233670 – Invalid read of size 1 at Konsole::TerminalDisplay::updateImage()

Bug 233670 - Invalid read of size 1 at Konsole::TerminalDisplay::updateImage()

Summary: Invalid read of size 1 at Konsole::TerminalDisplay::updateImage()

Status:	RESOLVED REMIND

Alias:	None

Product:	konsole
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Arch Linux Unspecified

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konsole Developer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-08 01:04 UTC by Milian Wolff
Modified:	2011-09-26 06:52 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Milian Wolff 2010-04-08 01:04:41 UTC

Version:            (using KDE 4.4.2)
Installed from:    Archlinux Packages

just ran memcheck on kdevelop and the konsolepart turned up these messages (repeatedly):

==23007== Invalid read of size 1
==23007==    at 0x2892DC4A: Konsole::TerminalDisplay::updateImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2893084D: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2890A035: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x288DDD9D: Konsole::Emulation::showBulk() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x288DDFB2: Konsole::Emulation::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2894586F: Konsole::Vt102Emulation::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x808E232: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x875862B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.6.2)
==23007==    by 0x875EB0A: QApplication::notify(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.6.2)
==23007==  Address 0x34346be5 is 5 bytes inside a block of size 960 free'd
==23007==    at 0x4C233A6: operator delete[](void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23007==    by 0x2890A4FF: Konsole::ScreenWindow::getImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x289300EC: Konsole::TerminalDisplay::processFilters() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2890B4C9: Konsole::Session::updateTerminalSize() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x289105FF: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2892870E: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2892D6A2: Konsole::TerminalDisplay::updateImageSize() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2892E2ED: Konsole::TerminalDisplay::updateImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2893084D: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2890A035: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)

==23007== Invalid read of size 1
==23007==    at 0x4C25331: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23007==    by 0x2892DF72: Konsole::TerminalDisplay::updateImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2893084D: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2890A035: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x288DDD9D: Konsole::Emulation::showBulk() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x288DDFB2: Konsole::Emulation::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2894586F: Konsole::Vt102Emulation::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x808E232: QObject::event(QEvent*) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x875862B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/libQtGui.so.4.6.2)
==23007==  Address 0x34346f9e is 958 bytes inside a block of size 960 free'd
==23007==    at 0x4C233A6: operator delete[](void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23007==    by 0x2890A4FF: Konsole::ScreenWindow::getImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x289300EC: Konsole::TerminalDisplay::processFilters() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2890B4C9: Konsole::Session::updateTerminalSize() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x289105FF: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2892870E: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2892D6A2: Konsole::TerminalDisplay::updateImageSize() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2892E2ED: Konsole::TerminalDisplay::updateImage() (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x2893084D: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)
==23007==    by 0x809160E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/libQtCore.so.4.6.2)
==23007==    by 0x2890A035: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (in /usr/lib/libkonsoleprivate.so)

Comment 1 Milian Wolff 2010-04-08 14:29:33 UTC

here are updated log outputs with more debug symbols:

==29846== Thread 1:
==29846== Invalid read of size 2
==29846==    at 0x2B7FC97E: Konsole::operator!=(Konsole::Character const&, Konsole::Character const&) (Character.h:137)
==29846==    by 0x2B7F2438: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:993)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7CBC84: Konsole::ScreenWindow::outputChanged() (ScreenWindow.moc:93)
==29846==    by 0x2B7CBB07: Konsole::ScreenWindow::notifyOutputChanged() (ScreenWindow.cpp:291)
==29846==    by 0x2B7CBC4C: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (ScreenWindow.moc:82)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B795DA4: Konsole::Emulation::outputChanged() (Emulation.moc:194)
==29846==    by 0x2B7950FF: Konsole::Emulation::showBulk() (Emulation.cpp:313)
==29846==    by 0x2B795B0D: Konsole::Emulation::qt_metacall(QMetaObject::Call, int, void**) (Emulation.moc:134)
==29846==    by 0x2B8147A4: Konsole::Vt102Emulation::qt_metacall(QMetaObject::Call, int, void**) (Vt102Emulation.moc:78)
==29846==  Address 0x1ca9d970 is 0 bytes inside a block of size 960 free'd
==29846==    at 0x4C246F6: operator delete[](void*) (vg_replace_malloc.c:368)
==29846==    by 0x2B7CB066: Konsole::ScreenWindow::getImage() (ScreenWindow.cpp:64)
==29846==    by 0x2B7F1F13: Konsole::TerminalDisplay::processFilters() (TerminalDisplay.cpp:924)
==29846==    by 0x2B7CEAF2: Konsole::Session::updateTerminalSize() (Session.cpp:622)
==29846==    by 0x2B7CE9C9: Konsole::Session::onViewSizeChange(int, int) (Session.cpp:596)
==29846==    by 0x2B7D1E58: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (Session.moc:214)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7FB944: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (TerminalDisplay.moc:184)
==29846==    by 0x2B7F535B: Konsole::TerminalDisplay::updateImageSize() (TerminalDisplay.cpp:1601)
==29846==    by 0x2B7F2167: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:951)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)

==29846== Invalid read of size 1
==29846==    at 0x2B7A0290: Konsole::operator==(Konsole::CharacterColor const&, Konsole::CharacterColor const&) (CharacterColor.h:248)
==29846==    by 0x2B7EE25E: Konsole::operator!=(Konsole::CharacterColor const&, Konsole::CharacterColor const&) (CharacterColor.h:252)
==29846==    by 0x2B7FC9BB: Konsole::operator!=(Konsole::Character const&, Konsole::Character const&) (Character.h:137)
==29846==    by 0x2B7F2438: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:993)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7CBC84: Konsole::ScreenWindow::outputChanged() (ScreenWindow.moc:93)
==29846==    by 0x2B7CBB07: Konsole::ScreenWindow::notifyOutputChanged() (ScreenWindow.cpp:291)
==29846==    by 0x2B7CBC4C: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (ScreenWindow.moc:82)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B795DA4: Konsole::Emulation::outputChanged() (Emulation.moc:194)
==29846==    by 0x2B7950FF: Konsole::Emulation::showBulk() (Emulation.cpp:313)
==29846==  Address 0x1ca9d973 is 3 bytes inside a block of size 960 free'd
==29846==    at 0x4C246F6: operator delete[](void*) (vg_replace_malloc.c:368)
==29846==    by 0x2B7CB066: Konsole::ScreenWindow::getImage() (ScreenWindow.cpp:64)
==29846==    by 0x2B7F1F13: Konsole::TerminalDisplay::processFilters() (TerminalDisplay.cpp:924)
==29846==    by 0x2B7CEAF2: Konsole::Session::updateTerminalSize() (Session.cpp:622)
==29846==    by 0x2B7CE9C9: Konsole::Session::onViewSizeChange(int, int) (Session.cpp:596)
==29846==    by 0x2B7D1E58: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (Session.moc:214)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7FB944: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (TerminalDisplay.moc:184)
==29846==    by 0x2B7F535B: Konsole::TerminalDisplay::updateImageSize() (TerminalDisplay.cpp:1601)
==29846==    by 0x2B7F2167: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:951)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)

==29846== Invalid read of size 1
==29846==    at 0x2B7F24AD: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:1002)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7CBC84: Konsole::ScreenWindow::outputChanged() (ScreenWindow.moc:93)
==29846==    by 0x2B7CBB07: Konsole::ScreenWindow::notifyOutputChanged() (ScreenWindow.cpp:291)
==29846==    by 0x2B7CBC4C: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (ScreenWindow.moc:82)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B795DA4: Konsole::Emulation::outputChanged() (Emulation.moc:194)
==29846==    by 0x2B7950FF: Konsole::Emulation::showBulk() (Emulation.cpp:313)
==29846==    by 0x2B795B0D: Konsole::Emulation::qt_metacall(QMetaObject::Call, int, void**) (Emulation.moc:134)
==29846==    by 0x2B8147A4: Konsole::Vt102Emulation::qt_metacall(QMetaObject::Call, int, void**) (Vt102Emulation.moc:78)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==  Address 0x1ca9d972 is 2 bytes inside a block of size 960 free'd
==29846==    at 0x4C246F6: operator delete[](void*) (vg_replace_malloc.c:368)
==29846==    by 0x2B7CB066: Konsole::ScreenWindow::getImage() (ScreenWindow.cpp:64)
==29846==    by 0x2B7F1F13: Konsole::TerminalDisplay::processFilters() (TerminalDisplay.cpp:924)
==29846==    by 0x2B7CEAF2: Konsole::Session::updateTerminalSize() (Session.cpp:622)
==29846==    by 0x2B7CE9C9: Konsole::Session::onViewSizeChange(int, int) (Session.cpp:596)
==29846==    by 0x2B7D1E58: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (Session.moc:214)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7FB944: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (TerminalDisplay.moc:184)
==29846==    by 0x2B7F535B: Konsole::TerminalDisplay::updateImageSize() (TerminalDisplay.cpp:1601)
==29846==    by 0x2B7F2167: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:951)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)

==29846== Invalid read of size 1
==29846==    at 0x4C26678: memcpy (mc_replace_strmem.c:482)
==29846==    by 0x2B7F297E: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:1081)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7CBC84: Konsole::ScreenWindow::outputChanged() (ScreenWindow.moc:93)
==29846==    by 0x2B7CBB07: Konsole::ScreenWindow::notifyOutputChanged() (ScreenWindow.cpp:291)
==29846==    by 0x2B7CBC4C: Konsole::ScreenWindow::qt_metacall(QMetaObject::Call, int, void**) (ScreenWindow.moc:82)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B795DA4: Konsole::Emulation::outputChanged() (Emulation.moc:194)
==29846==    by 0x2B7950FF: Konsole::Emulation::showBulk() (Emulation.cpp:313)
==29846==    by 0x2B795B0D: Konsole::Emulation::qt_metacall(QMetaObject::Call, int, void**) (Emulation.moc:134)
==29846==    by 0x2B8147A4: Konsole::Vt102Emulation::qt_metacall(QMetaObject::Call, int, void**) (Vt102Emulation.moc:78)
==29846==  Address 0x1ca9dd2f is 959 bytes inside a block of size 960 free'd
==29846==    at 0x4C246F6: operator delete[](void*) (vg_replace_malloc.c:368)
==29846==    by 0x2B7CB066: Konsole::ScreenWindow::getImage() (ScreenWindow.cpp:64)
==29846==    by 0x2B7F1F13: Konsole::TerminalDisplay::processFilters() (TerminalDisplay.cpp:924)
==29846==    by 0x2B7CEAF2: Konsole::Session::updateTerminalSize() (Session.cpp:622)
==29846==    by 0x2B7CE9C9: Konsole::Session::onViewSizeChange(int, int) (Session.cpp:596)
==29846==    by 0x2B7D1E58: Konsole::Session::qt_metacall(QMetaObject::Call, int, void**) (Session.moc:214)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)
==29846==    by 0x2B7FB944: Konsole::TerminalDisplay::changedContentSizeSignal(int, int) (TerminalDisplay.moc:184)
==29846==    by 0x2B7F535B: Konsole::TerminalDisplay::updateImageSize() (TerminalDisplay.cpp:1601)
==29846==    by 0x2B7F2167: Konsole::TerminalDisplay::updateImage() (TerminalDisplay.cpp:951)
==29846==    by 0x2B7FB5B6: Konsole::TerminalDisplay::qt_metacall(QMetaObject::Call, int, void**) (TerminalDisplay.moc:131)
==29846==    by 0x832EDF5: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3287)

Comment 2 Jekyll Wu 2011-09-26 06:52:58 UTC

Can't reproduce this with kdevelop-4.2.3 and  konsole-2.7.999.