Bug 387298

Hi Dr. Chapatin,

BT info could't help, it only indicated might owing to k3b ffmpeg plugin, but no debug info, please build as:

cmake .. -DCMAKE_INSTALL_PREFIX=/usr    \
    -DCMAKE_CXX_COMPILER=clang++    \
    -DECM_ENABLE_SANITIZERS='address;undefined'    \
    -DCMAKE_CXX_FLAGS="-fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-bb,trace-cmp" \
    -DCMAKE_BUILD_TYPE=Debug \
    -DKDE_INSTALL_LIBDIR=lib    \
    -DKDE_INSTALL_LIBEXECDIR=lib    \
    -DKDE_INSTALL_USE_QT_SYS_PATHS=ON   \
    -DK3B_BUILD_API_DOCS=ON \
    -DK3B_ENABLE_PERMISSION_HELPER=ON   \
    -DK3B_DEBUG=ON

Regards,
Leslie Zhai

Helpful BT and fuzzer info like this https://bugs.kde.org/show_bug.cgi?id=386983

There is no debug symbols package on Arch Linux.
On neon user edition is not possible to install debug package

"The following packages have unmet dependencies:
 k3b-dbg : Depends: k3b (= 2.0.3-0ubuntu5) but 17.08.0+p16.04+git20171124.0022-0 is to be installed
E: Unable to correct problems, you have held broken packages."

Created attachment 109157 [details]
core_backtrace

Crash is reproducible on Fedora 27.
Is my attachment useful for you Leslie?

Sorry unhelpful.. it has to use -DCMAKE_BUILD_TYPE=Debug option to rebuild K3B, then ELF contains helpful .debug_XXX sections.

Created attachment 109160 [details]
Disassembly

Built with clang and enabled debug -g option, then use objdump, it contains .debug_XXX sections and Intermix source code with disassembly.

Created attachment 109163 [details]
backtrace from opensuse

Sorry, I have no technical knowledge to follow your instructions.
But maybe this backtrace generated on OpenSuse can help.

@Leslie Zhai:
when CCing people to a bug, you ought to tell them why you are CCing them.

(In reply to Dr. Chapatin from comment #7)
> Created attachment 109163 [details]
> backtrace from opensuse
> 
> Sorry, I have no technical knowledge to follow your instructions.
> But maybe this backtrace generated on OpenSuse can help.

Hi Pino,

Sorry I am not good at English language, I am inputting slowly try to express clearly, please wait for minutes patiently :)

Please help me to check https://github.com/KDE/k3b/blob/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp#L289

I argue that it might be:

1. Memory copy function accesses out-of-bound array element
2. Memory copy function overflows destination buffer
3. Memory copy function accesses out-of-bound array element
4. Memory copy function overflows destination buffer
5. overlapping
6. Null pointer argument in call to memory copy function

But my sincere thanks goes to you for maintaining ffmpeg plugin https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp 

Regards,
Leslie Zhai - a LLVM developer https://reviews.llvm.org/p/xiangzhai/

Hi Dr. Chapatin,

Also thank you for bug report! it is able to use Clang Static Analyzer to detect potential bugs, for example: the testcase for memcpy https://github.com/llvm-mirror/clang/blob/master/test/Analysis/bstring.c

Regards,
Leslie Zhai

Clang Static Analyzer is very helpful to hunt potential bugs:

https://git.reviewboard.kde.org/r/129994/
https://git.reviewboard.kde.org/r/129995/
https://git.reviewboard.kde.org/r/129976/
https://git.reviewboard.kde.org/r/129768/
https://git.reviewboard.kde.org/r/129767/
https://git.reviewboard.kde.org/r/129599/

My sincere thanks will go to Apple Analysis team :)

(In reply to Leslie Zhai from comment #9)
> But my sincere thanks goes to you for maintaining ffmpeg plugin
> https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/
> k3bffmpegwrapper.cpp 

I am *not* the maintainer of that code.  Or in general, I am *not* the maintainer of k3b, who is Leslie Zhai.

Hi Pino,

I respect you the pioneer of KDE developer, please code review firstly, when LGTM, then git push to the K3B repository, thanks a lot!

The latest commit log:

https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp


commit c01a9cbffec61c7a5fe4c835d166924aff7c2c75
Merge: 93855a3 1777236
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 11:18:34 2017 +0100

commit c01a9cbffec61c7a5fe4c835d166924aff7c2c75
Merge: 93855a3 1777236
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 11:18:34 2017 +0100

    Merge remote-tracking branch 'origin/2.0'

commit 1777236203f21eed7a9baade632472094c8081d3
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 10:48:45 2017 +0100

    ffmpeg: fix/simplify metadata conversion to string
    
    Comparing a pointer with an integer value is (correctly) an error with
    GCC 7.

commit 3690ab2246c8e3d050d65f3d24171573ecafd501
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 10:38:53 2017 +0100

    ffmpeg: fix avcodec version for av_frame_alloc
    
    Fixes commit 5b9b3537b658ad342d688fa4f210113a3d066d2a.

commit 88b3596675e06c04573b4c0a296d4eabcc94680f
Author: Leslie Zhai <xiangzhai83@gmail.com>
Date:   Mon Nov 28 12:28:15 2016 +0800

    Export K3b::BootItem compiled for clang++


I will fix the bug, it is my responsibility!

Regards,
Leslie Zhai

(In reply to Leslie Zhai from comment #13)
> I respect you the pioneer of KDE developer, please code review firstly, when
> LGTM, then git push to the K3B repository, thanks a lot!

Pioneer of what?  Your sentences make no sense to me, sorry.
Again, just because I did the last two commits to that code, that does not make me its maintainer.

Git commit 947aebe181cda58933eafc28d0c46f7dc0515453 by Leslie Zhai.
Committed on 02/12/2017 at 07:11.
Pushed by lesliezhai into branch 'master'.

Fix potential null passed to a callee that requires a non-null argument.

M  +5    -2    plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp

https://commits.kde.org/k3b/947aebe181cda58933eafc28d0c46f7dc0515453