Crash when deleting jabber spam
Deleting some jabber spam via resulted in
==24767==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0000a96a0 at pc 0x558417e0118b bp 0x7ffebdbc3190 sp 0x7ffebdbc3188
READ of size 8 at 0x60b0000a96a0 thread T0
#0 0x558417e0118a in chatty_blist_chat_list_remove_buddy ../src/chatty-buddy-list.c:860
#1 0x558417e096a4 in view_msg_list_cmd_delete ../src/chatty-popover-actions.c:55
#2 0x7faf1d505c7c in g_closure_invoke ../../../gobject/gclosure.c:810
#3 0x7faf1d519344 in signal_emit_unlocked_R ../../../gobject/gsignal.c:3635
#4 0x7faf1d52225d in g_signal_emit_valist ../../../gobject/gsignal.c:3391
#5 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#6 0x7faf1d61f1d4 in g_simple_action_activate ../../../gio/gsimpleaction.c:225
#7 0x7faf1cde051d in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:412
#8 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#9 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#10 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#11 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#12 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#13 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#14 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#15 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#16 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#17 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#18 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#19 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#20 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#21 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#22 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:414
#23 0x7faf1cde0553 in gtk_action_muxer_activate_action ../../../../gtk/gtkactionmuxer.c:401
#24 0x7faf1ce13a42 in gtk_real_button_clicked ../../../../gtk/gtkbutton.c:1975
#25 0x7faf1d505c7c in g_closure_invoke ../../../gobject/gclosure.c:810
#26 0x7faf1d518e43 in signal_emit_unlocked_R ../../../gobject/gsignal.c:3705
#27 0x7faf1d52225d in g_signal_emit_valist ../../../gobject/gsignal.c:3391
#28 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#29 0x7faf1ce159dc in gtk_button_do_release ../../../../gtk/gtkbutton.c:1845
#30 0x7faf1ce159dc in gtk_button_do_release ../../../../gtk/gtkbutton.c:1832
#31 0x7faf1ce15a44 in gtk_real_button_released ../../../../gtk/gtkbutton.c:1963
#32 0x7faf1d505eb5 in _g_closure_invoke_va ../../../gobject/gclosure.c:873
#33 0x7faf1d52232c in g_signal_emit_valist ../../../gobject/gsignal.c:3300
#34 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#35 0x7faf1ce13f4f in multipress_released_cb ../../../../gtk/gtkbutton.c:666
#36 0x7faf1bf548ed in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x68ed)
#37 0x7faf1bf542be in ffi_call (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x62be)
#38 0x7faf1d5068f5 in g_cclosure_marshal_generic_va ../../../gobject/gclosure.c:1610
#39 0x7faf1d505eb5 in _g_closure_invoke_va ../../../gobject/gclosure.c:873
#40 0x7faf1d52232c in g_signal_emit_valist ../../../gobject/gsignal.c:3300
#41 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#42 0x7faf1ced82e3 in gtk_gesture_multi_press_end ../../../../gtk/gtkgesturemultipress.c:286
#43 0x7faf1d508cf1 in g_cclosure_marshal_VOID__BOXEDv ../../../gobject/gmarshal.c:1950
#44 0x7faf1d505eb5 in _g_closure_invoke_va ../../../gobject/gclosure.c:873
#45 0x7faf1d52232c in g_signal_emit_valist ../../../gobject/gsignal.c:3300
#46 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#47 0x7faf1ced54c1 in _gtk_gesture_set_recognized ../../../../gtk/gtkgesture.c:345
#48 0x7faf1ced54c1 in _gtk_gesture_check_recognized ../../../../gtk/gtkgesture.c:386
#49 0x7faf1ced6a8a in gtk_gesture_handle_event ../../../../gtk/gtkgesture.c:777
#50 0x7faf1ced6a8a in gtk_gesture_handle_event ../../../../gtk/gtkgesture.c:712
#51 0x7faf1ced9885 in gtk_gesture_single_handle_event ../../../../gtk/gtkgesturesingle.c:222
#52 0x7faf1cea244b in gtk_event_controller_handle_event ../../../../gtk/gtkeventcontroller.c:230
#53 0x7faf1d05c07a in _gtk_widget_run_controllers ../../../../gtk/gtkwidget.c:7379
#54 0x7faf1d0b0273 in _gtk_marshal_BOOLEAN__BOXEDv ../../../../gtk/gtkmarshalers.c:129
#55 0x7faf1d505eb5 in _g_closure_invoke_va ../../../gobject/gclosure.c:873
#56 0x7faf1d521d13 in g_signal_emit_valist ../../../gobject/gsignal.c:3300
#57 0x7faf1d52291e in g_signal_emit ../../../gobject/gsignal.c:3447
#58 0x7faf1d05e323 in gtk_widget_event_internal ../../../../gtk/gtkwidget.c:7744
#59 0x7faf1cf1e975 in propagate_event_up ../../../../gtk/gtkmain.c:2592
#60 0x7faf1cf1e975 in propagate_event ../../../../gtk/gtkmain.c:2695
#61 0x7faf1cf20a82 in gtk_main_do_event ../../../../gtk/gtkmain.c:1915
#62 0x7faf1cf20a82 in gtk_main_do_event ../../../../gtk/gtkmain.c:1685
#63 0x7faf1cc22464 in _gdk_event_emit ../../../../gdk/gdkevents.c:73
#64 0x7faf1cc7d5b1 in gdk_event_source_dispatch ../../../../../gdk/wayland/gdkeventsource.c:124
#65 0x7faf1d423f2d in g_main_dispatch ../../../glib/gmain.c:3182
#66 0x7faf1d423f2d in g_main_context_dispatch ../../../glib/gmain.c:3847
#67 0x7faf1d4241c7 in g_main_context_iterate ../../../glib/gmain.c:3920
#68 0x7faf1d42425b in g_main_context_iteration ../../../glib/gmain.c:3981
#69 0x7faf1d61699c in g_application_run ../../../gio/gapplication.c:2470
#70 0x558417dea727 in main ../src/main.c:43
#71 0x7faf1c79609a in __libc_start_main ../csu/libc-start.c:308
#72 0x558417dea359 in _start (/var/scratch/librem5/chatty/_build/src/chatty+0x1a359)
0x60b0000a96a0 is located 64 bytes inside of 112-byte region [0x60b0000a9660,0x60b0000a96d0)
freed by thread T0 here:
#0 0x7faf1d7f0fb0 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0)
#1 0x558417e0307b in chatty_blist_remove ../src/chatty-buddy-list.c:1549
#2 0x7faf1c9aeac9 in purple_blist_remove_buddy ./libpurple/blist.c:2186
previously allocated by thread T0 here:
#0 0x7faf1d7f1518 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9518)
#1 0x7faf1d429948 in g_malloc0 ../../../glib/gmem.c:129
#2 0x7faf1c9ad1a3 in purple_buddy_new ./libpurple/blist.c:1387
SUMMARY: AddressSanitizer: heap-use-after-free ../src/chatty-buddy-list.c:860 in chatty_blist_chat_list_remove_buddy
Shadow bytes around the buggy address:
0x0c168000d280: 00 00 fa fa fa fa fa fa fa fa 00 00 00 00 00 00
0x0c168000d290: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
0x0c168000d2a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x0c168000d2b0: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x0c168000d2c0: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
=>0x0c168000d2d0: fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa fa
0x0c168000d2e0: fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c168000d2f0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c168000d300: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 00 00
0x0c168000d310: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c168000d320: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==24767==ABORTINGThis is de81ee8c and chatty is built with meson -Db_sanitize=address