| Summary: | Refresh button in the Programs section causes segfault | ||
|---|---|---|---|
| Product: | [Applications] k3b | Reporter: | Luigi Baldoni <aloisio> |
| Component: | general | Assignee: | k3b developers <k3b> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | aloisio, ari.reads, bugseforuns, ismail, luigi.toscano, michalm, simonandric5, trueg, zhaixiang |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | openSUSE | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/k3b/5e13d929f4c1e48462826ca12649475ff663ac62 | Version Fixed In: | |
| Sentry Crash Report: | |||
| Attachments: |
segfault on refresh under Tools/Settings/Programs
k3b valgrind log sanitizer.log |
||
Hi Aloysius, Thanks for your PR! it is very clear: QFile::encodeName(...) failed to work! (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" I reported similar BUG https://bugreports.qt.io/browse/QTBUG-57553 Regards, Leslie Zhai (In reply to Leslie Zhai from comment #1) > > Thanks for your PR! it is very clear: QFile::encodeName(...) failed to work! > > > (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" > (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" > (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" > (ExternalBinPermissionModel) unable to stat "\n\u0000\n\u0000ʱ" Sorry, I can't find that exact string in my log. > I reported similar BUG https://bugreports.qt.io/browse/QTBUG-57553 From what I can see, upstream marked it as "invalid". Has it actually been addressed? If so, can it be backported to older Qt releases? Created attachment 109013 [details]
k3b valgrind log
Are you quite sure the qt.io bug is related to this?
See what valgrind has to say about it.
Maybe not printing directly the unmodified raw data could help? Git commit 5a0d015cbd440ae42440e682375a43df82dfec98 by Leslie Zhai. Committed on 23/11/2017 at 02:25. Pushed by lesliezhai into branch 'master'. Use Address and Undefined Behaviour Sanitizer to debug. Please see attachment: sanitizer.log M +3 -1 INSTALL.txt https://commits.kde.org/k3b/5a0d015cbd440ae42440e682375a43df82dfec98 Created attachment 109022 [details]
sanitizer.log
1. UndefinedBehaviorSanitizer: undefined-behavior /data/project/kde/k3b/src/option/k3bexternalbinpermissionmodel.cpp:109:44 in
/data/project/kde/k3b/libk3b/core/k3bexternalbinmanager.cpp:117:12: runtime error: member access within address 0x6020001c9ab0 which does not point to an object of type 'const K3b::ExternalBin'
0x6020001c9ab0: note: object has invalid vptr
2. AddressSanitizer: heap-use-after-free on address 0x6020001c9ab8 at pc 0x7f7f6d951526 bp 0x7ffe4852c8b0 sp 0x7ffe4852c8a8
READ of size 8 at 0x6020001c9ab8 thread T0
#0 0x7f7f6d951525 in K3b::ExternalBin::path() const /data/project/kde/k3b/libk3b/core/k3bexternalbinmanager.cpp:117:12
3. 0x6020001c9ab8 is located 8 bytes inside of 16-byte region [0x6020001c9ab0,0x6020001c9ac0)
freed by thread T0 here:
#0 0x58f5fb in operator delete(void*) /data/project/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:149:3
#1 0x7f7f6d9508f7 in K3b::ExternalBin::~ExternalBin() /data/project/kde/k3b/libk3b/core/k3bexternalbinmanager.cpp:74:1
4. previously allocated by thread T0 here:
#0 0x58e99b in operator new(unsigned long) /data/project/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3
#1 0x7f7f6d956482 in K3b::SimpleExternalProgram::scan(QString const&) /data/project/kde/k3b/libk3b/core/k3bexternalbinmanager.cpp:346:33
Workaround patch is remove delete to bring in Memory-leak issue, but I want to find the root cause instead!
Git commit d2d1b578acb3a71ca8e6f0c8019c2dc0193819de by Leslie Zhai. Committed on 23/11/2017 at 03:50. Pushed by lesliezhai into branch 'master'. Update fuzzer testcase for QFile and QString. M +1 -1 CMakeLists.txt M +2 -1 INSTALL.txt M +4 -5 tests/CMakeLists.txt M +17 -7 tests/k3bfuzzertest.cpp https://commits.kde.org/k3b/d2d1b578acb3a71ca8e6f0c8019c2dc0193819de Git commit 5e13d929f4c1e48462826ca12649475ff663ac62 by Leslie Zhai. Committed on 23/11/2017 at 05:19. Pushed by lesliezhai into branch 'master'. Workaround for fixing segfault. M +0 -1 libk3b/core/k3bexternalbinmanager.cpp https://commits.kde.org/k3b/5e13d929f4c1e48462826ca12649475ff663ac62 Confirm no segfault on latest trunk version. But, by the way, doesn't this introduce the risk of a memory leak? (In reply to Aloysius from comment #10) > But, by the way, doesn't this introduce the risk of a memory leak? Yes, workaround patch, I need to find the root cause! Git commit ce5d7b139d07a875ea89fe049be852baf23f99f7 by Leslie Zhai. Committed on 28/11/2017 at 02:00. Pushed by lesliezhai into branch 'master'. Fix Memory-leak issue detected by clang analyzer long time ago M +4 -1 libk3b/core/k3bexternalbinmanager.cpp https://commits.kde.org/k3b/ce5d7b139d07a875ea89fe049be852baf23f99f7 What about clearing the widget before refreshing it? Hi, I don't understand https://cgit.kde.org/k3b.git/commit/?id=ce5d7b139d07a875ea89fe049be852baf23f99f7 at all. + d->gcBins << d->bins; d->bins.clear(); and where do you use d->gcBins exactly? (In reply to Ismail Donmez from comment #14) > Hi, > > I don't understand > https://cgit.kde.org/k3b.git/commit/ > ?id=ce5d7b139d07a875ea89fe049be852baf23f99f7 at all. > > + d->gcBins << d->bins; > d->bins.clear(); > > and where do you use d->gcBins exactly? https://github.com/KDE/k3b/blob/master/libk3b/core/k3bexternalbinmanager.cpp#L188 (In reply to Leslie Zhai from comment #15) > (In reply to Ismail Donmez from comment #14) > > Hi, > > > > I don't understand > > https://cgit.kde.org/k3b.git/commit/ > > ?id=ce5d7b139d07a875ea89fe049be852baf23f99f7 at all. > > > > + d->gcBins << d->bins; > > d->bins.clear(); > > > > and where do you use d->gcBins exactly? > > https://github.com/KDE/k3b/blob/master/libk3b/core/k3bexternalbinmanager. > cpp#L188 That's deletion, you don't actually use it at all. This fix looks very very wrong. (In reply to Ismail Donmez from comment #16) > (In reply to Leslie Zhai from comment #15) > > (In reply to Ismail Donmez from comment #14) > > > Hi, > > > > > > I don't understand > > > https://cgit.kde.org/k3b.git/commit/ > > > ?id=ce5d7b139d07a875ea89fe049be852baf23f99f7 at all. > > > > > > + d->gcBins << d->bins; > > > d->bins.clear(); > > > > > > and where do you use d->gcBins exactly? > > > > https://github.com/KDE/k3b/blob/master/libk3b/core/k3bexternalbinmanager. > > cpp#L188 > > That's deletion, you don't actually use it at all. This fix looks very very > wrong. So it is called gcBins for Garbage Collection. But it is not able to free d->bins directly due to heap-use-after-free issue https://bugsfiles.kde.org/attachment.cgi?id=109022 You could rollback the commit, then rebuild K3B with such option to reproduce the issue: cmake .. -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_CXX_COMPILER=clang++ \ -DECM_ENABLE_SANITIZERS='address;undefined' \ -DCMAKE_CXX_FLAGS="-fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-bb,trace-cmp" \ -DCMAKE_BUILD_TYPE=Debug \ -DKDE_INSTALL_LIBDIR=lib \ -DKDE_INSTALL_LIBEXECDIR=lib \ -DKDE_INSTALL_USE_QT_SYS_PATHS=ON \ -DK3B_BUILD_API_DOCS=ON \ -DK3B_ENABLE_PERMISSION_HELPER=ON \ -DK3B_DEBUG=ON Regards, Leslie Zhai - a LLVM developer https://reviews.llvm.org/p/xiangzhai/ Same issue on Fedora 27. Moreover, in addition to crashing, for some reason when adding CDRtools the "writing" window stays in 0% progress until the bluray writing finishes, and it doesn't pick up the 'dark' theme. Other KDE apps on Fedora 27 are able to pick up the fedora dark theme but k3b no longer does it. |
Created attachment 108893 [details] segfault on refresh under Tools/Settings/Programs Using openSUSE Leap 42.3, both with the official 17.04.2 and a self-built 17.08.3, clicking on the refresh button under Tools/Settings/Programs for all the tabs but the first one, the program segfaults. See attached gdb logs and backtraces for each of them.