Bug 237124

Summary: KStars crashes while attempting to import USNO catalog
Product: [Unmaintained] kdelibs Reporter: Greg Stachowski <greg.stachowski>
Component: kdecoreAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: alexey.skladnoy, craig, frado65, kennlarsen1, marcocoss, mutlaqja, tokyojo2, walch.martin, yk.007
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 4.5.1
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi

Description Greg Stachowski 2010-05-10 17:54:55 UTC 
Application: kstars (1.6.0)
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-22-generic i686
Distribution: Ubuntu 10.04 LTS

-- Information about the crash:
KStars crashes without warning about 1/4 -1/3 of way through while attempting to import USNO NOMAD catalog. There is enough free disk space for the catalog.

The crash can be reproduced every time.

 -- Backtrace:
Application: KStars (kstars), signal: Aborted
[KCrash Handler]
#6  0x00884422 in __kernel_vsyscall ()
#7  0x04ab6651 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0x04ab9a82 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0x0084252f in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/libstdc++.so.6
#10 0x00840465 in ?? () from /usr/lib/libstdc++.so.6
#11 0x008404a2 in std::terminate() () from /usr/lib/libstdc++.so.6
#12 0x008405e1 in __cxa_throw () from /usr/lib/libstdc++.so.6
#13 0x01d49b15 in qBadAlloc() () from /usr/lib/libQtCore.so.4
#14 0x01d569ca in QByteArray::resize(int) () from /usr/lib/libQtCore.so.4
#15 0x01de76df in QIODevice::read(long long) () from /usr/lib/libQtCore.so.4
#16 0x00f2bc45 in KArchiveFile::data() const () from /usr/lib/libkio.so.5
#17 0x00f2cb92 in KArchiveFile::copyTo(QString const&) const () from /usr/lib/libkio.so.5
#18 0x00f2dbf2 in KArchiveDirectory::copyTo(QString const&, bool) const () from /usr/lib/libkio.so.5
#19 0x00a78c04 in KNS::CoreEngine::install(QString const&) () from /usr/lib/libknewstuff2.so.4
#20 0x00a7a301 in KNS::CoreEngine::slotPayloadResult(KJob*) () from /usr/lib/libknewstuff2.so.4
#21 0x00a7b974 in KNS::CoreEngine::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libknewstuff2.so.4
#22 0x00a87ada in ?? () from /usr/lib/libknewstuff2.so.4
#23 0x00aa0eaa in ?? () from /usr/lib/libknewstuff2.so.4
#24 0x01e5ac9a in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#25 0x01e693d5 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#26 0x001f5183 in KJob::result(KJob*) () from /usr/lib/libkdecore.so.5
#27 0x001f54e8 in KJob::emitResult() () from /usr/lib/libkdecore.so.5
#28 0x00f22604 in KIO::FileCopyJob::slotResult(KJob*) () from /usr/lib/libkio.so.5
#29 0x00f1e112 in KIO::FileCopyJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#30 0x01e5ac9a in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#31 0x01e693d5 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#32 0x001f5183 in KJob::result(KJob*) () from /usr/lib/libkdecore.so.5
#33 0x001f54e8 in KJob::emitResult() () from /usr/lib/libkdecore.so.5
#34 0x00f1af30 in KIO::SimpleJob::slotFinished() () from /usr/lib/libkio.so.5
#35 0x00f1b96d in KIO::TransferJob::slotFinished() () from /usr/lib/libkio.so.5
#36 0x00f19343 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#37 0x01e5ac9a in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#38 0x01e693d5 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#39 0x00fe5707 in KIO::SlaveInterface::finished() () from /usr/lib/libkio.so.5
#40 0x00fe8a2d in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib/libkio.so.5
#41 0x00fe5bc3 in KIO::SlaveInterface::dispatch() () from /usr/lib/libkio.so.5
#42 0x00fd9088 in KIO::Slave::gotInput() () from /usr/lib/libkio.so.5
#43 0x00fd9293 in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#44 0x01e5ac9a in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#45 0x01e693d5 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#46 0x00ee3bd7 in KIO::Connection::readyRead() () from /usr/lib/libkio.so.5
#47 0x00ee5f8e in ?? () from /usr/lib/libkio.so.5
#48 0x00ee60be in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#49 0x01e5ac9a in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#50 0x01e65336 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/libQtCore.so.4
#51 0x01e663fe in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#52 0x013a64dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#53 0x013ad05e in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#54 0x059edf2a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#55 0x01e55a3b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#56 0x01e58473 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#57 0x01e585dd in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4
#58 0x01e81adf in ?? () from /usr/lib/libQtCore.so.4
#59 0x01fa65e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#60 0x01faa2d8 in ?? () from /lib/libglib-2.0.so.0
#61 0x01faa4b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#62 0x01e815d5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#63 0x01466135 in ?? () from /usr/lib/libQtGui.so.4
#64 0x01e54059 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#65 0x01e544aa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#66 0x00a9f73a in ?? () from /usr/lib/libknewstuff2.so.4
#67 0x00a9fefa in KNS::Engine::downloadDialogModal(QWidget*) () from /usr/lib/libknewstuff2.so.4
#68 0x00aa0482 in KNS::Engine::download() () from /usr/lib/libknewstuff2.so.4
#69 0x081eed64 in _start ()

Reported using DrKonqi
Comment 1 Martin Walch 2010-06-17 02:09:14 UTC 
Created attachment 48067 [details]
New crash information added by DrKonqi

Happened with the same action (downloading USNO catalog). Seems to be almost identical, probably the same problem. I think the backtrace is slightly more detailed.
Comment 2 Franco Dorigo 2010-06-27 10:50:35 UTC 
Created attachment 48365 [details]
New crash information added by DrKonqi

I've installed Kstars on gnome desktop on Ubuntu 10.04.
Comment 3 Alexey Khudiakov 2010-06-28 20:44:09 UTC 
Thank you all for the detailed bug report. I think it's bug in KNewStuff or core libraries. USNO catalog had help to find such bug before
Comment 4 Alexey Khudiakov 2010-06-28 21:06:12 UTC 
I think it is really bug it the kdelibs so I'm reassigning the bug. Most likely it's 32-bit integer overflow. Unpacked USNO catalog is bigger than 2GB. 

Below is definition of function in which crash occurs. d->size has type qint64 while arr.size() has type int. So there is place to overflow. I maybe wrong but it's right direction to move.


QByteArray KArchiveFile::data() const
{
  archive()->device()->seek( d->pos );

  // Read content
  QByteArray arr;
  if ( d->size )
  {
    assert( arr.data() );
    arr = archive()->device()->read( d->size );
    Q_ASSERT( arr.size() == d->size );
  }
  return arr;
}


P.S. Reading whole file into memory isn't really good idea I believe.
Comment 5 marco cossu 2010-07-21 16:49:40 UTC 
Created attachment 49364 [details]
New crash information added by DrKonqi

 I was downloading "USNO NOMAD Catalog"
Comment 6 Christoph Feck 2010-08-24 21:43:24 UTC 
SVN commit 1167506 by cfeck:

Fix KArchive::copyTo() for large files

FIXED-IN: 4.5.1
BUG: 237124
Also see http://reviewboard.kde.org/r/4938/


 M  +16 -3     karchive.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1167506
Comment 7 Christoph Feck 2010-08-24 21:44:25 UTC 
SVN commit 1167508 by cfeck:

Fix KArchive::copyTo() for large files (backport r1167506)

CCBUG: 237124


 M  +16 -3     karchive.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1167508
Comment 8 Pino Toscano 2010-10-04 20:07:26 UTC 
*** Bug 246985 has been marked as a duplicate of this bug. ***
Comment 9 Pino Toscano 2010-10-04 20:07:29 UTC 
*** Bug 253253 has been marked as a duplicate of this bug. ***
Comment 10 Pino Toscano 2011-01-06 11:35:18 UTC 
*** Bug 262289 has been marked as a duplicate of this bug. ***
Comment 11 Christoph Feck 2011-07-18 23:59:43 UTC 
*** Bug 269837 has been marked as a duplicate of this bug. ***