Bug 469458

Summary:	kioslave5 crashes in parseMP4Tag<TagLib::MP4::File> when displaying m4a files in Dolphin
Product:	[Frameworks and Libraries] frameworks-kio	Reporter:	postix <postix>
Component:	general	Assignee:	KIO Bugs <kio-bugs-null>
Status:	RESOLVED FIXED
Severity:	crash	CC:	kdelibs-bugs, trilader+kdebugs
Priority:	NOR
Version:	5.105.0
Target Milestone:	---
Platform:	Other
OS:	Linux
See Also:	https://bugs.kde.org/show_bug.cgi?id=427448 https://bugs.kde.org/show_bug.cgi?id=495015
Latest Commit:	https://invent.kde.org/network/kio-extras/-/commit/cf5d29ae48c627d6299638a5c535f5d8c2ae36fa	Version Fixed In:	5.107
Sentry Crash Report:
Attachments:	Crash report from kioslave5

Description postix 2023-05-07 20:58:23 UTC

SUMMARY

kioslave5 crashes when displaying m4a files in Dolphin, which are stored on an mounted NTFS drive. Reproducible, always.
When copying these files to a local system folder (BTRFS), kioslave5 does not crash.


STEPS TO REPRODUCE
1. Open a folder containing some m4a files, which are stored on an NTFS drive

OBSERVED RESULT

```
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f2a58894993 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f2a58843196 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007f2a58fe0d3a in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kcrash-5.105.0/src/kcrash.cpp:626
#4  <signal handler called>
#5  TagLib::List<TagLib::MP4::Atom*>::detach (this=0x0) at /usr/src/debug/taglib-1.13/taglib/toolkit/tlist.tcc:315
#6  0x00007f2a381a10a2 in TagLib::List<TagLib::MP4::Atom*>::begin (this=0x0) at /usr/src/debug/taglib-1.13/taglib/toolkit/tlist.tcc:113
#7  TagLib::MP4::Atoms::find (this=0x0, name1=name1@entry=0x7f2a381bd3ab "moov", name2=name2@entry=0x7f2a381bd3a6 "udta", name3=name3@entry=0x7f2a381bd3a1 "meta", name4=name4@entry=0x7f2a381bd39c "ilst") at /usr/src/debug/taglib-1.13/taglib/mp4/mp4atom.cpp:194
#8  0x00007f2a381a114d in TagLib::MP4::File::hasMP4Tag (this=this@entry=0x7ffd412377f0) at /usr/src/debug/taglib-1.13/taglib/mp4/mp4file.cpp:201
#9  0x00007f2a5007469d in parseMP4Tag<TagLib::MP4::File> (file=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/audiocreator.cpp:101
#10 AudioCreator::create (this=this@entry=0x55be175868c0, request=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/audiocreator.cpp:179
#11 0x00007f2a591b47a7 in ThumbnailProtocol::createThumbnail (this=0x7ffd41237cb0, thumbCreator=<optimized out>, filePath=..., width=256, height=256, thumbnail=warning: RTTI symbol for class 'QImage' is not a type
...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:851
#12 0x00007f2a591ba284 in ThumbnailProtocol::get (this=0x7ffd41237cb0, url=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:256
#13 0x00007f2a590c16a0 in KIO::WorkerSlaveBaseBridge::get (this=0x55be17570150, url=...) at /usr/src/debug/kio-5.105.0/src/core/workerbase_p.h:71
#14 0x00007f2a590bdd8d in KIO::SlaveBase::dispatch (this=0x55be17570150, command=67, data=...) at /usr/src/debug/kio-5.105.0/src/core/slavebase.cpp:1257
#15 0x00007f2a590b654e in KIO::SlaveBase::dispatchLoop (this=0x55be17570150) at /usr/src/debug/kio-5.105.0/src/core/slavebase.cpp:342
#16 0x00007f2a591b6105 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:121
#17 0x000055be16f36355 in main (argc=5, argv=0x7ffd412388f8) at /usr/src/debug/kio-5.105.0/src/kioslave/kioslave.cpp:145
```

```
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {140725696292248}}
        ret = <optimized out>
#1  0x00007f2a58894993 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
No locals.
#2  0x00007f2a58843196 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007f2a58fe0d3a in KCrash::defaultCrashHandler (sig=11) at /usr/src/debug/kcrash-5.105.0/src/kcrash.cpp:626
        crashRecursionCounter = 2
#4  <signal handler called>
No locals.
#5  TagLib::List<TagLib::MP4::Atom*>::detach (this=0x0) at /usr/src/debug/taglib-1.13/taglib/toolkit/tlist.tcc:315
No locals.
#6  0x00007f2a381a10a2 in TagLib::List<TagLib::MP4::Atom*>::begin (this=0x0) at /usr/src/debug/taglib-1.13/taglib/toolkit/tlist.tcc:113
No locals.
#7  TagLib::MP4::Atoms::find (this=0x0, name1=name1@entry=0x7f2a381bd3ab "moov", name2=name2@entry=0x7f2a381bd3a6 "udta", name3=name3@entry=0x7f2a381bd3a1 "meta", name4=name4@entry=0x7f2a381bd39c "ilst") at /usr/src/debug/taglib-1.13/taglib/mp4/mp4atom.cpp:194
        it = <optimized out>
#8  0x00007f2a381a114d in TagLib::MP4::File::hasMP4Tag (this=this@entry=0x7ffd412377f0) at /usr/src/debug/taglib-1.13/taglib/mp4/mp4file.cpp:201
No locals.
#9  0x00007f2a5007469d in parseMP4Tag<TagLib::MP4::File> (file=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/audiocreator.cpp:101
        map = <optimized out>
        map = <optimized out>
        coverList = <optimized out>
        __for_range = <optimized out>
        __for_begin = <optimized out>
        __for_end = <optimized out>
        coverArtList = <optimized out>
        coverData = <optimized out>
        img = <optimized out>
        okay = <optimized out>
#10 AudioCreator::create (this=this@entry=0x55be175868c0, request=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/audiocreator.cpp:179
        file = {<TagLib::File> = {_vptr.File = 0x7f2a381f4d50 <vtable for TagLib::MP4::File+16>, d = 0x55be175bf5a0}, d = 0x55be175bf640}
        db = {d = 0x7f2a58fd3380 <(anonymous namespace)::Q_QGS_staticQMimeDatabase::innerFunction()::holder>}
        type = {d = {d = 0x55be175b4620}}
        fileName = <optimized out>
#11 0x00007f2a591b47a7 in ThumbnailProtocol::createThumbnail (this=0x7ffd41237cb0, thumbCreator=<optimized out>, filePath=..., width=256, height=256, thumbnail=warning: RTTI symbol for class 'QImage' is not a type
...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:851
        result = {d = std::unique_ptr<KIO::ThumbnailResultPrivate> = {get() = 0x55be1755dcb0}}
        success = false
#12 0x00007f2a591ba284 in ThumbnailProtocol::get (this=0x7ffd41237cb0, url=...) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:256
        creator = <optimized out>
        info = {d_ptr = {d = 0x55be1755dcb0}}
        direct = false
        ok = true
        img = {<QPaintDevice> = {_vptr.QPaintDevice = 0x7f2a56f176a8 <vtable for QImage+16>, painters = 0, reserved = 0x0}, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7f2a56e64060 <qt_meta_stringdata_QImage>, data = 0x7f2a56e63f00 <qt_meta_data_QImage>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d = 0x0}
        plugin = {d = 0x55be175aa640}
        shmid = {d = 0x0}
#13 0x00007f2a590c16a0 in KIO::WorkerSlaveBaseBridge::get (this=0x55be17570150, url=...) at /usr/src/debug/kio-5.105.0/src/core/workerbase_p.h:71
No locals.
#14 0x00007f2a590bdd8d in KIO::SlaveBase::dispatch (this=0x55be17570150, command=67, data=...) at /usr/src/debug/kio-5.105.0/src/core/slavebase.cpp:1257
        stream = {d = {d = 0x0}, dev = 0x55be175bf620, owndev = true, noswap = false, byteorder = QDataStream::BigEndian, ver = 19, q_status = QDataStream::Ok}
        url = {d = 0x55be175b3e20}
        i = 1483601040
#15 0x00007f2a590b654e in KIO::SlaveBase::dispatchLoop (this=0x55be17570150) at /usr/src/debug/kio-5.105.0/src/core/slavebase.cpp:342
        cmd = 67
        data = {d = 0x55be1755de90}
        ms = <optimized out>
        ret = 204
#16 0x00007f2a591b6105 in kdemain (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras-23.04.0/thumbnail/thumbnail.cpp:121
        app = {<QGuiApplication> = {<QCoreApplication> = {<QObject> = {_vptr.QObject = 0x7f2a53ebaf08 <vtable for QApplication+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7f2a58ebb100 <qt_meta_stringdata_QObject>, data = 0x7f2a58ebafe0 <qt_meta_data_QObject>, static_metacall = 0x7f2a58d232a0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55be171ed1a0}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7f2a58ebe0a0 <qt_meta_stringdata_Qt>, data = 0x7f2a58ebb220 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7f2a58fbd840 <QObject::staticMetaObject>}, stringdata = 0x7f2a58eb5fc0 <qt_meta_stringdata_QCoreApplication>, data = 0x7f2a58eb5ea0 <qt_meta_data_QCoreApplication>, static_metacall = 0x7f2a58cee150 <QCoreApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, static self = 0x7ffd41237c80}, static staticMetaObject = {d = {superdata = {direct = 0x7f2a58fc6120 <QCoreApplication::staticMetaObject>}, stringdata = 0x7f2a56e157c0 <qt_meta_stringdata_QGuiApplication>, data = 0x7f2a56e15540 <qt_meta_data_QGuiApplication>, static_metacall = 0x7f2a56975670 <QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7f2a56f15fa0 <QGuiApplication::staticMetaObject>}, stringdata = 0x7f2a53d558c0 <qt_meta_stringdata_QApplication>, data = 0x7f2a53d55740 <qt_meta_data_QApplication>, static_metacall = 0x7f2a539a8db0 <QApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}}
        worker = {<KIO::WorkerBase> = {_vptr.WorkerBase = 0x7f2a591be460 <vtable for ThumbnailProtocol+16>, d = std::unique_ptr<KIO::WorkerBasePrivate> = {get() = 0x55be17570150}}, m_mimeType = {d = 0x55be175b17d0}, m_width = 256, m_height = 256, m_devicePixelRatio = 2, m_creators = {{d = 0x55be17582470, e = 0x55be17582470}}, m_enabledPlugins = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {_q_value = {<__atomic_base<int>> = {static _S_alignment = 4, _M_i = -1}, static is_always_lock_free = true}}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x55be175bf1a0}, d = 0x55be175bf1a0}}, <No data fields>}, m_propagationDirectories = {q_hash = {{d = 0x7f2a58dd7600 <QHashData::shared_null>, e = 0x7f2a58dd7600 <QHashData::shared_null>}}}, m_thumbBasePath = {d = 0x55be16f38ca0 <QArrayData::shared_null>}, m_maxFileSize = 0, m_randomGenerator = {type = 1, storage = {dummy = 464373425, twister = {static state_size = 624, _M_x = {464373425, 340098840, 3915870620, 1610178057, 1274271988, 3751170140, 2108924891, 3173622341, 3817058003, 3565326006, 3588036368, 614915888, 3672924068, 1726993707, 4279103719, 4025143971, 1080444765, 1761825525, 3347571139, 4126745477, 4153497893, 4087596862, 2665405392, 1367872607, 2146462194, 3688889830, 4167775494, 1052750882, 756693026, 1569366755, 3301980836, 3024317476, 3034341323, 2490421854, 2057489683, 41326380, 3482215445, 2852440230, 1828130378, 3656729159, 1998354, 3499653350, 1875262233, 711361958, 2397825941, 342483191, 803669020, 1759646, 2125351134, 1627036985, 490034387, 745758450, 2046058131, 1580178241, 288254341, 244253128, 315692505, 3536150030, 3284568118, 2507580411, 2461249054, 977339474, 69064238, 412018183, 3196775414, 193652773, 3485686494, 3936537533, 3149017768, 4263092030, 2627792021, 1213947895, 1567492635, 86030761, 803998237, 2455790308, 585811175, 3203913971, 1120681147, 3602659807, 832177104, 1651889050, 2020169836, 1545976843, 3911774297, 3065350062, 4035340, 2931902887, 2508128381, 2791170442, 4094749316, 573280432, 3241574984, 3171623112, 380865896, 1428381031, 410010449, 3608769625, 1019761128, 3982000546, 4255589147, 1015162166, 2292622794, 1007544084, 209928027, 750177439, 860882178, 1404047629, 1165815941, 1786643463, 3164563657, 3580592761, 3547092574, 434345877, 4010932480, 610280757, 2127699455, 660229922, 3864955130, 3330584816, 3658072071, 1945337793, 2459895740, 4094290351, 3573568946, 3434575292, 3877095678, 2643879723, 4113588299, 3969901763, 3541085637, 2710581289, 1723442511, 3454545411, 1597271740, 3385805180, 2367584677, 3644267286, 3181225455, 666813071, 3419365897, 407165251, 1293235503, 4064359849, 975536503, 1277849833, 469947170, 1009370889, 4155159285, 3861251071, 1896849114, 3135381627, 2250368203, 1745809272, 3214337159, 2215018124, 3277768541, 1071887352, 3969613744, 2580312904, 1575885814, 691619181, 3578532808, 217632369, 2899858029, 2783467297, 4253064109, 1291386639, 3306894357, 2661102009, 464152377, 1979842448, 3554562759, 998148942, 4282340755, 2632525864, 3932283145, 1216302653, 2247995117, 178455934, 109218701, 713219126, 2395712531, 499524496, 1367643194, 2215036845, 674398138, 581123049, 2713655916, 1804756896, 4155720303, 2961954809, 561472114, 4006502746, 565553584, 2433293902, 3083638343, 1930472207, 2118679173, 1391723870...}, _M_p = 624}}}, m_sequenceIndexWrapAroundPoint = -1}
#17 0x000055be16f36355 in main (argc=5, argv=0x7ffd412388f8) at /usr/src/debug/kio-5.105.0/src/kioslave/kioslave.cpp:145
        libname = {d = 0x55be171dcab0}
        libpath = {d = 0x55be171dcf20}
        lib = {<QObject> = {_vptr.QObject = 0x7f2a58fc5d18 <vtable for QLibrary+16>, static staticMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7f2a58ebb100 <qt_meta_stringdata_QObject>, data = 0x7f2a58ebafe0 <qt_meta_data_QObject>, static_metacall = 0x7f2a58d232a0 <QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55be171dcb30}, static staticQtMetaObject = {d = {superdata = {direct = 0x0}, stringdata = 0x7f2a58ebe0a0 <qt_meta_stringdata_Qt>, data = 0x7f2a58ebb220 <qt_meta_data_Qt>, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}}, static staticMetaObject = {d = {superdata = {direct = 0x7f2a58fbd840 <QObject::staticMetaObject>}, stringdata = 0x7f2a58eb4f60 <qt_meta_stringdata_QLibrary>, data = 0x7f2a58eb4e80 <qt_meta_data_QLibrary>, static_metacall = 0x7f2a58ce49a0 <QLibrary::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>, relatedMetaObjects = 0x0, extradata = 0x0}}, d = 0x55be171dd020, did_load = true}
        sym = 0x7f2a591b5f30 <kdemain(int, char**)>
        slaveDebugWait = {d = 0x55be16f38ca0 <QArrayData::shared_null>}
        func = 0x7f2a591b5f30 <kdemain(int, char**)>
        newArgc = 4
        newArgv = {a = 5, s = 4, ptr = 0x7ffd41238780, {array = "\022\226#A\375\177\000\000Y\226#A\375\177\000\000c\226#A\375\177\000\000d\226#A\375\177\000\000\a\000\000\000\000\000\000", q_for_alignment_1 = 140725696304658, q_for_alignment_2 = 6.9527732031219977e-310}}
```

SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20230505
KDE Plasma Version: 5.27.4
KDE Frameworks Version: 5.105.0
Qt Version: 5.15.9
Kernel Version: 6.3.1-1-default (64-bit)

Comment 1 postix 2023-05-07 21:03:57 UTC

It only happens if the "show file preview" option is enabled in Dolphin.

Comment 2 Daniel Schulte 2023-05-16 19:39:51 UTC

I also have this issue (on ArchLinux). The following is the report generated by Dr.Konqi while running version 5.106.

kioslave5 crashes when opening a folder containing my music library in Dolphin, or when opening my home folder in Kates "Open File" dialog. Interestingly it is not crashing when opening my home folder in Dolphin. File previews are enabled (and it doesn't crash with them disabled). The file in question in both cases is an ext4 filesystem, on an internal SSD drive for my home and on a normal HDD for my music library.

I tried to convince gdb to give me the name of the failing file by following https://community.kde.org/Guidelines_and_HOWTOs/Debugging/Debugging_IOSlaves and attaching to the thumbnail kio process but I've not had any luck as the types are incomplete (I think some TagLib stuff was optimized out too much or the ArchLinux debug information aren't complete enough).

```
Application: kioslave5 (kioslave5), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = <optimized out>}
[KCrash Handler]
#6  0x00007f557419e514 in  () at /usr/lib/libtag.so.1
#7  0x00007f557419f436 in TagLib::MP4::Atoms::find(char const*, char const*, char const*, char const*) () at /usr/lib/libtag.so.1
#8  0x00007f557419f4e2 in TagLib::MP4::File::hasMP4Tag() const () at /usr/lib/libtag.so.1
#9  0x00007f55837940ca in parseMP4Tag<TagLib::MP4::File> (file=...) at /usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/audiocreator.cpp:101
#10 AudioCreator::create(KIO::ThumbnailRequest const&) (this=this@entry=0x55f37e5054a0, request=...) at /usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/audiocreator.cpp:179
#11 0x00007f558f6348c9 in ThumbnailProtocol::createThumbnail(ThumbCreatorWithMetadata*, QString const&, int, int, QImage&) (this=this@entry=0x7ffccde07f50, thumbCreator=thumbCreator@entry=0x55f37e5053c0, filePath=..., width=128, height=height@entry=128, thumbnail=...) at /usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:851
#12 0x00007f558f63a5d5 in ThumbnailProtocol::get(QUrl const&) (this=0x7ffccde07f50, url=<optimized out>) at /usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:256
#13 0x00007f558f508a64 in KIO::WorkerSlaveBaseBridge::get(QUrl const&) (this=0x55f37e4f4c40, url=<optimized out>) at /usr/src/debug/kio/kio-5.106.0/src/core/workerbase_p.h:71
#14 0x00007f558f505156 in KIO::SlaveBase::dispatch(int, QByteArray const&) (this=0x55f37e4f4c40, command=67, data=...) at /usr/src/debug/kio/kio-5.106.0/src/core/slavebase.cpp:1257
#15 0x00007f558f4fd2ae in KIO::SlaveBase::dispatchLoop() (this=0x55f37e4f4c40) at /usr/src/debug/kio/kio-5.106.0/src/core/slavebase.cpp:342
#16 0x00007f558f6362c2 in kdemain(int, char**) (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:121
#17 0x000055f37d84b1fd in main(int, char**) (argc=5, argv=0x7ffccde08b98) at /usr/src/debug/kio/kio-5.106.0/src/kioslave/kioslave.cpp:145
[Inferior 1 (process 7388) detached]
```

Comment 3 postix 2023-05-17 19:06:58 UTC

I have built the current plasma5/kf5 branch of plasma-workspace, plasma-desktop, dolphin and kio-extra with kdesrc-build and there could no longer reproduce the issue. Not sure what might have fixed it though.

Comment 4 postix 2023-05-17 19:11:12 UTC

Looks like it's indeed fixed in 5.107.

Comment 5 Daniel Schulte 2023-07-05 06:56:03 UTC

Created attachment 160086 [details]
Crash report from kioslave5

Comment 6 Daniel Schulte 2023-07-05 06:58:44 UTC

For me it still crashes with 5.107.0 on ArchLinux. Except only on the music library now. The crash with the file open dialog showing my home directory seem resolved (or I moved/deleted the offending file thee, not sure about which).

Current system information:
Operating System: Arch Linux 
KDE Plasma Version: 5.27.6
KDE Frameworks Version: 5.107.0
Qt Version: 5.15.10
Kernel Version: 6.4.1-arch2-1 (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Xeon® CPU E3-1245 v5 @ 3.50GHz
Memory: 31,1 GiB of RAM
Graphics Processor: AMD Radeon RX 580 Series
Manufacturer: Supermicro
Product Name: Super Server
System Version: 0123456789

Comment 7 Daniel Schulte 2023-09-11 20:53:48 UTC

I'm pretty sure I found the issue. At least on my machine it doesn't happen anymore with the fix and before I could reproduce it every time I opened my ~/music folder in Dolphin.

I've created a merge request for the fix at https://invent.kde.org/network/kio-extras/-/merge_requests/281

Comment 8 Albert Astals Cid 2023-09-11 20:57:09 UTC

Git commit 3bd4906f2e37456eb296a527913b305ba472b761 by Albert Astals Cid, on behalf of Daniel Schulte.
Committed on 11/09/2023 at 22:57.
Pushed by aacid into branch 'master'.

thumbnail: Fix heap-use-after-free in AudioCreator::create

There is a heap-use-after-free issue in `AudioCreator::create` resulting from storing the pointer to a temporary `QByteArray`'s data() in a pointer and accessing it after the byte-array has been freed (when the the temporary object was created on is over).

This fixes it by moving the `QByteArray` onto the stack, thus making it not temporary anymore, keeping it around until its data isn't needed anymore.

M  +2    -1    thumbnail/audiocreator.cpp

https://invent.kde.org/network/kio-extras/-/commit/3bd4906f2e37456eb296a527913b305ba472b761

Comment 9 Albert Astals Cid 2023-09-11 20:58:06 UTC

Git commit cf5d29ae48c627d6299638a5c535f5d8c2ae36fa by Albert Astals Cid, on behalf of Daniel Schulte.
Committed on 11/09/2023 at 22:57.
Pushed by aacid into branch 'release/23.08'.

thumbnail: Fix heap-use-after-free in AudioCreator::create

There is a heap-use-after-free issue in `AudioCreator::create` resulting from storing the pointer to a temporary `QByteArray`'s data() in a pointer and accessing it after the byte-array has been freed (when the the temporary object was created on is over).

This fixes it by moving the `QByteArray` onto the stack, thus making it not temporary anymore, keeping it around until its data isn't needed anymore.
(cherry picked from commit 3bd4906f2e37456eb296a527913b305ba472b761)

M  +2    -1    thumbnail/audiocreator.cpp

https://invent.kde.org/network/kio-extras/-/commit/cf5d29ae48c627d6299638a5c535f5d8c2ae36fa