Bug 130104 - HTML page is not displayed
Summary: HTML page is not displayed
Status: RESOLVED FIXED
Alias: None
Product: kio
Classification: Unmaintained
Component: http (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-01 15:20 UTC by kam
Modified: 2007-07-19 00:50 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description kam 2006-07-01 15:20:21 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    Gentoo Packages
Compiler:          i686-pc-linux-gnu-gcc (GCC) 4.1.1 (Gentoo 4.1.1) 
OS:                Linux

Page:
http://www.maxior.pl
is not able to display. Connection is always canceled before page show with error:

An error occurred while loading http://www.maxior.pl:
The process for the http://www.maxior.pl protocol died unexpectedly.
Comment 1 Maksim Orlovich 2006-07-01 15:28:15 UTC 
eeek, gonna need to vg the slave:
kio_http: (6878) --empty--
*** glibc detected *** free(): invalid pointer: 0xbfaef450 ***
kioslave: ####### CRASH ###### protocol = http pid = 6878 signal = 6
/opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase15sigsegv_handlerEi+0x83)[0xb7e004a3]
[0xffffe420]
/lib/tls/libc.so.6(abort+0xeb)[0xb6acf82b]
/lib/tls/libc.so.6[0xb6b048ea]
/lib/tls/libc.so.6[0xb6b0aef7]
/lib/tls/libc.so.6(__libc_free+0x82)[0xb6b0b392]
/opt/kde3.4/lib/libqt-mt.so.3(_ZN7QGArray6resizeEjNS_12OptimizationE+0x39)[0xb750e85f]
/opt/kde3.4/lib/libqt-mt.so.3(_ZN7QGArray6resizeEj+0x1c)[0xb750e8d0]
/opt/kde3.4/lib/libkio.so.4(_ZN9QMemArrayIcE6resizeEj+0x20)[0xb7dced10]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol8slotDataERK9QMemArrayIcE+0x4a3)[0xb684e8e3]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol9qt_invokeEiP8QUObject+0x60)[0xb6851610]
/opt/kde3.4/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x8d)[0xb73095e7]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase6outputERK9QMemArrayIcE+0x8d)[0xb686872d]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase7qt_emitEiP8QUObject+0x60)[0xb6868990]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN15HTTPFilterChain7qt_emitEiP8QUObject+0x23)[0xb6868b53]
/opt/kde3.4/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x81)[0xb73095db]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase6outputERK9QMemArrayIcE+0x8d)[0xb686872d]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterGZip9slotInputERK9QMemArrayIcE+0x39b)[0xb686957b]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN15HTTPFilterChain9slotInputERK9QMemArrayIcE+0x27)[0xb68687b7]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol8readBodyEb+0x925)[0xb6854e35]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol15retrieveContentEb+0xa8)[0xb685fd88]
/opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol3getERK4KURL+0x1df)[0xb6860f4f]
/opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase8dispatchEiRK9QMemArrayIcE+0x32b)[0xb7e02eab]
/opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase12dispatchLoopEv+0x253)[0xb7e01ba3]
/opt/kde3.4/lib/kde3/kio_http.so(kdemain+0x106)[0xb6850f76]
Comment 2 Maksim Orlovich 2006-07-01 15:34:25 UTC 
==7095== Invalid free() / delete / delete[]
==7095==    at 0x401BF57: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==7095==    by 0x4D7A85E: QGArray::resize(unsigned, QGArray::Optimization) (in /opt/kde3.4/lib/libqt-mt.so.3.3.4)
==7095==    by 0x4D7A8CF: QGArray::resize(unsigned) (in /opt/kde3.4/lib/libqt-mt.so.3.3.4)
==7095==    by 0x4187D0F: QMemArray<char>::resize(unsigned) (qmemarray.h:70)
==7095==    by 0x56AA8E2: HTTPProtocol::slotData(QMemArray<char> const&) (http.cc:4263)
==7095==    by 0x56AD60F: HTTPProtocol::qt_invoke(int, QUObject*) (http.moc:93)
==7095==    by 0x4B755E6: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2392)
==7095==    by 0x56C472C: HTTPFilterBase::output(QMemArray<char> const&) (httpfilter.moc:108)
==7095==    by 0x56C498F: HTTPFilterBase::qt_emit(int, QUObject*) (httpfilter.moc:138)
==7095==    by 0x56C4B52: HTTPFilterChain::qt_emit(int, QUObject*) (httpfilter.moc:228)
==7095==    by 0x4B755DA: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2390)
==7095==    by 0x56C472C: HTTPFilterBase::output(QMemArray<char> const&) (httpfilter.moc:108)
==7095==  Address 0xBE84C280 is on thread 1's stack
Comment 3 kam 2006-07-01 15:39:37 UTC 
This is bt?
Do you know what is wrong? On the same machine with newest opera that page is shows properly. So i think it is konqs fault.
Comment 4 Maksim Orlovich 2006-07-01 15:46:28 UTC 
This isn't safe when the code is doing non-mimetype recovery from broken servers (httpfilter.cc, lines 342-344, http.cc:4263..
        d.setRawData( buf, bytesOut );
        emit output(d);
        d.resetRawData( buf, bytesOut );
QGVector has docs saying that calling ops like resize after setRawData is unsafe. Ugly. Will leave this to someone responsible for this code to fix :-)
Comment 5 Dawit Alemayehu 2007-07-19 00:50:54 UTC 
SVN commit 689709 by adawit:

- Fix crash described by BUG# 130104. 

BUG:130104


 M  +3 -0      http.cc  


--- branches/KDE/3.5/kdelibs/kioslave/http/http.cc #689708:689709
@@ -4269,6 +4269,9 @@
 
         if ( m_cpMimeBuffer )
         {
+          // Do not make any assumption about the state of the QByteArray we received.
+          // Fix the crash described by BR# 130104.
+          d.detach();
           d.resize(0);
           d.resize(m_mimeTypeBuffer.size());
           memcpy( d.data(), m_mimeTypeBuffer.data(),