Summary: | HTML page is not displayed | ||
---|---|---|---|
Product: | [Frameworks and Libraries] kio | Reporter: | kam <crs> |
Component: | http | Assignee: | Unassigned bugs mailing-list <unassigned-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
kam
2006-07-01 15:20:21 UTC
eeek, gonna need to vg the slave: kio_http: (6878) --empty-- *** glibc detected *** free(): invalid pointer: 0xbfaef450 *** kioslave: ####### CRASH ###### protocol = http pid = 6878 signal = 6 /opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase15sigsegv_handlerEi+0x83)[0xb7e004a3] [0xffffe420] /lib/tls/libc.so.6(abort+0xeb)[0xb6acf82b] /lib/tls/libc.so.6[0xb6b048ea] /lib/tls/libc.so.6[0xb6b0aef7] /lib/tls/libc.so.6(__libc_free+0x82)[0xb6b0b392] /opt/kde3.4/lib/libqt-mt.so.3(_ZN7QGArray6resizeEjNS_12OptimizationE+0x39)[0xb750e85f] /opt/kde3.4/lib/libqt-mt.so.3(_ZN7QGArray6resizeEj+0x1c)[0xb750e8d0] /opt/kde3.4/lib/libkio.so.4(_ZN9QMemArrayIcE6resizeEj+0x20)[0xb7dced10] /opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol8slotDataERK9QMemArrayIcE+0x4a3)[0xb684e8e3] /opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol9qt_invokeEiP8QUObject+0x60)[0xb6851610] /opt/kde3.4/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x8d)[0xb73095e7] /opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase6outputERK9QMemArrayIcE+0x8d)[0xb686872d] /opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase7qt_emitEiP8QUObject+0x60)[0xb6868990] /opt/kde3.4/lib/kde3/kio_http.so(_ZN15HTTPFilterChain7qt_emitEiP8QUObject+0x23)[0xb6868b53] /opt/kde3.4/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x81)[0xb73095db] /opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterBase6outputERK9QMemArrayIcE+0x8d)[0xb686872d] /opt/kde3.4/lib/kde3/kio_http.so(_ZN14HTTPFilterGZip9slotInputERK9QMemArrayIcE+0x39b)[0xb686957b] /opt/kde3.4/lib/kde3/kio_http.so(_ZN15HTTPFilterChain9slotInputERK9QMemArrayIcE+0x27)[0xb68687b7] /opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol8readBodyEb+0x925)[0xb6854e35] /opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol15retrieveContentEb+0xa8)[0xb685fd88] /opt/kde3.4/lib/kde3/kio_http.so(_ZN12HTTPProtocol3getERK4KURL+0x1df)[0xb6860f4f] /opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase8dispatchEiRK9QMemArrayIcE+0x32b)[0xb7e02eab] /opt/kde3.4/lib/libkio.so.4(_ZN3KIO9SlaveBase12dispatchLoopEv+0x253)[0xb7e01ba3] /opt/kde3.4/lib/kde3/kio_http.so(kdemain+0x106)[0xb6850f76] ==7095== Invalid free() / delete / delete[] ==7095== at 0x401BF57: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==7095== by 0x4D7A85E: QGArray::resize(unsigned, QGArray::Optimization) (in /opt/kde3.4/lib/libqt-mt.so.3.3.4) ==7095== by 0x4D7A8CF: QGArray::resize(unsigned) (in /opt/kde3.4/lib/libqt-mt.so.3.3.4) ==7095== by 0x4187D0F: QMemArray<char>::resize(unsigned) (qmemarray.h:70) ==7095== by 0x56AA8E2: HTTPProtocol::slotData(QMemArray<char> const&) (http.cc:4263) ==7095== by 0x56AD60F: HTTPProtocol::qt_invoke(int, QUObject*) (http.moc:93) ==7095== by 0x4B755E6: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2392) ==7095== by 0x56C472C: HTTPFilterBase::output(QMemArray<char> const&) (httpfilter.moc:108) ==7095== by 0x56C498F: HTTPFilterBase::qt_emit(int, QUObject*) (httpfilter.moc:138) ==7095== by 0x56C4B52: HTTPFilterChain::qt_emit(int, QUObject*) (httpfilter.moc:228) ==7095== by 0x4B755DA: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2390) ==7095== by 0x56C472C: HTTPFilterBase::output(QMemArray<char> const&) (httpfilter.moc:108) ==7095== Address 0xBE84C280 is on thread 1's stack This is bt? Do you know what is wrong? On the same machine with newest opera that page is shows properly. So i think it is konqs fault. This isn't safe when the code is doing non-mimetype recovery from broken servers (httpfilter.cc, lines 342-344, http.cc:4263.. d.setRawData( buf, bytesOut ); emit output(d); d.resetRawData( buf, bytesOut ); QGVector has docs saying that calling ops like resize after setRawData is unsafe. Ugly. Will leave this to someone responsible for this code to fix :-) SVN commit 689709 by adawit: - Fix crash described by BUG# 130104. BUG:130104 M +3 -0 http.cc --- branches/KDE/3.5/kdelibs/kioslave/http/http.cc #689708:689709 @@ -4269,6 +4269,9 @@ if ( m_cpMimeBuffer ) { + // Do not make any assumption about the state of the QByteArray we received. + // Fix the crash described by BR# 130104. + d.detach(); d.resize(0); d.resize(m_mimeTypeBuffer.size()); memcpy( d.data(), m_mimeTypeBuffer.data(), |