| Summary: | khtml malformed html crash | ||
|---|---|---|---|
| Product: | [Unmaintained] kio | Reporter: | Josh Bressers <bressers> |
| Component: | general | Assignee: | David Faure <faure> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | security |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Fedora RPMs | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
Josh Bressers
2006-10-11 15:39:29 UTC
(CC'ing security@ due to the posting, though I don't consider this to be worth such attention...)
KIO gets confused when passed a URL file://""
#2 0xb6791851 in abort () from /lib/i686/libc.so.6
#3 0xb75a5f9a in kDebugBackend (nLevel=3, nArea=7006,
data=0x842be40 "FATAL: BUG! _ScheduleJob(): No extraJobData for job!\n")
at /code/KDE/kde3/kdelibs/kdecore/kdebug.cpp:313
#4 0xb75a63c8 in kdbgstream::flush (this=0xbfdec024) at /code/KDE/kde3/kdelibs/kdecore/kdebug.cpp:336
#5 0xb7f46905 in endl () from /opt/kde3.4/lib/libkdeinit_konqueror.so
#6 0xb7e50f87 in kdbgstream::operator<< (this=0xbfdec024, f=0xb7f46860 <endl(kdbgstream&)>)
at /code/KDE/kde3/kdelibs/kdecore/kdebug.h:260
#7 0xb7bb101a in KIO::Scheduler::_scheduleJob (this=0xbfdebfd8, job=0x842ae00)
at /code/KDE/kde3/kdelibs/kio/kio/scheduler.cpp:223
#8 0xb7bd2856 in KIO::Scheduler::scheduleJob (job=0x842ae00) at /code/KDE/kde3/kdelibs/kio/kio/scheduler.h:139
#9 0xb6175de7 in khtml::Loader::servePendingRequests (this=0x82cc8c8) at /code/KDE/kde3/kdelibs/khtml/misc/loader.cpp:1149
#10 0xb617703b in khtml::Loader::qt_invoke (this=0x82cc8c8, _id=4, _o=0xbfdec1e0) at ../khtml/misc/loader.moc:262
#11 0xb706b5e7 in QObject::activate_signal (this=0x82cc930, clist=0x82cced8, o=0xbfdec1e0) at kernel/qobject.cpp:2392
#12 0xb706bb8c in QObject::activate_signal (this=0x82cc930, signal=2) at kernel/qobject.cpp:2361
#13 0xb72daf2f in QTimer::timeout () at ../include/qrect.h:248
#14 0xb70858fd in QTimer::event () at ../include/qstring.h:252
#15 0xb702b4bc in QApplication::internalNotify (this=0x0, receiver=0x82cc930, e=0xbfdec428) at kernel/qapplication.cpp:2635
#16 0xb702ba04 in QApplication::notify (this=0xbfdec6ec, receiver=0x82cc930, e=0xbfdec428) at kernel/qapplication.cpp:2523
#17 0xb759e529 in KApplication::notify (this=0xbfdec6ec, receiver=0x82cc930, event=0xbfdec428)
at /code/KDE/kde3/kdelibs/kdecore/kapplication.cpp:550
#18 0xb701eceb in QEventLoop::activateTimers () at ../include/qrect.h:251
#19 0xb6fef996 in QEventLoop::processEvents (this=0x8084ed8, flags=4) at kernel/qeventloop_x11.cpp:389
#20 0xb7038590 in QEventLoop::enterLoop () at ../include/qshared.h:48
#21 0xb70384f5 in QEventLoop::exec () at ../include/qshared.h:48
#22 0xb70272e4 in QApplication::exec (this=0xbfdec6ec) at kernel/qapplication.cpp:2758
#23 0xb7f44e55 in kdemain () from /opt/kde3.4/lib/libkdeinit_konqueror.so
#24 0xb677d75c in __libc_start_main () from /lib/i686/libc.so.6
#25 0x08048641 in _start ()
SVN commit 594522 by dfaure:
Don't crash when creating a job for an invalid URL and then calling Scheduler::scheduleJob(job),
which aborts if Scheduler::doJob wasn't called. So let's call doJob in all cases, even if we know
right away that this is an error case.
BUG: 135456
M +9 -9 job.cpp
--- branches/KDE/3.5/kdelibs/kio/kio/job.cpp #594521:594522
@@ -410,15 +410,6 @@
: Job(showProgressInfo), m_slave(0), m_packedArgs(packedArgs),
m_url(url), m_command(command), m_totalSize(0)
{
- if (!m_url.isValid())
- {
- m_error = ERR_MALFORMED_URL;
- m_errorText = m_url.url();
- QTimer::singleShot(0, this, SLOT(slotFinished()) );
- return;
- }
-
-
if (m_url.hasSubURL())
{
KURL::List list = KURL::split(m_url);
@@ -430,6 +421,15 @@
}
Scheduler::doJob(this);
+
+ if (!m_url.isValid())
+ {
+ kdDebug() << "ERR_MALFORMED_URL" << endl;
+ m_error = ERR_MALFORMED_URL;
+ m_errorText = m_url.url();
+ QTimer::singleShot(0, this, SLOT(slotFinished()) );
+ return;
+ }
}
void SimpleJob::kill( bool quietly )
|