Bug 476616

Summary: Memory corruption in SharedMemory::findNamedEntry(), used from KIconLoaderPrivate::findCachedPixmapWithPath()
Product: [Frameworks and Libraries] frameworks-kcoreaddons Reporter: totte <hans.tovetjarn>
Component: generalAssignee: Michael Pyne <mpyne>
Status: REPORTED ---    
Severity: crash CC: kdelibs-bugs-null, nate
Priority: NOR Keywords: drkonqi
Version First Reported In: 5.111.0   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description totte 2023-11-06 08:44:23 UTC 
Application: systemsettings (5.27.9)

Qt Version: 5.15.11
Frameworks Version: 5.111.0
Operating System: Linux 6.5.9-1-default x86_64
Windowing System: X11
Distribution: "openSUSE Tumbleweed"
DrKonqi: 5.27.9 [KCrashBackend]

-- Information about the crash:
I'm using openSUSE Tumbleweed 20231103 with the 6.5.9-1-default arch kernel and KDE Plasma 5.27.9.
I've got a ASUSTeK Z87-PRO motherboard, Intel Core i5-4670K processor, and an AMD Hawaii PRO [Radeon R9 290/390] graphics card using the amdgpu driver.

The crash can be reproduced every time.

-- Backtrace:
Application: System Settings (systemsettings), signal: Bus error

[KCrash Handler]
#4  0x00007fdd9e16d3a1 in __strncmp_avx2 () at /lib64/libc.so.6
#5  0x00007fdd9fd9b087 in qstrncmp(char const*, char const*, unsigned int) (len=<optimized out>, str2=<optimized out>, str1=0x7fdd7d738000 <error: Cannot access memory at address 0x7fdd7d738000>) at /usr/include/qt5/QtCore/qbytearray.h:97
#6  SharedMemory::findNamedEntry(QByteArray const&) const (this=0x7fdd7d400000, key=...) at /usr/src/debug/kcoreaddons-5.111.0/src/lib/caching/kshareddatacache.cpp:767
#7  0x00007fdd9fda0bf2 in KSharedDataCache::find(QString const&, QByteArray*) const (this=0x55d774785f10, key=..., destination=destination@entry=0x7fffb14f1b10) at /usr/src/debug/kcoreaddons-5.111.0/src/lib/caching/kshareddatacache.cpp:1557
#8  0x00007fdda03dd748 in KIconLoaderPrivate::findCachedPixmapWithPath(QString const&, QPixmap&, QString&) (path=..., data=..., key=..., this=0x55d77478c460) at /usr/src/debug/kiconthemes-5.111.0/src/kiconloader.cpp:780
#9  KIconLoader::loadScaledIcon(QString const&, KIconLoader::Group, double, QSize const&, int, QStringList const&, QString*, bool, std::optional<KIconColors> const&) const (this=0x7fdda03f10b0 <(anonymous namespace)::Q_QGS_globalIconLoader::innerFunction()::holder>, _name=<optimized out>, group=KIconLoader::Desktop, scale=1, _size=<optimized out>, state=0, overlays=..., path_store=0x7fffb14f1c70, canReturnNull=false, colors=std::optional<KIconColors> [no contained value]) at /usr/src/debug/kiconthemes-5.111.0/src/kiconloader.cpp:1146
#10 0x00007fdda03d257b in KIconEngine::createPixmap(QSize const&, double, QIcon::Mode, QIcon::State) (this=0x55d774e0a2e0, size=..., scale=scale@entry=1, mode=<optimized out>, state=<optimized out>) at /usr/src/debug/kiconthemes-5.111.0/src/kiconengine.cpp:116
#11 0x00007fdda03d2b15 in KIconEngine::pixmap(QSize const&, QIcon::Mode, QIcon::State) (this=<optimized out>, size=<optimized out>, mode=<optimized out>, state=<optimized out>) at /usr/src/debug/kiconthemes-5.111.0/src/kiconengine.cpp:142
#12 0x00007fdd9f01355c in QIcon::pixmap(QWindow*, QSize const&, QIcon::Mode, QIcon::State) const (this=<optimized out>, window=0x55d774d82c90, size=..., mode=QIcon::Normal, state=QIcon::On) at image/qicon.cpp:905
#13 0x00007fdd5ff8e355 in  () at /usr/lib64/qt5/qml/org/kde/kirigami.2/libKirigamiPlugin.so
#14 0x00007fdd9cc9b922 in QQuickWindowPrivate::polishItems() () at /lib64/libQt5Quick.so.5
#15 0x00007fdd9cd2794e in QQuickRenderControl::polishItems() () at /lib64/libQt5Quick.so.5
#16 0x00007fdd9d9cb3b5 in  () at /lib64/libQt5QuickWidgets.so.5
#17 0x00007fdd9f7e733a in QWidget::event(QEvent*) (this=0x55d774c12a50, event=0x7fffb14f22a0) at kernel/qwidget.cpp:8835
#18 0x00007fdd9f7a519e in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x55d774c12a50, e=0x7fffb14f22a0) at kernel/qapplication.cpp:3640
#19 0x00007fdd9eaed198 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55d774c12a50, event=0x7fffb14f22a0) at kernel/qcoreapplication.cpp:1064
#20 0x00007fdd9eaed35e in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#21 0x00007fdd9f7dee76 in QWidgetPrivate::sendPendingMoveAndResizeEvents(bool, bool) (this=this@entry=0x55d774c97280, recursive=recursive@entry=false, disableUpdates=<optimized out>, disableUpdates@entry=false) at kernel/qwidget.cpp:7737
#22 0x00007fdd9f7e3873 in QWidgetPrivate::show_helper() (this=this@entry=0x55d774c97280) at kernel/qwidget.cpp:7788
#23 0x00007fdd9f7e6803 in QWidgetPrivate::setVisible(bool) (this=0x55d774c97280, visible=<optimized out>) at kernel/qwidget.cpp:8137
#24 0x00007fdd9f7e37f9 in QWidgetPrivate::showChildren(bool) (this=this@entry=0x55d774a408a0, spontaneous=spontaneous@entry=false) at kernel/qwidget.cpp:8209
#25 0x00007fdd9f7e388f in QWidgetPrivate::show_helper() (this=this@entry=0x55d774a408a0) at kernel/qwidget.cpp:7794
#26 0x00007fdd9f7e6803 in QWidgetPrivate::setVisible(bool) (this=0x55d774a408a0, visible=<optimized out>) at kernel/qwidget.cpp:8137
#27 0x00007fdd9f7cb3fb in QStackedLayout::setCurrentIndex(int) (this=0x55d7749a4b60, index=0) at kernel/qstackedlayout.cpp:323
#28 0x00007fdd9f7cbcca in QStackedLayout::insertWidget(int, QWidget*) (this=0x55d7749a4b60, index=0, widget=0x55d774d29bb0) at kernel/qstackedlayout.cpp:233
#29 0x000055d773d59949 in  ()
#30 0x000055d773d5d688 in  ()
#31 0x00007fdd9eb18f50 in QObject::event(QEvent*) (this=0x55d77492b200, e=0x55d774c7fb60) at kernel/qobject.cpp:1347
#32 0x00007fdda04c3469 in KXmlGuiWindow::event(QEvent*) (this=0x55d77492b200, ev=0x55d774c7fb60) at /usr/src/debug/kxmlgui-5.111.0/src/kxmlguiwindow.cpp:220
#33 0x00007fdd9f7a519e in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x55d77492b200, e=0x55d774c7fb60) at kernel/qapplication.cpp:3640
#34 0x00007fdd9eaed198 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55d77492b200, event=0x55d774c7fb60) at kernel/qcoreapplication.cpp:1064
#35 0x00007fdd9eaed35e in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#36 0x00007fdd9eaf0791 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=0x0, event_type=0, data=0x55d774667030) at kernel/qcoreapplication.cpp:1821
#37 0x00007fdd9eaf0cd8 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=<optimized out>, event_type=<optimized out>) at kernel/qcoreapplication.cpp:1680
#38 0x00007fdd9eb468c3 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x55d77475ee30) at kernel/qeventdispatcher_glib.cpp:277
#39 0x00007fdd9d113f30 in  () at /lib64/libglib-2.0.so.0
#40 0x00007fdd9d115b58 in  () at /lib64/libglib-2.0.so.0
#41 0x00007fdd9d11620c in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#42 0x00007fdd9eb460d6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x55d77476f7d0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#43 0x00007fdd9eaebc2b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffb14f2b50, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#44 0x00007fdd9eaf40c0 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#45 0x000055d773d5305c in  ()
#46 0x00007fdd9e0281b0 in __libc_start_call_main () at /lib64/libc.so.6
#47 0x00007fdd9e028279 in __libc_start_main_impl () at /lib64/libc.so.6
#48 0x000055d773d539f5 in  ()
[Inferior 1 (process 6616) detached]

Reported using DrKonqi