pidgin crashed with SIGSEGV

StacktraceTop:populate_menu_with_options (menu=0x28b3b80, gtkconv=0x4043c90, all=0)

A bit tongue in cheek but I'll follow the procedure (works for me, the stack trace doesn't show in detail what has occurred):

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we can't fix it because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem.
We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures.
At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,
2. the behavior you expected, and
3. the behavior you actually encountered (in as much detail as possible).
Thanks!

Particularly:
- Does this occur all the time?
- What accounts were you logged into at the time?

Fair Enough.

Specific steps:
1. Start Pidgin from Applications -> Internet. Buddy Window appears.
2. Have IRC Channels in the Buddy Window
3. Open one of the IRC Channels
4. Close the Buddy Window
Result: Chat Window and Buddy Window Close
Expected: The Buddy Window closes, but chat windows stay open

Logged into irc.ubuntu.com and irc.canonical.com

This repros on my UNR install as well.

It appears to be no longer crashing. What I am seeing is:

1. Set up some irc channels to auto log on when a connection is established, then close Pidgin
2. Choose Applications->Internet->Pidgin. The buddy window opens, then the irc channel window opens.
3. Close the buddy window. Both windows close.
4. Choose Applications->Internet->Pidgin. The buddy window opens, then the irc channel window opens.
5. Click on the channel window, it comes to the front.
6. Click on the buddy window, it comes to the front.
7. Close the buddy window, only the buddy window closes.

got that error under valgrind

"==17303== Invalid read of size 1
==17303== at 0x497EC46: _IO_default_xsputn (in /lib/tls/i686/cmov/libc-2.9.so)
==17303== by 0x4953F64: vfprintf (in /lib/tls/i686/cmov/libc-2.9.so)
==17303== by 0x4A0E959: __vasprintf_chk (in /lib/tls/i686/cmov/libc-2.9.so)
==17303== by 0x47D380E: g_vasprintf (stdio2.h:199)
==17303== by 0x47C04F1: g_string_append_vprintf (gstring.c:1375)
==17303== by 0x47C058E: g_string_append_printf (gstring.c:1479)
==17303== by 0x739AB07: irc_buddy_append (irc.c:214)
==17303== by 0x478E24B: g_hash_table_foreach (ghash.c:1210)
==17303== by 0x739B3B1: irc_blist_timeout (irc.c:193)
==17303== by 0x479D185: g_timeout_dispatch (gmain.c:3253)
==17303== by 0x479CA57: g_main_context_dispatch (gmain.c:1814)
==17303== by 0x479FFBA: g_main_context_iterate (gmain.c:2448)
==17303== Address 0x8b217fc is 12 bytes inside a block of size 16 free'd
==17303== at 0x4025DFA: free (vg_replace_malloc.c:323)
==17303== by 0x47A4FF5: g_free (gmem.c:190)
==17303== by 0x7399473: irc_buddy_free (irc.c:772)
==17303== by 0x478E8BA: g_hash_table_insert_internal (ghash.c:882)
==17303== by 0x739AEF0: irc_add_buddy (irc.c:568)
==17303== by 0x4844092: purple_account_add_buddy (account.c:2249)
==17303== by 0x807A17D: add_buddy_cb (gtkblist.c:6529)
==17303== by 0x473D0EB: g_cclosure_marshal_VOID(intXX_t) (gmarshal.c:216)
==17303== by 0x472FC7A: g_closure_invoke (gclosure.c:767)
==17303== by 0x4745E0E: signal_emit_unlocked_R (gsignal.c:3244)
==17303== by 0x4747488: g_signal_emit_valist (gsignal.c:2977)
==17303== by 0x4747905: g_signal_emit (gsignal.c:3034)"

other valgrind error

==18063== Conditional jump or move depends on uninitialised value(s)
==18063== at 0x47CE573: g_ucs4_to_utf8 (gutf8.c:1035)
==18063== by 0x47D03EE: g_utf8_normalize (gunidecomp.c:528)
==18063== by 0x4899C3B: purple_normalize_nocase (util.c:3103)
==18063== by 0x4899D14: purple_normalize (util.c:3071)
==18063== by 0x484AC88: purple_find_buddy (blist.c:2126)
==18063== by 0x739BD09: irc_buddy_status (msgs.c:775)
==18063== by 0x478E24B: g_hash_table_foreach (ghash.c:1210)
==18063== by 0x739D90D: irc_msg_ison (msgs.c:768)
==18063== by 0x739FD11: irc_parse_msg (parse.c:723)
==18063== by 0x739A102: read_input (irc.c:603)
==18063== by 0x80A8E92: pidgin_io_invoke (gtkeventloop.c:78)
==18063== by 0x47D3C4C: g_io_unix_dispatch (giounix.c:162)
==18063==
==18063== Conditional jump or move depends on uninitialised value(s)
==18063== at 0x47CD21A: g_unichar_to_utf8 (gutf8.c:589)
==18063== by 0x47CE534: g_ucs4_to_utf8 (gutf8.c:1050)
==18063== by 0x47D03EE: g_utf8_normalize (gunidecomp.c:528)
==18063== by 0x4899C3B: purple_normalize_nocase (util.c:3103)
==18063== by 0x4899D14: purple_normalize (util.c:3071)
==18063== by 0x484AC88: purple_find_buddy (blist.c:2126)
==18063== by 0x739BD09: irc_buddy_status (msgs.c:775)
==18063== by 0x478E24B: g_hash_table_foreach (ghash.c:1210)
==18063== by 0x739D90D: irc_msg_ison (msgs.c:768)
==18063== by 0x739FD11: irc_parse_msg (parse.c:723)
==18063== by 0x739A102: read_input (irc.c:603)
==18063== by 0x80A8E92: pidgin_io_invoke (gtkeventloop.c:78)
==18063==
==18063== Conditional jump or move depends on uninitialised value(s)
==18063== at 0x40276EB: strlen (mc_replace_strmem.c:242)
==18063== by 0x49546D7: vfprintf (in /lib/tls/i686/cmov/libc-2.9.so)
==18063== by 0x4A0C771: __vsnprintf_chk (in /lib/tls/i686/cmov/libc-2.9.so)
==18063== by 0x47D38EE: g_vsnprintf (stdio2.h:78)
==18063== by 0x47D3AD5: g_snprintf (gprintf.c:163)
==18063== by 0x4899C6D: purple_normalize_nocase (util.c:3104)
==18063== by 0x4899D14: purple_normalize (util.c:3071)
==18063== by 0x484AC88: purple_find_buddy (blist.c:2126)
==18063== by 0x739BD09: irc_buddy_status (msgs.c:775)
==18063== by 0x478E24B: g_hash_table_foreach (ghash.c:1210)
==18063== by 0x739D90D: irc_msg_ison (msgs.c:768)
==18063== by 0x739FD11: irc_parse_msg (parse.c:723)

the valgrind error are different issues, rick's issue is triggered in a no-notification-icon case only

upstream bug seems to be http://developer.pidgin.im/ticket/8774

bumping back to high, as the upstream bug will be less of a corner case in a fresh Jaunty install.

I've been unable to reproduce this yet. :(

I can't reproduce it, but just looking at the stack trace this seems like it might fix it.

There is a patch for 2.5.5 on the upstream ticket (which is http://developer.pidgin.im/ticket/8774 as Sebastien noted).

I wonder if these patches really fix the same bug. Cody's patch seem to have fixed it for me. What do you guys think?

Awesome, thanks!

Attaching a debdiff with the upstream patch from darkrain42

thanks to everybody who worked on the change

Ken, my patch fixes the underlying problem where Cody's patch fixes the specific null deference that causes the crash.

This bug was fixed in the package pidgin - 1:2.5.5-1ubuntu5

---------------
pidgin (1:2.5.5-1ubuntu5) jaunty; urgency=low

  * debian/patches/61_crash_on_close_349009.patch
    - Patch from darkrain42 to fix a crasher bug triggered by closing
      the buddy list with chat rooms open (LP: #349009)

pidgin (1:2.5.5-1ubuntu4) jaunty; urgency=low

  * Adding debian/patches/13_sounds_and_timers.patch which adjusts
    the time out for sounds to be 15 seconds, which helps get
    fewer spurious login notifications on slow connections. Also,
    switches a few long term timers to _add_seconds to get a little
    bit of power savings. (LP: #345494)

 -- Ken VanDine <email address hidden> Wed, 01 Apr 2009 14:43:23 -0400