Summary: | Okular crashes opening CHM-file | ||
---|---|---|---|
Product: | [Applications] okular | Reporter: | Peter Gsellmann <pgsellmann> |
Component: | general | Assignee: | Okular developers <okular-devel> |
Status: | CONFIRMED --- | ||
Severity: | crash | CC: | aacid, justin.zobel, peter, yurchor |
Priority: | NOR | Keywords: | drkonqi |
Version: | 0.21.3 | ||
Target Milestone: | --- | ||
Platform: | Fedora RPMs | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: |
ASAN trace (qt5-base 5.11.1, khtml 5.49.0, okular v18.08.0-21-g6a3705535)
Minimal khtml reproducer (main.cpp) |
Description
Peter Gsellmann
2015-06-23 11:37:57 UTC
(In reply to Peter Gsellmann from comment #0) > Application: okular (0.21.3) > KDE Platform Version: 4.14.7 > Qt Version: 4.8.6 > Operating System: Linux 3.19.8-100.fc20.x86_64 x86_64 > Distribution: "Fedora release 20 (Heisenbug)" > > Unfortunately, i cannot append the involved file because it is from a > commercial software package i am not allowed to redistribute. > However, a limited runtime demo is downloadable at > https://www.devart.com/mydac/ where i hope this file is included Hi, I have downloaded the CHM file by this address: http://www.devart.com/mydac/mydac.chm It was opened with Okular 0.22.60 (self-compiled from git/master) + li64chm 0.40 and no crash occurred. Can you confirm that the above-mentioned file crashes your Okular? Thanks in advance for your answer. Confirmed for the file kindly sent to me by Peter (not the one from devart site) and Okular from git/master. Similar symptoms. Kchmviewer 6.0 opens the file just fine. Can we actually have the file? Otherwise it's going to be close to impossible to fix (otoh the backtrace seems to point to khtml) Created attachment 114661 [details]
ASAN trace (qt5-base 5.11.1, khtml 5.49.0, okular v18.08.0-21-g6a3705535)
I cannot load the referenced mydac.chm file as it takes forever to even open and spits libpng errors. However I did observe a crash when trying to open a (confidential) CHM file and scrolling down to a page, the cause of the crash is a use-after-free of a scrollbar widget.
The page I scroll to contains a larger picture, that could be relevant. I was not able to reproduce the crash with a (text-only?) "depends.chm" from 2011 (Dependency Walker).
Created attachment 114666 [details]
Minimal khtml reproducer (main.cpp)
It appears to be a KHtml bug (or API misuse in Okular).
The attached minimal reproducer triggers the same crash.
Thank you for the report. As it has been a while since this was updated, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved" when you respond, thank you. The reproducer from comment 5 above still works, I had to add the prepend the following to CMakeLists.txt to make it build though: cmake_minimum_required(VERSION 3.19) Tested on Arch Linux with: qt5-base 5.15.2-1 khtml 5.76.0-1 Trace: ==3051==ERROR: AddressSanitizer: SEGV on unknown address 0x602043800066 (pc 0x7ff672b0e819 bp 0x7ff672bf100a sp 0x7ffcbc051da0 T0) ==3051==The signal is caused by a READ memory access. 0 0x7ff672b0e819 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x2b5819) 1 0x7ff673707740 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/libQt5Widgets.so.5+0x15a740) 2 0x7ff672b0ea79 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/libQt5Core.so.5+0x2b5a79) 3 0x7ff6737408e7 in QWidgetPrivate::sendPaintEvent(QRegion const&) (/usr/lib/libQt5Widgets.so.5+0x1938e7) 4 0x7ff67374115b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, QFlags<QWidgetPrivate::DrawWidgetFlag>, QPainter*, QWidgetRepaintManager*) (/usr/lib/libQt5Widgets.so.5+0x19415b) 5 0x7ff6737459f9 in QWidgetPrivate::render(QPaintDevice*, QPoint const&, QRegion const&, QFlags<QWidget::RenderFlag>) (/usr/lib/libQt5Widgets.so.5+0x1989f9) 6 0x7ff673745f13 in QWidget::render(QPainter*, QPoint const&, QRegion const&, QFlags<QWidget::RenderFlag>) (/usr/lib/libQt5Widgets.so.5+0x198f13) 7 0x7ff6737462f8 in QWidget::render(QPaintDevice*, QPoint const&, QRegion const&, QFlags<QWidget::RenderFlag>) (/usr/lib/libQt5Widgets.so.5+0x1992f8) 8 0x7ff674b0e786 (/usr/lib/libKF5KHtml.so.5+0x3b0786) 9 0x7ff674b0ed0c (/usr/lib/libKF5KHtml.so.5+0x3b0d0c) 10 0x7ff674aea5ce (/usr/lib/libKF5KHtml.so.5+0x38c5ce) 11 0x7ff674aef93c in khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (/usr/lib/libKF5KHtml.so.5+0x39193c) |