Bug 429793

Summary: digiKam crashes in libicu when run with zzuf -s1 in WSL1
Product: [Applications] digikam Reporter: Nathan Mills <the.true.nathan.mills>
Component: Portability-RuntimeAssignee: Digikam Developers <digikam-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: crash CC: caulier.gilles, metzpinguin
Priority: NOR    
Version: 6.4.0   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In: 8.2.0
Sentry Crash Report:

Description Nathan Mills 2020-11-29 06:01:48 UTC 
SUMMARY
I ran digiKam with with "zzuf -s1 digikam" and it segfaulted in libicu.

STEPS TO REPRODUCE
1. gdb -ex "follow-fork-mode child" --args zzuf -s1 digikam
2. In gdb type r or run
3. Type thread apply all bt full

OBSERVED RESULT
digiKam crashes with this backtrace:
Thread 2.1 (Thread 0x7fffff49fa00 (LWP 22296)):
#0  strcmpAfterPrefix (pPrefixLength=<synthetic pointer>, s2=0x7fffdc46c380 <error: Cannot access memory at address 0x7fffdc46c380>, s1=0x7ffffffed780 "dt65l/cnvalias.icu") at ucmndata.cpp:112
        c1 = 117
        c2 = <error reading variable c2 (Cannot access memory at address 0x7fffdc46c37f)>
        pl = 2
        cmp = 0
        pl = <optimized out>
        cmp = <optimized out>
        c1 = <optimized out>
        c2 = <optimized out>
#1  offsetTOCPrefixBinarySearch (count=3667, toc=0x7fffcc460094, names=0x7fffcc460090 "S\016", s=<optimized out>) at ucmndata.cpp:155
        i = 917
        prefixLength = 2
        cmp = <optimized out>
        start = 1
        limit = 1833
        startPrefixLength = 2
        limitPrefixLength = 2
        start = <optimized out>
        limit = <optimized out>
        startPrefixLength = <optimized out>
        limitPrefixLength = <optimized out>
        i = <optimized out>
        prefixLength = <optimized out>
        cmp = <optimized out>
#2  offsetTOCLookupFn (pData=<optimized out>, tocEntryName=<optimized out>, pLength=0x7ffffffed650, pErrorCode=<optimized out>) at ucmndata.cpp:243
        base = 0x7fffcc460090 "S\016"
        number = <optimized out>
        count = 3667
        toc = 0x7fffcc460090
#3  0x00007fffef631e3f in doLoadFromCommonData (isICUData=isICUData@entry=1 '\001', tocEntryName=<optimized out>, path=path@entry=0x7fffef70c61d "icudt65l", type=type@entry=0x7fffef70d6a4 <DATA_TYPE> "icu", name=name@entry=0x7fffef70d6a8 <DATA_NAME> "cnvalias", isAcceptable=isAcceptable@entry=0x7fffef63f600 <isAcceptable(void*, char const*, char const*, UDataInfo const*)>, context=<optimized out>, subErrorCode=<optimized out>, pErrorCode=<optimized out>) at udata.cpp:1075
        length = -275206368
        pEntryData = <optimized out>
        pHeader = <optimized out>
        pCommonData = 0x845c200
        commonDataIndex = 1
        checkedExtendedICUData = 1 '\001'
#4  0x00007fffef632877 in doOpenChoice (path=0x7fffef70c61d "icudt65l", path@entry=0x0, type=<optimized out>, type@entry=0x7fffef70d6a4 <DATA_TYPE> "icu", name=<optimized out>, name@entry=0x7fffef70d6a8 <DATA_NAME> "cnvalias", isAcceptable=isAcceptable@entry=0x7fffef63f600 <isAcceptable(void*, char const*, char const*, UDataInfo const*)>, context=context@entry=0x0, pErrorCode=pErrorCode@entry=0x7ffffffed944) at udata.cpp:1354
        retVal = 0x0
        dataPath = <optimized out>
        tocEntrySuffixIndex = <optimized out>
        tocEntryPathSuffix = 0x7ffffffed7c6 "cnvalias.icu"
        subErrorCode = U_ZERO_ERROR
        treeChar = <optimized out>
        isICUData = 1 '\001'
        tocEntryName = {<icu_65_1::UMemory> = {<No data fields>}, buffer = {ptr = 0x7ffffffed77d "icudt65l/cnvalias.icu", capacity = 40, needToRelease = 0 '\000', stackArray = "icudt65l/cnvalias.icu", '\000' <repeats 18 times>}, len = 21}
        tocEntryPath = {<icu_65_1::UMemory> = {<No data fields>}, buffer = {ptr = 0x7ffffffed7bd "icudt65l/cnvalias.icu", capacity = 40, needToRelease = 0 '\000', stackArray = "icudt65l/cnvalias.icu", '\000' <repeats 18 times>}, len = 21}
        pkgName = {<icu_65_1::UMemory> = {<No data fields>}, buffer = {ptr = 0x7ffffffed7fd "icudt65l", capacity = 40, needToRelease = 0 '\000', stackArray = "icudt65l\000\000\000\222\000c\357\377\177\000\000\004\334p\357\377\177\000\000\322\001c\357\377\177\000\000\004\334p\357\377"}, len = 8}
        treeName = {<icu_65_1::UMemory> = {<No data fields>}, buffer = {ptr = 0x7ffffffed83d "", capacity = 40, needToRelease = 0 '\000', stackArray = "\000\000\000(", '\000' <repeats 23 times>, "\004\334p\357\377\177\000\000\000\000\000\000"}, len = 0}
#5  0x00007fffef632b60 in udata_openChoice_65_1 (path=path@entry=0x0, type=type@entry=0x7fffef70d6a4 <DATA_TYPE> "icu", name=name@entry=0x7fffef70d6a8 <DATA_NAME> "cnvalias", isAcceptable=isAcceptable@entry=0x7fffef63f600 <isAcceptable(void*, char const*, char const*, UDataInfo const*)>, context=context@entry=0x0, pErrorCode=pErrorCode@entry=0x7ffffffed944) at udata.cpp:1428
No locals.
#6  0x00007fffef63f7da in initAliasData (errCode=@0x7ffffffed944: U_ZERO_ERROR) at ucnv_io.cpp:242
        data = <optimized out>
        table = <optimized out>
        sectionSizes = <optimized out>
        tableStart = <optimized out>
        currOffset = <optimized out>
#7  0x00007fffef640462 in icu_65_1::umtx_initOnce (errCode=@0x7ffffffed944: U_ZERO_ERROR, fp=0x7fffef63f7a0 <initAliasData(UErrorCode&)>, uio=...) at umutex.h:145
        errCode = @0x7ffffffed944: U_ZERO_ERROR
        fp = 0x7fffef63f7a0 <initAliasData(UErrorCode&)>
        uio = @0x7fffef99d770: {fState = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 1}, <No data fields>}, fErrCode = U_ZERO_ERROR}
#8  haveAliasData (pErrorCode=0x7ffffffed944, pErrorCode@entry=0x14193da42c057c00) at ucnv_io.cpp:314
No locals.
#9  ucnv_getStandardName_65_1 (alias=alias@entry=0x7fffef70dc04 <_UTF8StaticData+4> "UTF-8", standard=standard@entry=0x7ffffb2b68cd "MIME", pErrorCode=pErrorCode@entry=0x7ffffffed944) at ucnv_io.cpp:962
No locals.
#10 0x00007ffffb15760e in QIcuCodec::codecForNameUnlocked (name=0x7fffef70dc04 <_UTF8StaticData+4> "UTF-8") at codecs/qicucodec.cpp:471
        error = U_ZERO_ERROR
        standardName = <optimized out>
        qt_only = <optimized out>
        globalData = <optimized out>
        cache = <optimized out>
        codec = <optimized out>
        c = <optimized out>
        conv = <optimized out>
#11 0x00007ffffb15854d in QIcuCodec::defaultCodecUnlocked () at codecs/qicucodec.cpp:448
        globalData = 0x7ffffb5a4f80 <(anonymous namespace)::Q_QGS_globalInstance::innerFunction()::holder>
        c = <optimized out>
        name = <optimized out>
#12 0x00007ffffb1545bf in QTextCodec::codecForLocale () at codecs/qtextcodec.cpp:715
        globalData = <optimized out>
        codec = <optimized out>
#13 0x00007ffffaf9f789 in QString::fromLocal8Bit_helper (str=str@entry=0x845c258 "en_US.UTF-8", size=11) at tools/qstring.cpp:5573
        codec = <optimized out>
#14 0x00007ffffaf05e4b in QString::fromLocal8Bit (size=<optimized out>, str=<optimized out>) at ../../include/QtCore/../../src/corelib/tools/qstring.h:576
No locals.
#15 QString::fromLocal8Bit (str=...) at ../../include/QtCore/../../src/corelib/tools/qstring.h:583
No locals.
#16 qEnvironmentVariable (varName=varName@entry=0x7ffffb263645 "LANG", defaultValue=...) at global/qglobal.cpp:3375
        value = {d = 0x845c240}
#17 0x00007ffffaf05f1f in qEnvironmentVariable (varName=varName@entry=0x7ffffb263645 "LANG") at global/qglobal.cpp:3382
No locals.
#18 0x00007ffffafb62e1 in QSystemLocale::fallbackUiLocale (this=<optimized out>) at tools/qlocale_unix.cpp:144
        lang = {static null = {<No data fields>}, d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        language = {static null = {<No data fields>}, d = 0x14193da42c057c00}
#19 0x00007ffffaf74a8e in QLocalePrivate::updateSystemPrivate () at tools/qlocale.cpp:683
        sys_locale = 0x7ffffb5a2228 <(anonymous namespace)::Q_QGS_QSystemLocale_globalSystemLocale::innerFunction()::holder>
        res = {d = {data = {c = 2 '\002', uc = 2 '\002', s = 2, sc = 2 '\002', us = 2, i = 2, u = 2, l = 2, ul = 2, b = 2, d = 9.8813129168249309e-324, f = 2.80259693e-45, real = 9.8813129168249309e-324, ll = 2, ull = 2, o = 0x2, ptr = 0x2, shared = 0x2}, type = 64, is_shared = 0, is_null = 0}}
#20 0x00007ffffaf753c5 in systemData () at tools/qlocale.cpp:734
        systemDataMutex = {d_ptr = {_q_value = {_M_b = {_M_p = 0x1}, static is_always_lock_free = <error reading variable: Missing ELF symbol "std::atomic<QMutexData*>::is_always_lock_free".>}}}
#21 0x00007ffffaf754a5 in defaultData () at tools/qlocale.cpp:747
No locals.
#22 (anonymous namespace)::Q_QGS_defaultLocalePrivate::Holder::Holder (this=0x7ffffb5a2140 <(anonymous namespace)::Q_QGS_defaultLocalePrivate::innerFunction()::holder>) at tools/qlocale.cpp:798
No locals.
#23 (anonymous namespace)::Q_QGS_defaultLocalePrivate::innerFunction () at tools/qlocale.cpp:798
        holder = {<(anonymous namespace)::Q_QGS_defaultLocalePrivate::HolderBase> = {<No data fields>}, value = {d = 0x0}}
#24 QGlobalStatic<QSharedDataPointer<QLocalePrivate>, (anonymous namespace)::Q_QGS_defaultLocalePrivate::innerFunction, (anonymous namespace)::Q_QGS_defaultLocalePrivate::guard>::operator* (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qglobalstatic.h:144
No locals.
#25 QLocale::QLocale (this=0x7ffffffedc50) at tools/qlocale.cpp:882
No locals.
#26 0x00007ffffb03c294 in QResourceFileEnginePrivate::QResourceFileEnginePrivate (this=0x845c110) at io/qresource.cpp:1227
No locals.
#27 QResourceFileEngine::QResourceFileEngine (this=0x84404a0, file=...) at io/qresource.cpp:1256
        d = <optimized out>
#28 0x00007ffffb05a0ac in _q_resolveEntryAndCreateLegacyEngine_recursive (entry=..., data=..., engine=@0x7ffffffedd68: 0x0, resolvingEntry=resolvingEntry@entry=false) at io/qfilesystemengine.cpp:150
        paths = <optimized out>
        ch = <optimized out>
        prefixSeparator = 0
        filePath = @0x7ffffffedcd0: {static null = {<No data fields>}, d = 0x7ffffb1d75e0 <QLibraryInfoPrivate::findConfiguration()::{lambda()#1}::operator()() const::qstring_literal>}
#29 0x00007ffffb05a216 in QFileSystemEngine::resolveEntryAndCreateLegacyEngine (entry=..., data=...) at io/qfilesystemengine.cpp:196
        copy = {m_filePath = {static null = {<No data fields>}, d = 0x7ffffb1d75e0 <QLibraryInfoPrivate::findConfiguration()::{lambda()#1}::operator()() const::qstring_literal>}, m_nativeFilePath = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}, m_lastSeparator = -2, m_firstDotInFileName = -2, m_lastDotInFileName = 0}
        engine = 0x0
#30 0x00007ffffb022669 in QFileInfo::exists (file=...) at io/qfileinfo.cpp:711
        entry = {m_filePath = {static null = {<No data fields>}, d = 0x7ffffb1d75e0 <QLibraryInfoPrivate::findConfiguration()::{lambda()#1}::operator()() const::qstring_literal>}, m_nativeFilePath = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}, m_lastSeparator = -2, m_firstDotInFileName = -2, m_lastDotInFileName = 0}
        data = {knownFlagsMask = {i = 0}, entryFlags = {i = 0}, size_ = -1, accessTime_ = 140737430638208, birthTime_ = 140737430638096, metadataChangeTime_ = 138566096, modificationTime_ = 4294967295, userId_ = 8, groupId_ = 268}
        engine = <optimized out>
#31 0x00007ffffaf07013 in QLibraryInfoPrivate::findConfiguration () at global/qlibraryinfo.cpp:182
        qtconfig = {static null = {<No data fields>}, d = 0x7ffffb1d75e0 <QLibraryInfoPrivate::findConfiguration()::{lambda()#1}::operator()() const::qstring_literal>}
#32 0x00007ffffaf075a2 in QLibrarySettings::load (this=0x7ffffb5a1060 <(anonymous namespace)::Q_QGS_qt_library_settings::innerFunction()::holder>) at global/qlibraryinfo.cpp:138
        haveDevicePaths = <optimized out>
        haveEffectivePaths = <optimized out>
        havePaths = <optimized out>
        children = <optimized out>
        haveEffectiveSourcePaths = <optimized out>
#33 0x00007ffffaf07d1b in QLibrarySettings::QLibrarySettings (this=0x7ffffb5a1060 <(anonymous namespace)::Q_QGS_qt_library_settings::innerFunction()::holder>) at global/qlibraryinfo.cpp:132
No locals.
#34 (anonymous namespace)::Q_QGS_qt_library_settings::Holder::Holder (this=0x7ffffb5a1060 <(anonymous namespace)::Q_QGS_qt_library_settings::innerFunction()::holder>) at global/qlibraryinfo.cpp:89
No locals.
#35 (anonymous namespace)::Q_QGS_qt_library_settings::innerFunction () at global/qlibraryinfo.cpp:89
        holder = {<(anonymous namespace)::Q_QGS_qt_library_settings::HolderBase> = {<No data fields>}, value = {settings = {d = 0x0}, reloadOnQAppAvailable = false}}
#36 QGlobalStatic<QLibrarySettings, (anonymous namespace)::Q_QGS_qt_library_settings::innerFunction, (anonymous namespace)::Q_QGS_qt_library_settings::guard>::operator() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qglobalstatic.h:135
No locals.
#37 QLibraryInfoPrivate::configuration () at global/qlibraryinfo.cpp:115
        ls = <optimized out>
        ls = <optimized out>
#38 QLibraryInfo::location (loc=loc@entry=QLibraryInfo::DataPath) at global/qlibraryinfo.cpp:494
        ret = {static null = {<No data fields>}, d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        fromConf = false
#39 0x00007ffffb05f108 in QLoggingRegistry::initializeRules (this=this@entry=0x7ffffb5a25e0 <(anonymous namespace)::Q_QGS_qtLoggingRegistry::innerFunction()::holder>) at io/qloggingregistry.cpp:331
        er = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        qr = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        cr = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        rulesFilePath = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        rulesSrc = {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}
        configFileName = {static null = {<No data fields>}, d = 0x7ffffb294040 <QLoggingRegistry::initializeRules()::{lambda()#1}::operator()() const::qstring_literal>}
        qtConfigPath = {static null = {<No data fields>}, d = 0x0}
        envPath = {static null = {<No data fields>}, d = 0x70}
        locker = <optimized out>
#40 0x00007ffffb060951 in QLoggingRegistry::QLoggingRegistry (this=0x7ffffb5a25e0 <(anonymous namespace)::Q_QGS_qtLoggingRegistry::innerFunction()::holder>) at io/qloggingregistry.cpp:280
No locals.
#41 (anonymous namespace)::Q_QGS_qtLoggingRegistry::Holder::Holder (this=0x7ffffb5a25e0 <(anonymous namespace)::Q_QGS_qtLoggingRegistry::innerFunction()::holder>) at io/qloggingregistry.cpp:62
No locals.
#42 (anonymous namespace)::Q_QGS_qtLoggingRegistry::innerFunction () at io/qloggingregistry.cpp:62
        holder = {<(anonymous namespace)::Q_QGS_qtLoggingRegistry::HolderBase> = {<No data fields>}, value = {registryMutex = {<QBasicMutex> = {d_ptr = {_q_value = {_M_b = {_M_p = 0x0}, static is_always_lock_free = <error reading variable: Missing ELF symbol "std::atomic<QMutexData*>::is_always_lock_free".>}}}, <No data fields>}, ruleSets = {{d = 0x7ffffb1d96e0 <QArrayData::shared_null>}, {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}, {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}, {d = 0x7ffffb1d96e0 <QArrayData::shared_null>}}, categories = {{d = 0x7ffffb1db7c0 <QHashData::shared_null>, e = 0x7ffffb1db7c0 <QHashData::shared_null>}}, categoryFilter = 0x7ffffb0601b0 <QLoggingRegistry::defaultCategoryFilter(QLoggingCategory*)>}}
#43 QGlobalStatic<QLoggingRegistry, (anonymous namespace)::Q_QGS_qtLoggingRegistry::innerFunction, (anonymous namespace)::Q_QGS_qtLoggingRegistry::guard>::operator() (this=<optimized out>) at ../../include/QtCore/../../src/corelib/global/qglobalstatic.h:135
No locals.
#44 QLoggingRegistry::instance () at io/qloggingregistry.cpp:431
No locals.
#45 0x00007ffffb05d089 in QLoggingCategory::init (this=0x7ffff865a620 <category>, category=<optimized out>, severityLevel=QtInfoMsg) at io/qloggingcategory.cpp:249
        reg = <optimized out>
#46 0x00007ffff837085c in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at /usr/src/debug/kio-5.71.0-lp152.2.9.1.x86_64/src/widgets/kdirmodel.cpp:50
No locals.
#47 _GLOBAL__sub_I_kdirmodel.cpp(void) () at /usr/src/debug/kio-5.71.0-lp152.2.9.1.x86_64/build/src/widgets/KF5KIOWidgets_autogen/include/moc_kdirmodel.cpp:154
No locals.
#48 0x00007fffff40faba in call_init.part () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#49 0x00007fffff40fbc6 in _dl_init () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#50 0x00007fffff400eda in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#51 0x0000000000000001 in ?? ()
No symbol table info available.
#52 0x00007ffffffee4ef in ?? ()
No symbol table info available.
#53 0x0000000000000000 in ?? ()
No symbol table info available.

EXPECTED RESULT
digiKam shouldn't crash.

SOFTWARE/OS VERSIONS
Windows: Windows 10 2004 build 19041.630
macOS: 
Linux/KDE Plasma: OpenSUSE 15.2 Windows Subsystem for Linux 
(available in About System)
KDE Plasma Version: 4.11.22
KDE Frameworks Version: 4.14.38
Qt Version: 4.8.7

ADDITIONAL INFORMATION
Comment 1 Maik Qualmann 2020-11-29 07:06:32 UTC 
Why is Windows10 also specified in the footer? Can you please test a current version of digiKam?

Maik
Comment 2 Maik Qualmann 2020-11-29 07:07:45 UTC 
Now understand, Windows subsystem... Why are you just using a native digiKam version?

Maik
Comment 3 Maik Qualmann 2020-11-29 07:09:57 UTC 
See also this bug 417885.

Maik
Comment 4 Maik Qualmann 2020-11-29 07:35:16 UTC 

*** This bug has been marked as a duplicate of bug 417885 ***
Comment 5 Nathan Mills 2020-11-30 03:43:39 UTC 
I tried running digiKam 7.1.0 64-bit that I installed from AppImage with zzuf and it crashed again but this time in one of zzuf's functions (_zz_fuzz). I guess I should report that bug to zzuf's maintainer, since it's a crash in zzuf itself. I had to add -E/usr/plugins to zzuf options to get past the 'Could not find the Qt platform plugin "xcb" in ""' message.

digiKam 7.1.0 (and 6.4.0 which this bug report is about) works fine if I run it in WSL without zzuf. I do have digiKam installed natively in Windows but an old version (5.9.0). I installed digikam in WSL to see if it would crash with zzuf, which doesn't have a Windows version yet. KDE itself doesn't start properly with startkde because of a D-Bus error like in bug 417885.
Comment 6 caulier.gilles 2022-11-24 07:00:22 UTC 
Hi all,

What's about the 7.9.0 pre-release available here :

https://files.kde.org/digikam/

Problem still reproducible ?

Thanks in advance

Gilles Caulier
Comment 7 caulier.gilles 2023-10-11 03:19:31 UTC 
fixed with 417885