Bug 193574 - konversation 1.2-alpha1 crashes when receiving notice from -sBNC/shroudbnc
Summary: konversation 1.2-alpha1 crashes when receiving notice from -sBNC/shroudbnc
Status: RESOLVED FIXED
Alias: None
Product: konversation
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: Konversation Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-21 23:56 UTC by Dominic Laumer
Modified: 2009-05-23 05:56 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Dominic Laumer 2009-05-21 23:56:33 UTC 
Application that crashed: konversation
Version of the application: 1.2-alpha1
KDE Version: 4.2.85 (KDE 4.2.85 (KDE 4.3 Beta1))
Qt Version: 4.5.1
Operating System: Linux 2.6.30-5-generic i686
Distribution: Ubuntu karmic (development branch)

What I was doing when the application crashed:
when i connect to a shroudbnc, and i got a new message while i was offline, i get a query from the shroudbnc (nickname -sBNC), that i have to type "read" in the query for reading the new message. now, -sBNC sends me a notice with the message. in konversation-1.1, i can read it, but konversation 1.2-alpha1 crashes instantly without displaying a bit of the message.

 -- Backtrace:
Application: Konversation (konversation), signal: Segmentation fault
[Current thread is 0 (LWP 7738)]

Thread 38 (Thread 0xb67f4b90 (LWP 7790)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x495bb7c7 in QWaitCondition::wait () from /usr/lib/libQtCore.so.4
#3  0x498bfe1a in ?? () from /usr/lib/libQtNetwork.so.4
#4  0x495ba75e in ?? () from /usr/lib/libQtCore.so.4
#5  0x48d234ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0x48c6e5ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 37 (Thread 0x308ab90 (LWP 8024)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 36 (Thread 0x5320b90 (LWP 8025)):
#0  0x48d24a2c in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0
#1  0x48c7d606 in pthread_mutex_lock () from /lib/tls/i686/cmov/libc.so.6
#2  0x48d96e0f in g_main_context_prepare () from /usr/lib/libglib-2.0.so.0
#3  0x48d971a1 in ?? () from /usr/lib/libglib-2.0.so.0
#4  0x48d976ea in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#5  0x496d8637 in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4
#6  0x496ab709 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#7  0x496abb52 in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#8  0x495b7473 in QThread::exec () from /usr/lib/libQtCore.so.4
#9  0x006091aa in ?? () from /usr/lib/kde4/plugins/phonon_backend/phonon_xine.so
#10 0x495ba75e in ?? () from /usr/lib/libQtCore.so.4
#11 0x48d234ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0x48c6e5ee in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 35 (Thread 0x1f59b90 (LWP 8033)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
#4  0x00000001 in ?? ()

Thread 34 (Thread 0x275ab90 (LWP 8034)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c66901 in select () from /lib/tls/i686/cmov/libc.so.6
#2  0x004277d6 in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x00000000 in ?? ()

Thread 33 (Thread 0x3f26b90 (LWP 8035)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
#4  0x00000000 in ?? ()

Thread 32 (Thread 0x7340b90 (LWP 8036)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
#4  0x00000000 in ?? ()

Thread 31 (Thread 0x4727b90 (LWP 8037)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00411bd2 in ?? () from /usr/lib/libxine.so.1
#4  0x00000000 in ?? ()

Thread 30 (Thread 0x5b21b90 (LWP 8057)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c63c37 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0x00b27b19 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
#3  0x09ca6f44 in ?? ()
#4  0x09c916f8 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 29 (Thread 0x6322b90 (LWP 8058)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
#4  0x0000000f in ?? ()

Thread 28 (Thread 0x6b23b90 (LWP 9836)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 27 (Thread 0x8a6ab90 (LWP 9837)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
#4  0x00000001 in ?? ()

Thread 26 (Thread 0xa9299b90 (LWP 9854)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c66901 in select () from /lib/tls/i686/cmov/libc.so.6
#2  0x004277d6 in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x00000000 in ?? ()

Thread 25 (Thread 0xa86afb90 (LWP 9855)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 24 (Thread 0xa7eaeb90 (LWP 9856)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 23 (Thread 0xa76adb90 (LWP 9857)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00411bd2 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 22 (Thread 0xaa6a6b90 (LWP 9858)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c63c37 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0x00b27b19 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 21 (Thread 0xa9ea5b90 (LWP 9859)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 20 (Thread 0xadea6b90 (LWP 9898)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 19 (Thread 0xad6a5b90 (LWP 9909)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 18 (Thread 0xae6a7b90 (LWP 27505)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 17 (Thread 0xacea4b90 (LWP 27511)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c63c37 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0x00b27b19 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 16 (Thread 0xac6a3b90 (LWP 27512)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 15 (Thread 0xabc7eb90 (LWP 8806)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 14 (Thread 0xab47db90 (LWP 8807)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 13 (Thread 0xa26aab90 (LWP 8809)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c66901 in select () from /lib/tls/i686/cmov/libc.so.6
#2  0x004277d6 in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x00000000 in ?? ()

Thread 12 (Thread 0xa1ac0b90 (LWP 8810)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 11 (Thread 0xa10f2b90 (LWP 8811)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00401246 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 10 (Thread 0xa08f1b90 (LWP 8814)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x00411bd2 in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 9 (Thread 0xa2eabb90 (LWP 8821)):
#0  0x48c7d822 in ?? () from /lib/tls/i686/cmov/libc.so.6
#1  0x48c5df84 in read () from /lib/tls/i686/cmov/libc.so.6
#2  0x006caa42 in ?? () from /usr/lib/libasound.so.2
#3  0x006c77ed in snd_ctl_read () from /usr/lib/libasound.so.2
#4  0x006c3bbf in snd_hctl_handle_events () from /usr/lib/libasound.so.2
#5  0x006cfa61 in snd_mixer_handle_events () from /usr/lib/libasound.so.2
#6  0x00b27b69 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 8 (Thread 0xa00f0b90 (LWP 8822)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 7 (Thread 0x9f8efb90 (LWP 13284)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 6 (Thread 0x9f0eeb90 (LWP 13290)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c63c37 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0x00b27b19 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 5 (Thread 0x9e8edb90 (LWP 13291)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 4 (Thread 0x9e0ecb90 (LWP 14365)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d27412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d494 in pthread_cond_timedwait () from /lib/tls/i686/cmov/libc.so.6
#3  0x003fdae3 in ?? () from /usr/lib/libxine.so.1

Thread 3 (Thread 0x9d8ebb90 (LWP 14377)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48c63c37 in poll () from /lib/tls/i686/cmov/libc.so.6
#2  0x00b27b19 in ?? () from /usr/lib/xine/plugins/1.26/xineplug_ao_out_alsa.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 2 (Thread 0x9d0eab90 (LWP 14378)):
#0  0x00696422 in __kernel_vsyscall ()
#1  0x48d270e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x48c7d43d in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x0040ed8e in ?? () from /usr/lib/libxine.so.1
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Thread 1 (Thread 0xb8082710 (LWP 7738)):
[KCrash Handler]
#6  0x49608949 in QString::toLower () from /usr/lib/libQtCore.so.4
#7  0x080dcd9c in _start ()
Comment 1 Eike Hein 2009-05-23 05:42:25 UTC 
SVN commit 971668 by hein:

QAbstractSocket::readLine() reads until the first LF it encounters.
shroudBNC, when relaying a private message it received with no user
connected, ends them with LFCRLF, which means we end up with second
line consisting of nothing but CRLF. The KDE 4 code wasn't prepared
to deal with that and crashed due to lack of bounds checking.

I fixed up the line ending truncation code, and then made sure that
lines truncated down to zero (i.e. after CR and LF got removed) do
not get processed further, as that leads to crashes again due to
usage of QList::operator[] with indices out of range further down
the line.
BUG:193574


 M  +4 -2      server.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=971668
Comment 2 Eike Hein 2009-05-23 05:52:22 UTC 
Note: I've notified the shroundBNC developers of this case (via the support email address given on their website).
Comment 3 Eike Hein 2009-05-23 05:56:22 UTC 
Should probably explain why I notified them ;-). According to RFC1459 and RFC2812, IRC messages are always terminated with CR-LF, i.e. shroundBNC is not following the protocol here. Konvi should be prepared to handle "garbage" and not crash, of course, but nontheless shroudBNC should fix their code, too.