not depend on any other tasks.

Georg Lukas (Ge0rG)
Thursday, 17 July 2008, 19:34 GMT
Further investigation (thanks jilles!) narrowed the problem down to bitlbee_typing_notice.pl which causes this behaviour when it is loaded (I've upgraded to 1.6.1, which still has that problem).

I'm still reading the script to see where it could potentially cause the crash.
Jilles Tjoelker (jilles)
Friday, 27 February 2009, 14:40 GMT
Does this still happen with recent svn? (changes: fixes to perl initialization, stricter perl signals)
Georg Lukas (Ge0rG)
Saturday, 28 February 2009, 17:56 GMT
Yes, the problem still occurs with r5023. However, it is not limited to the bitlbee_typing_notice, it also occurs with other scripts.

When at least one of bitlbee_{typing_notice,tab_completion,join_notice} is loaded, irssi crashes. Non-bitlbee scripts seems to crash too.

However, with only title.pl loaded, it crashes not on /connect but on window change or /disconnect with a very similiar backtrace.
Jochen Eisinger (c0ffee)
Friday, 12 June 2009, 08:14 GMT
I have a similar problem here, and a longer gdb session revealed that the problem are perl modules not matching the irssi binary:

Within irssi (in perl-common.c) the fill functions are stored in a hash for the iobjects (like Irc::Server). However, in Irc.xs, those hashes are also populated with the C function pointers to the fill functions. If now the compiled Irc.xs (that is Irc.so) does not match the binary, the function pointers are foo and when irssi tries to bless & fill the iobject you get random segfaults.
Jochen Eisinger (c0ffee)
Friday, 12 June 2009, 08:25 GMT
maybe I should add that a common reason for this are old perl modules with prefix /usr and the freshly compiled ones in prefix /usr/local... still irssi will pick what comes first in path and that's usually /usr
Jochen Eisinger (c0ffee)
Sunday, 14 June 2009, 05:25 GMT
Actually, the function pointer set in Irc.xs is correct. The point is that the IRC_SERVER_REC changed (jilles added a field at the top of the structure, so all fields have new offsets). So the (old) Irc.so accesses invalid fields. Maybe we should add some internal API version which is updated when signals or data structures change...

Loading...