Bug 224868

Summary: timezone data startup qtcore
Product: [Unmaintained] kdelibs Reporter: Sergey Korolev <korolev.sergey>
Component: kdedAssignee: David Jarvie <djarvie>
Status: CLOSED FIXED    
Severity: crash CC: andresbajotierra, faure, kdelibs-bugs
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In: KDE 4.4.5
Sentry Crash Report:
Attachments: A program that emulates behavior of my buggy one.
Emulates of KTimeZoned::readZoneTab

Description Sergey Korolev 2010-01-30 14:28:56 UTC 
Application that crashed: kded4
Version of the application: $Id: kded.cpp 1031638 2009-10-05 16:59:11Z lunakl $
KDE Version: 4.3.3 (KDE 4.3.3)
Qt Version: 4.5.3
Operating System: Linux 2.6.31-gentoo-r6 x86_64

What I was doing when the application crashed:
KDE 4.3.3 crashes at startup while loading timezone data.
I think it is due to a broken timezone data files located in /usr/share/zoneinfo:
-rw-r--r--   1 root root 3484751933 Jan 30 16:05 iso3166.tab
-rw-r--r--   1 root root 2935936447 Jan 30 16:05 zone.tab
Reinstallation of these files to an initial versions solves the problem.
-rw-r--r--   1 root root  4180 Jan 30 16:21 iso3166.tab
-rw-r--r--   1 root root 18896 Jan 30 16:21 zone.tab
The files corrupted after (possibly) its opening by my external program (it only reads these).

 -- Backtrace:
Application: KDE Daemon (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#5  0x00007fabeae2e1bb in memcpy () from /lib/libc.so.6
#6  0x00007fabee3fb62f in QString::append (this=0x8d6cd8, str=...) at /usr/include/bits/string3.h:52
#7  0x00007fabee43c916 in QString::operator+= (this=0x8d6c40, maxBytes=<value optimized out>) at ../../include/QtCore/../../src/corelib/tools/qstring.h:269
#8  QTextStreamPrivate::fillReadBuffer (this=0x8d6c40, maxBytes=<value optimized out>) at io/qtextstream.cpp:590
#9  0x00007fabee43cf00 in QTextStreamPrivate::scan (this=0x8d6c40, ptr=0x7fff107b9140, length=0x7fff107b914c, maxlen=0, delimiter=QTextStreamPrivate::EndOfLine) at io/qtextstream.cpp:726
#10 0x00007fabee440ebf in QTextStream::readLine (this=<value optimized out>, maxlen=0) at io/qtextstream.cpp:1642
#11 0x00007fabe0ce9fb2 in KTimeZoned::readZoneTab (this=0x876ce0, f=...) at /var/tmp/portage/kde-base/ktimezoned-4.3.3/work/ktimezoned-4.3.3/ktimezoned/ktimezoned.cpp:308
#12 0x00007fabe0ced7c6 in KTimeZoned::init (this=0x876ce0, restart=<value optimized out>) at /var/tmp/portage/kde-base/ktimezoned-4.3.3/work/ktimezoned-4.3.3/ktimezoned/ktimezoned.cpp:153
#13 0x00007fabe0ceec38 in KPluginFactory::createInstance<KTimeZoned, QObject> (parentWidget=<value optimized out>, parent=<value optimized out>, args=...) at /usr/include/kpluginfactory.h:461
#14 0x00007fabedebb136 in KPluginFactory::create (this=0x8f5780, iface=0x7fabedefe940 "KDEDModule", parentWidget=0x0, parent=0x785dd0, args=..., keyword=...)
    at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kdecore/util/kpluginfactory.cpp:191
#15 0x00007fabe3af196e in KPluginFactory::create<KDEDModule> (this=0x785dd0, s=..., onDemand=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kdecore/util/kpluginfactory.h:491
#16 Kded::loadModule (this=0x785dd0, s=..., onDemand=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kded/kded.cpp:380
#17 0x00007fabe3af1f26 in Kded::loadModule (this=0x785dd0, obj=<value optimized out>, onDemand=250) at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kded/kded.cpp:334
#18 0x00007fabe3af25c0 in Kded::messageFilter (message=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kded/kded.cpp:195
#19 0x00007fabec576ec7 in QDBusConnectionPrivate::handleMessage (this=0x786a90, amsg=...) at qdbusintegrator.cpp:526
#20 0x00007fabec579bfe in qDBusSignalFilter (connection=<value optimized out>, message=<value optimized out>, data=<value optimized out>) at qdbusintegrator.cpp:517
#21 0x00007fabe765bee2 in dbus_connection_dispatch () from /usr/lib/libdbus-1.so.3
#22 0x00007fabec56d81f in q_dbus_connection_dispatch (this=0x786a90) at ./qdbus_symbols_p.h:113
#23 QDBusConnectionPrivate::doDispatch (this=0x786a90) at qdbusintegrator.cpp:1067
#24 0x00007fabec56d930 in QDBusConnectionPrivate::socketRead (this=0x786a90, fd=8) at qdbusintegrator.cpp:1087
#25 0x00007fabec59d406 in QDBusConnectionPrivate::qt_metacall (this=0x786a90, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff107b9d40)
    at .moc/release-shared/moc_qdbusconnection_p.cpp:89
#26 0x00007fabee49341b in QMetaObject::activate (sender=0x8728d0, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x606) at kernel/qobject.cpp:3101
#27 0x00007fabee4c0b26 in QSocketNotifier::activated (this=0x7fab60d56000, _t1=5) at .moc/release-shared/moc_qsocketnotifier.cpp:83
#28 0x00007fabee498cbf in QSocketNotifier::event (this=0x8728d0, e=0x7fff107ba310) at kernel/qsocketnotifier.cpp:316
#29 0x00007fabeba401c7 in QApplicationPrivate::notify_helper (this=0x7cb820, receiver=0x8728d0, e=0x7fff107ba310) at kernel/qapplication.cpp:4065
#30 0x00007fabeba47362 in QApplication::notify (this=0x7fff107ba630, receiver=0x8728d0, e=0x7fff107ba310) at kernel/qapplication.cpp:4030
#31 0x00007fabec9b8ddc in KApplication::notify (this=0x7fff107ba630, receiver=0x8728d0, event=0x7fff107ba310)
    at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kdeui/kernel/kapplication.cpp:302
#32 0x00007fabee4834f6 in QCoreApplication::notifyInternal (this=0x7fff107ba630, receiver=0x8728d0, event=0x7fff107ba310) at kernel/qcoreapplication.cpp:606
#33 0x00007fabee4a46ac in QCoreApplication::sendEvent (source=0x7cf010) at kernel/qcoreapplication.h:213
#34 socketNotifierSourceDispatch (source=0x7cf010) at kernel/qeventdispatcher_glib.cpp:110
#35 0x00007fabea4e7903 in g_main_dispatch (context=0x7ce120) at gmain.c:1827
#36 IA__g_main_context_dispatch (context=0x7ce120) at gmain.c:2377
#37 0x00007fabea4ea85c in g_main_context_iterate (context=0x7ce120, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2461
#38 0x00007fabea4ea9de in IA__g_main_context_iteration (context=0x7ce120, may_block=1) at gmain.c:2519
#39 0x00007fabee4a4473 in QEventDispatcherGlib::processEvents (this=0x749850, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#40 0x00007fabebab89b6 in QGuiEventDispatcherGlib::processEvents (this=0x7fab60d56000, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#41 0x00007fabee482264 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#42 0x00007fabee4823eb in QEventLoop::exec (this=0x7fff107ba570, flags=...) at kernel/qeventloop.cpp:197
#43 0x00007fabee483f4c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#44 0x00007fabe3af48f4 in kdemain (argc=1, argv=0x767f90) at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kded/kded.cpp:936
#45 0x0000000000407365 in launch (argc=1, _name=0x40a2e1 "kded4", args=<value optimized out>, cwd=0x0, envc=0, envs=0x0, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x40a1ad "0")
    at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kinit/kinit.cpp:677
#46 0x0000000000408cbf in main (argc=2, argv=0x7fff107bb148, envp=0x7fff107bb160) at /var/tmp/portage/kde-base/kdelibs-4.3.3-r1/work/kdelibs-4.3.3/kinit/kinit.cpp:1740

This bug may be a duplicate of or related to bug 193634

Reported using DrKonqi
Comment 1 Sergey Korolev 2010-01-30 23:22:29 UTC 
Created attachment 40398 [details]
A program that emulates behavior of my buggy one.

After successful KDE boot run an attached (open.c) program as root. This currupts the "/usr/share/zoneinfo/zone.tab" file. After next reboot KDE crashes while loading description of timezones.
Comment 2 David Jarvie 2010-02-27 18:41:43 UTC 
I tried running your program, but didn't see any kded crash the next time I logged in. ktimezoned simply reported an invalid record in zone.tab, and carried on. That was on KDE 4.3.3 on Qt 4.5.2 on Linux. I did see a crash in libical when kalarm was run, but that's a different issue since libical does its own reading of zone.tab.
Comment 3 Sergey Korolev 2010-02-27 23:10:04 UTC 
Now I have Linux 2.6.31-gentoo-r6 with KDE 4.3.5 and Qt 4.5.3, but the crash is still repeats.
On my system I found that the problem is in use of QTextStream.readLine() (see ktimezoned.cpp:310) function while reading of corrupted timezone data (for example 3 or more gigabytes). It consumes all RAM and leads to segmentation fault (see new attached test.cpp).
Comment 4 Sergey Korolev 2010-02-27 23:12:23 UTC 
Created attachment 41179 [details]
Emulates of KTimeZoned::readZoneTab
Comment 5 David Jarvie 2010-03-01 10:17:50 UTC 
Does your test program make zone.tab a very large file? From your comments, and the source, I suspect so, but when I ran it, zone.tab stayed the same size but only the first character was corrupted.
Comment 6 Sergey Korolev 2010-03-01 10:47:04 UTC 
Yes, it is. My program should simply create an empty large file (filled only by zeroes) and try to read it by an emulated KTimeZoned::readZoneTab function.
Comment 7 David Jarvie 2010-06-20 16:16:39 UTC 
A limit of 2000 characters is now set when reading each zone.tab line, to guard against this crash. This limit should be more than adequate for any valid zone.tab. SVN commits 1140377, 1140378.

Fixed for KDE 4.4.5 and KDE 4.5.0.