Bug 76478

Summary: crashes when parsing php include file
Product: [Unmaintained] quanta Reporter: Steve Bergman <steve>
Component: generalAssignee: András Manţia <amantia>
Status: RESOLVED FIXED    
Severity: crash CC: Kolberg_dev, softexpert
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Backtrace from crash of quanta_be 030104 cvs
Include file for reproducing problem
Backtrace quanta-03-01-04cvs and vanilla qt-3.3.1
stderr of qstring_test

Description Steve Bergman 2004-03-01 04:02:40 UTC 
Version:           3.3 Bleeding Edge (2004-02-25) (using KDE 3.2.0-1.4 Red Hat, Red Hat Linux (FC2)
Compiler:          gcc version 3.3.2 20040119 (Red Hat Linux 3.3.2-8)
OS:          Linux (i686) release 2.6.3-1.116

Quanta crashes as soon as I type:

<?php include('dbClasses.inc'); ?>

into the editor.  Another include that I have included does not have problems.

This behavior is the same for current Fedora Rawhide Quanta and the Quanta 2004-02-25 CVS snapshot.

Loaded plugins are just whatever is default for the snapshot.

Backtrace:

no debugging symbols found)...Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 13623)]
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...0x0051c428 in waitpid () from /lib/libpthread.so.0
#0  0x0051c428 in waitpid () from /lib/libpthread.so.0
#1  0x008f586c in ?? () from /usr/lib/libkdecore.so.4
#2  0x0083b831 in KCrash::defaultCrashHandler(int) ()
   from /usr/lib/libkdecore.so.4
#3  0x0051b1f5 in __pthread_sighandler () from /lib/libpthread.so.0
#4  <signal handler called>
#5  0x00309477 in memcpy () from /lib/libc.so.6
#6  0x03d3dfef in QString::replace(unsigned, unsigned, QChar const*, unsigned)
    () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#7  0x0811a0c7 in Parser::parseIncludedFile(QString const&, DTDStruct const*)
    ()
#8  0x08119b29 in Parser::parseIncludedFiles() ()
#9  0x0811977f in Parser::cleanGroups() ()
#10 0x0811b461 in Parser::qt_invoke(int, QUObject*) ()
#11 0x03a7209c in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#12 0x03a71ed4 in QObject::activate_signal(int) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#13 0x0812011a in SAParser::cleanGroups() ()
#14 0x0811ff2e in SAParser::slotParseForScriptGroup() ()
#15 0x081201b5 in SAParser::qt_invoke(int, QUObject*) ()
#16 0x03a7209c in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#17 0x03da2ada in QSignal::signal(QVariant const&) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#18 0x03a8bd76 in QSignal::activate() ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#19 0x03a93493 in QSingleShotTimer::event(QEvent*) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#20 0x03a16d7f in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#21 0x03a1638b in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#22 0x007a8ffd in KApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/libkdecore.so.4
#23 0x03a06875 in QEventLoop::activateTimers() ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#24 0x039c2866 in QEventLoop::processEvents(unsigned) ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#25 0x03a28e18 in QEventLoop::enterLoop() ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#26 0x03a28cc8 in QEventLoop::exec() () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#27 0x03a16fd1 in QApplication::exec() ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#28 0x0809c1e7 in main ()

dbClasses.inc:

<?php

class dbAccess {

  var $HOST = 'localhost';
  var $DB = 'timex';
  var $USERNAME = 'steve';
  var $PASSWORD = 'xxxxxxx';

  function dbAccess() {

    //Connect to server.
    //Select database.

    //echo "Connecting to $this->HOST";
	$db = mysql_pconnect($this->HOST,$this->USERNAME,$this->PASSWORD);
    //echo $db;
	if (!$db) {
	  echo 'Error: Could not connect to database.';
	  exit;
	}
    //echo "Selecting $this->DB";
	mysql_select_db($this->DB);

  }
}

class tableAccess extends dbAccess {

  //Generic access Functions for tables


  function add($fieldArr) {
    $queryString = "insert into $this->TABLE set ";
	foreach ($fieldArr as $fieldName => $fieldValue) {
	  $queryString .= $fieldName . "='" . $fieldValue . "',";
	}

	$queryString = substr($queryString,0,strlen($queryString)-1);
	//echo $queryString;
	$result = mysql_query($queryString);
  }

  function delete($keyArr) {
    foreach ($keyArr as $delKey) {
	  $queryString = "delete from $this->TABLE where $this->KEY = '$delKey'";
	  //echo $queryString;
      mysql_query($queryString);
	}
  }

  function select() {
    $queryString = "select * from $this->TABLE order by $this->KEY";
    //echo $queryString . "\n";
    $result = mysql_query($queryString);
    //echo "result is $result";
    echo "<form action=itemDelete.php method=POST enctype=multipart/form-data>\n";
    echo "<input type='hidden' name='table' value='$this->TABLE'>";
    echo "<input type='hidden' name='keyFieldName' value='$this->KEY'>";
    echo '<table border="1">' . "\n";
    while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
      echo '<tr><td>';
	  echo '<input type="radio" name="key" value="' . $line["$this->KEY"] . '"></td>';
      foreach ($line as $col_value) {
        echo "<td>$col_value</td>";
      }
      echo "</tr>\n";
    }
    echo "</table>\n";
	echo '<BR>' . "\n";
    echo '<input type="submit" value="Delete" name="delete">';
    echo "</form>\n";
  }

  function report($queryString) {
    //$queryString = "select * from $this->TABLE order by $this->KEY";
    //echo $queryString . "\n";
    $result = mysql_query($queryString);
    //echo "result is $result";
    echo '<table border="1">' . "\n";
	echo "<tr>\n";
    foreach ($this->REPORT_FIELDS_ARR as $col_name) {
      echo "<td>$col_name</td>";
    }
	echo "</tr>\n";
	$hourTotal = 0;
    while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
	  echo '<tr>';
      foreach ($line as $col_value) {
        echo "<td>$col_value</td>";
      }
      echo "</tr>\n";
      $hourTotal += $line['time'];
	}
	echo "</table>\n";
	echo "<BR>";
	echo "Total Hours: $hourTotal";
  }



}

class clientAccess extends tableAccess {

  var $TABLE = 'clients';
  var $KEY   = 'clientId';
}

class projectAccess extends tableAccess {

  var $TABLE = 'projects';
  var $KEY   = 'projectId';
}

class employeeAccess extends tableAccess {

  var $TABLE = 'employees';
  var $KEY   = 'employeeId';
}

class timesheetAccess extends tableAccess {

  var $TABLE = 'timesheets';
  var $KEY   = 'timesheetId';
  var $REPORT_FIELDS_ARR = array('Date', 'Client', 'Project', 'Employee', 'Time', 'Description');

}

class htmlWidget extends tableAccess {

  function dropDownMenu($widgetName, $tableName, $keyField, $displayFieldName, $critField, $critValue) {
    $queryString = "select $keyField, $displayFieldName from $tableName ";
	//echo $queryString;
    if ($critField != '') {
      $queryString .= "where $critField = '$critValue'";
    }
    $queryString .= "order by $keyField";
    //echo $queryString . "\n";
    $result = mysql_query($queryString);
    echo "<select name='$widgetName'>\n";
    echo "<option value='' selected>Make A Selection</option>\n";
    while ($row = mysql_fetch_row($result)) {
      echo "<option value='$row[0]'>$row[1]</option>\n";
    }
      echo "</select>\n";
  }
}

?>
Comment 1 András Manţia 2004-03-01 11:08:47 UTC 
Hi,

 I can't reproduce here. It simply does not crash. I'll update the version 
number to 2004-03-01, so next time when you get an update try to be sure that 
it's at least this version and report if it still crashes or not.

Andras
Comment 2 Steve Bergman 2004-03-01 19:08:24 UTC 
Created attachment 4963 [details]
Backtrace from crash of quanta_be 030104 cvs
Comment 3 Steve Bergman 2004-03-01 19:10:31 UTC 
It still crashes in the same place with current CVS.  I just sent a backtrace.
Comment 4 Steve Bergman 2004-03-01 22:25:58 UTC 
I've done some more testing and the problem seems to have to do with the length of the include file.  It does not seem to care about how many lines, but it does seem to char about total file size.

I've paired it down and if the include file is 2002 bytes in size it's fine.  If it is > 2002 bytes in size it crashes.  I checked to make sure it was not the total size of the include file + the original file with the include statement.  It's not.  I can increase the size of the file with the include statement and it does not crash.

Which bug number should I be using?  117154 or 76478?
Comment 5 Steve Bergman 2004-03-01 22:42:24 UTC 
I've done yet more testing.  I radically changed the file by deleting out most of the code and replacing it with a series of 'echo "hello";' statements.  It is acting very similarly to the way it did before, except that now the magic number is 1513 bytes.  It crashes with 1514 but is OK as long as the include file is < 1514.
Comment 6 Steve Bergman 2004-03-02 08:14:50 UTC 
I thought I had already added this, but apparently I never committed it.

Anyway, here is a more detailed description of what I am doing:

1. Bring up quanta
2. Create new project
3. Cut and paste the attached dbClasses.inc code into the editor
4. Save it as dbClasses.inc
5. Click "New" for a new file.
6. Type:

<?php
include('dbClasses.inc');
?>

7. Save this as test.php. (Should crash here.  In case not, continue on.)
8. Close quanta.
9. Open quanta.
10. Open the project.
11. Double click on test.php
12. Should have crashed by now.
Comment 7 Steve Bergman 2004-03-02 08:16:37 UTC 
Created attachment 4972 [details]
Include file for reproducing problem
Comment 8 András Manţia 2004-03-02 13:38:12 UTC 
It would be nice if you could get a backtrace after you 
reconfigure /recompiled quanta with the --enable-debug=full switch.
Comment 9 András Manţia 2004-03-02 13:47:54 UTC 
And as I still can't reproduce, I'd suggest you to compile your Qt from 
source. It seems that the crash is in QString::replace (a Qt method), so it 
might be that the Fedora package is broken (eg. too heavy optimization flags 
were used).
Comment 10 Steve Bergman 2004-03-02 18:37:58 UTC 
I have built vanilla qt-3.3.1 from scratch. (I had to symlink libqt.so.3 to libqt-mt.so.3 before quanta would actually come up.) The problem persists.  Perhaps I need to rebuild quanta against the vanilla qt?  I'll try that and report back.
Comment 11 András Manţia 2004-03-02 18:42:19 UTC 
Ok, but don't forget to pass the --enable-debug=full to configure.

Andras
Comment 12 Steve Bergman 2004-03-02 23:43:46 UTC 
OK.  This is quanta CVS from 03-01-04 compiled with --enable-debug=full against vanilla qt 3.3.1 compiled with -threads and -debug.

Same behavior.  I will attach the backtrace.
Comment 13 Steve Bergman 2004-03-02 23:46:52 UTC 
Created attachment 4981 [details]
Backtrace quanta-03-01-04cvs and vanilla qt-3.3.1
Comment 14 Kal Kolberg 2004-03-05 19:54:09 UTC 
Off-topic question:  How do I add this to my bugs so that I get an email on changes?
Comment 15 Marcin Garski 2004-03-05 20:47:27 UTC 
I'm using Fedora Core 1, KDE 3.2, qt-3.2.3 from Red Hat RPM. Quanta version is 3.2.0. I've checked this bug and my Quanta also crash. Steve could you look at bug 73713, and try to test your Quanta?
Comment 16 András Manţia 2004-03-05 21:06:55 UTC 
You have  CC field in the bugreport's page. Add your email address there.
Comment 17 András Manţia 2004-03-05 21:09:10 UTC 
Now,if someone has the time I'd like to see a self compiled qt and kdelibs on 
Fedora, without using heavy optimization compiler flags. I'm really curious 
why does it crash for you, but not for me and some others.
Comment 18 Kal Kolberg 2004-03-05 21:19:31 UTC 
Note, recompiling with 3.2 be does correct the crashing problem for me, so it appears that my problem is fixed...  I'll try to contact the manager for quanta for the Mandrake cooker and get the fix included.

Thanks for the help.
Comment 19 Kal Kolberg 2004-03-05 21:50:14 UTC 
Bug added to the Mandrake cooker bugzilla.  

Link https://qa.mandrakesoft.com/show_bug.cgi?id=8643

Looks like it had been reported once over there but they diagnosed the problem as and incorrect kcontrol->file association, ie .php as application..  However my files use html embeded php and thus the extention is .html which correctly associates with text.
Comment 20 Steve Bergman 2004-03-05 22:27:03 UTC 
I have tested with the index.php and faccount.php from 73713 and it does not crash here.  Though I still have my original problem.
Comment 21 Matt Rogers 2004-03-07 16:18:58 UTC 
*** Bug 76735 has been marked as a duplicate of this bug. ***
Comment 22 Steve Bergman 2004-03-09 22:25:58 UTC 
Created attachment 5109 [details]
stderr of qstring_test

Here are the results of the qstring_test.cpp test program compiled and run
against vanilla qt 3.3.1.
Comment 23 András Manţia 2004-03-10 11:47:18 UTC 
CVS commit by amantia: 

Don't crash when parsing an included file.[#76478]

CCMAIL: 76478-done@bugs.kde.org


  M +2 -1      ChangeLog   1.241
  M +5 -4      parsers/parser.cpp   1.194


--- kdewebdev/quanta/ChangeLog  #1.240:1.241
@@ -44,5 +44,6 @@
         - background parsing: allow user input while parsing [#63000 and its duplicates]
         - load DTEPs only on demand: improves startup performance, uses less memory
-        - use the correct quotation and case when inserting a link to a file from the treeviews [#76663]        
+        - use the correct quotation and case when inserting a link to a file from the treeviews [#76663]    
+            
     - behavioral changes:
       - remove  the < and > from the entered misc. tags.

--- kdewebdev/quanta/parsers/parser.cpp  #1.193:1.194
@@ -1321,7 +1321,7 @@ void Parser::parseIncludedFile(const QSt
               if (pos == -1)
                   pos = foundStr.length();
-/*              kdDebug(24000) << "length: " << foundStr.length() << endl;    
-              kdDebug(24000) << "index: " << structPos << " length: " << pos - structPos + 1 << endl; */
-              foundStr.replace(structPos, pos - structPos + 1, &space, pos - structPos + 1);
+              QString spaces;
+              spaces.fill(' ', pos - structPos + 1);
+              foundStr.replace(structPos, pos - structPos + 1, spaces);
               int openBracketPos = foundStr.findRev(dtd->structKeywordsRx, structPos);
               openBracketPos = foundStr.find('(', openBracketPos);
@@ -1338,5 +1338,6 @@ void Parser::parseIncludedFile(const QSt
                   closeBracketPos++;
                 }
-                foundStr.replace(openBracketPos, closeBracketPos - openBracketPos, &space, closeBracketPos - openBracketPos);
+                spaces.fill(' ', closeBracketPos - openBracketPos);
+                foundStr.replace(openBracketPos, closeBracketPos - openBracketPos, spaces);
               }