Bug 481167

Summary: KIOWorker is segfaulting when writing invalid/empty bytearray (slavebase.cpp::1484)
Product: [Frameworks and Libraries] frameworks-kio Reporter: Mike <noeerover>
Component: generalAssignee: KIO Bugs <kio-bugs-null>
Status: RESOLVED UPSTREAM    
Severity: crash CC: kdelibs-bugs-null, nate
Priority: NOR    
Version First Reported In: git master   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Mike 2024-02-10 13:22:47 UTC 
SUMMARY
If I open dolphin and browse to a folder with different images (?), kioworker crashes and sometimes dolphin crashes.  My debuginfod is not working right, I can't get a full bt, but it appears to be an invalid bytearray in SlaveBase::send.  If I check the BA before the send() , there is no crash:

```
if (arr.isNull() || arr.isEmpty() || !arr.isValidUtf8()) {
            qCWarning(KIO_CORE) << "BA Package is invalid or empty";
            return;
        }
```
Seems like Qt is failing with a pixel buffer segfault, will keep trying for a bt

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION
Comment 1 Mike 2024-02-10 13:44:12 UTC 
QT 6.6.1, Plasma and Frameworks from master.  

(gdb) bt full
#0  fetchIndexedToARGB32PM<(QPixelLayout::BPP)3>(uint*, uchar const*, int, int, QList<unsigned int> const*, QDitherInfo*)
    (buffer=buffer@entry=0x7fffb69f2810, src=0x17e7628 '\325' <repeats 18 times>, "խ\272\255\263\263\264\220Օ\255\311\325\325Օ\324ʴ\325\325\325\325\325\325\325\325\311\325\325ղ~\316\325\325\325\325\301\312", '\325' <repeats 139 times>, "պ\272"..., index=index@entry=0, count=count@entry=198, clut=clut@entry=0x0)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qpixellayout.cpp:758
        i = 0
#1  0x00007ffff46aaaa6 in fetchTransformedBilinear_simple_scale_helper<(TextureBlendType)4>(unsigned int*, unsigned int*, QTextureData const&, int&, int&, int, int) [clone .constprop.0] [clone .isra.0]
    (b=b@entry=0x7fffb69fda00, end=end@entry=0x7fffb69fdc50, image=..., fx=@0x7fffb69f6938: 11069, fdx=87676, fy=<optimized out>) at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qdrawhelper.cpp:2075
        leading = 0
        clut = 0x0
        fetch = 0x7ffff4356400 <fetchIndexedToARGB32PM<(QPixelLayout::BPP)3>(uint*, uchar const*, int, int, QList<unsigned int> const*, QDitherInfo*)>
        y1 = <optimized out>
        y2 = <optimized out>
        s1 = <optimized out>
        s2 = 0x17e76f0 '\325' <repeats 18 times>, "tH\251f\213)d\226\325GL\030\225S\325GaDd[\215\222|[tT[dut\324i\201-t\225u\257Hk", '\325' <repeats 139 times>, "պ\272"...
        disty = 127
        idisty = 129
        length = 148
        adjust = <optimized out>
        offset = 0
        x = 0
        intermediate = {buffer_rb = {0 <repeats 2050 times>}, buffer_ag = {0 <repeats 2050 times>}}
        buf1 = 0x7fffb69f2810
        buf2 = 0x7fffb69f4818
--Type <RET> for more, q to quit, c to continue without paging--c
        ptr1 = <optimized out>
        ptr2 = <optimized out>
        count = 200
#2  0x00007ffff464780a in fetchTransformedBilinear<(TextureBlendType)4, (QPixelLayout::BPP)0>(uint*, Operator const*, QSpanData const*, int, int, int)
    (buffer=0x7fffb69fda00, data=0x1473bd8, y=<optimized out>, x=<optimized out>, length=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qdrawhelper.cpp:2340
        mid = <optimized out>
        fdx = <optimized out>
        fdy = 0
        fx = 11069
        fy = 5603327
        clut = 0x0
        cx = 0.5
        cy = 64.5
#3  0x00007ffff465edb7 in BlendSrcGeneric::fetch(int, int, int, bool)
    (fetchDest=false, len=<optimized out>, y=<optimized out>, x=0, this=0x7fffb69fb9e0)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qdrawhelper.cpp:4041
        l = 148
        process_x = 0
        src = <optimized out>
        offset = <optimized out>
        y = 64
        length = 0
        x = 0
        right = <optimized out>
        fetchDest = <optimized out>
        c = 64
        handler = {<QBlendBase> = {data = 0x1473bd8, op = @0x7fffffff92b0}, dest = 0x17aa230, buffer = {0 <repeats 2048 times>}, src_buffer = {0 <repeats 1666 times>, 4077234520, 32767, 0, 0, 3063937392, 32767, 4078636459, 32767, 4078636459, 32767, 3063937584, 32767, 4077267858, 32767, 0, 0, 0, 0, 0, 0, 10, 0, 0, 32, 0, 0, 4, 0, 1, 0, 3063937316, 32767, 3063937320, 32767, 0, 0, 0, 0, 117, 0, 4078636434, 32767, 4078636457, 32767, 0, 0, 4294967295, 4294967295, 0, 0, 4078636459, 32767, 0 <repeats 16 times>, 24, 48, 3063937808, 32767, 3063937616, 32767, 0 <repeats 230 times>, 4077449226, 32767, 0, 0, 0, 0, 9257696, 0, 3063937520, 32767, 0, 0, 9257656, 0, 0, 0, 4077461307, 32767, 4294966904, 4294967295, 0, 0, 1181, 0, 0, 0, 2362, 0, 3063937520, 32767, 1, 0, 3063937360, 32767, 4077460126, 32767, 3063937392, 32767, 2080379520, 32767, 0, 0, 2362, 0, 9257656, 0, 9257616, 0, 0, 32767, 3063937472, 32767, 3606571008, 4119197567, 4078893760, 32767, 11002776, 0, 2259408462, 163, 4077484435, 32767, 651596979, 288230376, 9257616, 0, 9257616, 0, 4088278430, 32767, 3063937520, 32767, 3063937536, 32767, 702, 0, 339077710, 0}}
        coverage = 0
        const_alpha = 256
        solidSource = true
        spans = 0x7fffffff9560
        data = 0x1473bd8
        op = @0x7fffffff92b0: {mode = QPainter::CompositionMode_Source, destFetch = 0x7ffff462b6e0 <destFetchARGB32P(uint*, QRasterBuffer*, int, int, int)>, destStore = 0x0, srcFetch = 0x7ffff4646da0 <fetchTransformedBilinear<(TextureBlendType)4, (QPixelLayout::BPP)0>(uint*, Operator const*, QSpanData const*, int, int, int)>, funcSolid = 0x7ffff453e3d0 <comp_func_solid_Source_sse2(unsigned int*, int, unsigned int, unsigned int)>, func = 0x7ffff4550ad0 <comp_func_Source_avx2(unsigned int*, unsigned int const*, int, unsigned int)>, destFetch64 = 0x7ffff462bb20 <destFetch64(QRgba64*, QRasterBuffer*, int, int, int)>, destStore64 = 0x7ffff4634990 <destStore64(QRasterBuffer*, int, int, QRgba64 const*, int)>, srcFetch64 = 0x7ffff465d170 <fetchTransformedBilinear64<(TextureBlendType)4>(QRgba64*, Operator const*, QSpanData const*, int, int, int)>, funcSolid64 = 0x7ffff4285640 <comp_func_solid_Source_rgb64(QRgba64*, int, QRgba64, unsigned int)>, func64 = 0x7ffff4551690 <comp_func_Source_rgb64_avx2(QRgba64*, QRgba64 const*, int, unsigned int)>, destFetchFP = 0x7ffff462bb90 <destFetchFP(QRgbaFloat32*, QRasterBuffer*, int, int, int)>, destStoreFP = 0x7ffff4634af0 <destStoreFP(QRasterBuffer*, int, int, QRgbaFloat32 const*, int)>, srcFetchFP = 0x7ffff465aa90 <fetchTransformedBilinearFP<(TextureBlendType)4>(QRgbaFloat32*, Operator const*, QSpanData const*, int, int, int)>, funcSolidFP = 0x7ffff4552530 <comp_func_solid_Source_rgbafp_avx2(QRgbaFloat<float>*, int, QRgbaFloat<float>, unsigned int)>, funcFP = 0x7ffff45514c0 <comp_func_Source_rgbafp_avx2(QRgbaFloat<float>*, QRgbaFloat<float> const*, int, unsigned int)>, {linear = {dx = 3.395193267323072e-313, dy = 6.9531436082575382e-310, l = 3.395193267323072e-313, off = 6.9531436082575876e-310}, radial = {dx = 3.395193267323072e-313, dy = 6.9531436082575382e-310, dr = 3.395193267323072e-313, sqrfr = 6.9531436082575876e-310, a = 3.395193267323072e-313, inv2a = 1.059553026192787e-316, extended = false}}}
        const_alpha = <optimized out>
        solidSource = <optimized out>
        function = {__op = @0x7fffb69ff9f0, __data = 0x7fffb69ffa00, __spans = 0x2be, __solidSource = 78, __const_alpha = 0}
        segments = <optimized out>
        threadPool = <optimized out>
#4  handleSpans<BlendSrcGeneric>(int, QT_FT_Span_ const*, QSpanData const*, Operator const&)::{lambda(int, int)#1}::operator()(int, int) const (__closure=0x7fffffff9230, cStart=<optimized out>, cEnd=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qdrawhelper.cpp:3993
        l = 148
        process_x = 0
        src = <optimized out>
        offset = <optimized out>
        y = 64
        length = 0
        x = 0
        right = <optimized out>
        fetchDest = <optimized out>
        c = 64
        handler = {<QBlendBase> = {data = 0x1473bd8, op = @0x7fffffff92b0}, dest = 0x17aa230, buffer = {0 <repeats 2048 times>}, src_buffer = {0 <repeats 1666 times>, 4077234520, 32767, 0, 0, 3063937392, 32767, 4078636459, 32767, 4078636459, 32767, 3063937584, 32767, 4077267858, 32767, 0, 0, 0, 0, 0, 0, 10, 0, 0, 32, 0, 0, 4, 0, 1, 0, 3063937316, 32767, 3063937320, 32767, 0, 0, 0, 0, 117, 0, 4078636434, 32767, 4078636457, 32767, 0, 0, 4294967295, 4294967295, 0, 0, 4078636459, 32767, 0 <repeats 16 times>, 24, 48, 3063937808, 32767, 3063937616, 32767, 0 <repeats 230 times>, 4077449226, 32767, 0, 0, 0, 0, 9257696, 0, 3063937520, 32767, 0, 0, 9257656, 0, 0, 0, 4077461307, 32767, 4294966904, 4294967295, 0, 0, 1181, 0, 0, 0, 2362, 0, 3063937520, 32767, 1, 0, 3063937360, 32767, 4077460126, 32767, 3063937392, 32767, 2080379520, 32767, 0, 0, 2362, 0, 9257656, 0, 9257616, 0, 0, 32767, 3063937472, 32767, 3606571008, 4119197567, 4078893760, 32767, 11002776, 0, 2259408462, 163, 4077484435, 32767, 651596979, 288230376, 9257616, 0, 9257616, 0, 4088278430, 32767, 3063937520, 32767, 3063937536, 32767, 702, 0, 339077710, 0}}
        coverage = 0
        const_alpha = 256
        solidSource = true
        spans = 0x7fffffff9560
        data = 0x1473bd8
        op = @0x7fffffff92b0: {mode = QPainter::CompositionMode_Source, destFetch = 0x7ffff462b6e0 <destFetchARGB32P(uint*, QRasterBuffer*, int, int, int)>, destStore = 0x0, srcFetch = 0x7ffff4646da0 <fetchTransformedBilinear<(TextureBlendType)4, (QPixelLayout::BPP)0>(uint*, Operator const*, QSpanData const*, int, int, int)>, funcSolid = 0x7ffff453e3d0 <comp_func_solid_Source_sse2(unsigned int*, int, unsigned int, unsigned int)>, func = 0x7ffff4550ad0 <comp_func_Source_avx2(unsigned int*, unsigned int const*, int, unsigned int)>, destFetch64 = 0x7ffff462bb20 <destFetch64(QRgba64*, QRasterBuffer*, int, int, int)>, destStore64 = 0x7ffff4634990 <destStore64(QRasterBuffer*, int, int, QRgba64 const*, int)>, srcFetch64 = 0x7ffff465d170 <fetchTransformedBilinear64<(TextureBlendType)4>(QRgba64*, Operator const*, QSpanData const*, int, int, int)>, funcSolid64 = 0x7ffff4285640 <comp_func_solid_Source_rgb64(QRgba64*, int, QRgba64, unsigned int)>, func64 = 0x7ffff4551690 <comp_func_Source_rgb64_avx2(QRgba64*, QRgba64 const*, int, unsigned int)>, destFetchFP = 0x7ffff462bb90 <destFetchFP(QRgbaFloat32*, QRasterBuffer*, int, int, int)>, destStoreFP = 0x7ffff4634af0 <destStoreFP(QRasterBuffer*, int, int, QRgbaFloat32 const*, int)>, srcFetchFP = 0x7ffff465aa90 <fetchTransformedBilinearFP<(TextureBlendType)4>(QRgbaFloat32*, Operator const*, QSpanData const*, int, int, int)>, funcSolidFP = 0x7ffff4552530 <comp_func_solid_Source_rgbafp_avx2(QRgbaFloat<float>*, int, QRgbaFloat<float>, unsigned int)>, funcFP = 0x7ffff45514c0 <comp_func_Source_rgbafp_avx2(QRgbaFloat<float>*, QRgbaFloat<float> const*, int, unsigned int)>, {linear = {dx = 3.395193267323072e-313, dy = 6.9531436082575382e-310, l = 3.395193267323072e-313, off = 6.9531436082575876e-310}, radial = {dx = 3.395193267323072e-313, dy = 6.9531436082575382e-310, dr = 3.395193267323072e-313, sqrfr = 6.9531436082575876e-310, a = 3.395193267323072e-313, inv2a = 1.059553026192787e-316, extended = false}}}
        const_alpha = <optimized out>
        solidSource = <optimized out>
        function = {__op = @0x7fffb69ff9f0, __data = 0x7fffb69ffa00, __spans = 0x2be, __solidSource = 78, __const_alpha = 0}
        segments = <optimized out>
        threadPool = <optimized out>
#5  0x00007ffff46645f1 in handleSpans<BlendSrcGeneric>(int, QT_FT_Span_ const*, QSpanData const*, Operator const&)::{lambda()#1}::operator()() const (__closure=0x16e3048)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/gui/painting/qdrawhelper.cpp:4015
        semaphore = @0x7fffffff9250: {{d = 0x8000000100000000, u = {_q_value = std::atomic<unsigned long long> = { 9223372041149743104 }}, u32 = {{_q_value = std::atomic<unsigned int> = { 0 }}, {_q_value = std::atomic<unsigned int> = { 2147483649 }}}, u64 = {_q_value = std::atomic<unsigned long long> = { 9223372041149743104 }}}}
        function = @0x7fffffff9230: {__op = @0x7fffffff92b0, __data = 0x1473bd8, __spans = 0x7fffffff9560, __solidSource = true, __const_alpha = 256}
        cn = 64
        c = 64
        _this = 0x16e3040
#6  QRunnable::QGenericRunnable::Helper<handleSpans<BlendSrcGeneric>(int, QT_FT_Span_ const*, QSpanData const*, Operator const&)::{lambda()#1}>::impl(QRunnable::QGenericRunnable::HelperBase::Op, QRunnable::QGenericRunnable::HelperBase*, void*) (op=<optimized out>, that=0x16e3040, arg=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/build/include/QtCore/../../../src/corelib/thread/qrunnable.h:73
        _this = 0x16e3040
#7  0x00007ffff3ae5841 in QRunnable::QGenericRunnable::HelperBase::run() (this=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qrunnable.h:61
        del = true
        page = <optimized out>
        r = 0x14f6940
        locker = {m_mutex = 0xa7e398, m_isLocked = false}
#8  QRunnable::QGenericRunnable::run() (this=0x14f6940)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qrunnable.cpp:32
        del = true
        page = <optimized out>
        r = 0x14f6940
        locker = {m_mutex = 0xa7e398, m_isLocked = false}
#9  QThreadPoolThread::run() (this=0xab2dd0)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthreadpool.cpp:66
        del = true
        page = <optimized out>
        r = 0x14f6940
        locker = {m_mutex = 0xa7e398, m_isLocked = false}
#10 0x00007ffff3ae4d49 in operator() (__closure=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthread_unix.cpp:324
        thr = 0xab2dd0
        data = <optimized out>
        __clframe = {__cancel_routine = <optimized out>, __cancel_arg = 0xab2dd0, __do_it = 1, __cancel_type = <optimized out>}
#11 (anonymous namespace)::terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> >
    (t=<optimized out>)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthread_unix.cpp:260
        __clframe = {__cancel_routine = <optimized out>, __cancel_arg = 0xab2dd0, __do_it = 1, __cancel_type = <optimized out>}
#12 QThreadPrivate::start(void*) (arg=0xab2dd0)
    at /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthread_unix.cpp:283
        __clframe = {__cancel_routine = <optimized out>, __cancel_arg = 0xab2dd0, __do_it = 1, __cancel_type = <optimized out>}
#13 0x00007ffff3092bb2 in start_thread () at /lib64/libc.so.6
#14 0x00007ffff311400c in clone3 () at /lib64/libc.so.6
Comment 2 Mike 2024-02-17 12:25:39 UTC 
I narrowed this down to the folder preview plugin in dolphin.  However, after updating to Qt 6.6.2, the crashers go away.