Infinite recursion in MUC chat state notifications
@wjt
Submitted by Will Thompson Link to original bug (#647891)
Description
Today my empathy-chat hung when I'd just finished typing a message. Attaching gdb revealed that it had gone into infinite (mutual) recursion. Here's the bottom of the backtrace:
#22292 0x000000000043d0fd in contact_list_store_add_contact (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1104
priv = 0x9d7f40
iter = {stamp = 19763856, user_data = 0x9d7eb0, user_data2 = 0x9d7eb0, user_data3 = 0x12d9290}
groups = 0x0
l = <value optimized out>
connection = <value optimized out>
flags = 0
protocol_name = 0x1378a20 "GLib-GObject"
#22293 0x000000000043ca8e in contact_list_store_contact_update (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1210
priv = 0x9d7f40
model = 0x9d7eb0
iters = 0x0
l = <value optimized out>
in_list = 0
should_be_in_list = <value optimized out>
was_online = 1
now_online = 1
set_model = 0
do_remove = 0
do_set_active = 0
do_set_refresh = 0
show_avatar = 0
pixbuf_avatar = <value optimized out>
pixbuf_status = <value optimized out>
__PRETTY_FUNCTION__ = "contact_list_store_contact_update"
#22294 0x000000000043d0fd in contact_list_store_add_contact (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1104
priv = 0x9d7f40
iter = {stamp = 19763856, user_data = 0x9d7eb0, user_data2 = 0x9d7eb0, user_data3 = 0x12d9290}
groups = 0x0
l = <value optimized out>
connection = <value optimized out>
flags = 0
protocol_name = 0x1989f50 "GLib-GObject"
#22295 0x000000000043ca8e in contact_list_store_contact_update (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1210
priv = 0x9d7f40
model = 0x9d7eb0
iters = 0x0
l = <value optimized out>
in_list = 0
should_be_in_list = <value optimized out>
was_online = 1
now_online = 1
set_model = 0
do_remove = 0
do_set_active = 0
do_set_refresh = 0
show_avatar = 0
pixbuf_avatar = <value optimized out>
pixbuf_status = <value optimized out>
__PRETTY_FUNCTION__ = "contact_list_store_contact_update"
#22296 0x000000000043d0fd in contact_list_store_add_contact (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1104
priv = 0x9d7f40
iter = {stamp = 19763856, user_data = 0x9d7eb0, user_data2 = 0x9d7eb0, user_data3 = 0xa6d570}
groups = 0x0
l = <value optimized out>
connection = <value optimized out>
flags = 0
protocol_name = 0x139f1a0 "GLib-GObject"
#22297 0x000000000043ca8e in contact_list_store_contact_update (store=0x9d7eb0, contact=0x12d9290) at empathy-contact-list-store.c:1210
priv = 0x9d7f40
model = 0x9d7eb0
iters = 0x0
l = <value optimized out>
in_list = 0
should_be_in_list = <value optimized out>
was_online = 1
now_online = 1
set_model = 0
do_remove = 0
do_set_active = 0
do_set_refresh = 0
show_avatar = 0
pixbuf_avatar = <value optimized out>
pixbuf_status = <value optimized out>
__PRETTY_FUNCTION__ = "contact_list_store_contact_update"
#22298 0x000000000043dcce in contact_list_store_chat_state_changed_cb (self=<value optimized out>, contact_handle=184, state=<value optimized out>, store=0x9d7eb0) at empathy-contact-list-store.c:206
priv = <value optimized out>
contacts = 0x1351480
l = 0x1351480
#22299 0x00007fc86b948e7e in g_closure_invoke (closure=0xb816f0, return_value=0x0, n_param_values=3, param_values=0x7fc85c46a230, invocation_hint=0x7fff7795bcc0) at /tmp/buildd/glib2.0-2.28.4/./gobject/gclosure.c:767
marshal = <value optimized out>
marshal_data = <value optimized out>
in_marshal = <value optimized out>
__PRETTY_FUNCTION__ = "g_closure_invoke"
#22300 0x00007fc86b95a8d7 in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0x7fc85c5ae3f0, emission_return=0x0, instance_and_params=0x7fc85c46a230) at /tmp/buildd/glib2.0-2.28.4/./gobject/gsignal.c:3252
tmp = <value optimized out>
handler = 0x7fc84c351230
accumulator = 0x0
emission = {next = 0x0, instance = 0x7fc85c5ae3f0, ihint = {signal_id = 185, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = 0x0
handler_list = 0x7fc84c351230
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 185
max_sequential_handler_number = 151304
return_value_altered = 0
#22301 0x00007fc86b963d05 in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=<value optimized out>) at /tmp/buildd/glib2.0-2.28.4/./gobject/gsignal.c:2983
instance_and_params = 0x7fc85c46a230
signal_return_type = 4
param_values = 0x7fc85c46a248
node = 0xa53020
i = <value optimized out>
n_params = 2
__PRETTY_FUNCTION__ = "g_signal_emit_valist"
#22302 0x00007fc86b963ed3 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>) at /tmp/buildd/glib2.0-2.28.4/./gobject/gsignal.c:3040
var_args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff7795bfb0, reg_save_area = 0x7fff7795bef0}}
#22303 0x00007fc872a35ab2 in _tp_cli_channel_interface_chat_state_invoke_callback_for_chat_state_changed (tpproxy=0x7fc85c5ae3f0, error=<value optimized out>, args=0x7fc84c1dcce0, generic_callback=0x7fc872a51220 <tp_channel_chat_state_changed_cb>, user_data=0x0, weak_object=<value optimized out>) at _gen/tp-cli-channel-body.h:1252
callback = 0x7fc872a51220 <tp_channel_chat_state_changed_cb>
Examination of 'args' in frame 22303 (_tp_cli_channel_interface_chat_state_invoke_callback_for_chat_state_changed) revealed that the new chat state (which is optimized out in contact_list_store_chat_state_changed_cb()) is 4, namely Active; inspection of the channel revealed that handle 184 is my self-handle in this (XMPP) MUC.
protocol_name is different in every contact_list_store_add_contact() frame; this is because it has been freed. iter.user_data3 is different between the first two contact_list_store_add_contact() frames, but repeats in every subsequent frame.
I'm going to try to debug this while I have it open in gdb…