Summary: | NULL pointer dereference in KPtyDevicePrivate::doWait | ||
---|---|---|---|
Product: | [Unmaintained] kdelibs | Reporter: | Christopher Yeleighton <giecrilj> |
Component: | kdecore | Assignee: | kdelibs bugs <kdelibs-bugs> |
Status: | RESOLVED WORKSFORME | ||
Severity: | crash | CC: | adaptee, cpigat242, mpyne, ossi |
Priority: | NOR | ||
Version: | 4.10.5 | ||
Target Milestone: | --- | ||
Platform: | Compiled Sources | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | check readNotifier |
Description
Christopher Yeleighton
2013-08-25 12:44:44 UTC
Created attachment 81919 [details]
check readNotifier
Most of KPtyDevice seems to pay no mind to whether readNotifier is valid, as the object is created as part of opening the PTY. The only exception seems to be if there is already a master file descriptor setup. So I think the proposed fix is inappropriate, as presumably many more null checks would be needed. I believe the actual bug is in the testcase itself. KPtyProcess::start() is really KProcess::start(), which is documented as starting the process, waiting for it to complete, and returning the exit code. When utmp support is enabled, the transition from a running process to a finished process would cause the PTY to be logged out, which invalidates all socket notifiers (including readNotifier). In other words the process was already allowed to run to completion and so we don't bother with its PTY anymore; the underlying KPtyDevice is essentially in an invalid state. I believe the test case should use p.execute() instead of p.start() with the rest of the testcase being more-or-less satisfactory the way it is. I've CC'ed the KPty dev to double-check my logic though. the test log indicates quite clearly that the root cause is a failure to open a pty. the test should do QVERIFY(p.pty()->isOpen()); right after instantiating the KPtyProcess. actual user code of KPtyProcess (konsole in particular) should be checked whether it does this check, too. (In reply to comment #3) > the test log indicates quite clearly that the root cause is a failure to > open a pty. > the test should do QVERIFY(p.pty()->isOpen()); right after instantiating the > KPtyProcess. > actual user code of KPtyProcess (konsole in particular) should be checked > whether it does this check, too. Library code should not rely on the customer observing complicated conditions and transitions or otherwise we will crash. I understand that is sometimes necessary for efficiency reasons (e.g. invalid iterators) but I think this is not the case this time. it's unreasonable to harden the code against each possible abuse. latest when memory corruption comes into play, there is no way to get it right. the correct reaction would be refusing to start the process, a condition which is more likely to be tested by the user. (In reply to comment #5) > it's unreasonable to harden the code against each possible abuse. latest > when memory corruption comes into play, there is no way to get it right. > the correct reaction would be refusing to start the process, a condition > which is more likely to be tested by the user. A NULL pointer is not a manifestation of corrupted memory; just the opposite, it is commonly used to indicate no value. Thank you for the crash report. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you. Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone! This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone! |