Bug 257342 - kded4 is aborted by glibc for a double free in AuthInfo.
Summary: kded4 is aborted by glibc for a double free in AuthInfo.
Status: RESOLVED DUPLICATE of bug 256712
Alias: None
Product: kde
Classification: I don't know
Component: general (show other bugs)
Version: 4.5
Platform: Unlisted Binaries Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-19 18:16 UTC by Erik Zeek
Modified: 2010-11-19 18:24 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Zeek 2010-11-19 18:16:07 UTC
Version:           4.5 (using KDE 4.5.3) 
OS:                Linux

Checking rss feeds in Akregator causes a double free in AuthInfo.  I have some local feeds that are password protected (all on the same server, all with the same password) that appear to be triggering this error.

A quick look at AuthInfo shows that it's failing when freeing the PIMPL.  A possible cause of this is that the PIMPL *pointer* value is being copied in the assignment operator, not the contents of the pointer (I didn't look at the copy constructor).  This will lead to multiple objects with the same PIMPL, and multiple free attempts.  Perhaps the bare pointer can be replaced with a reference counted one?

Reproducible: Sometimes


Actual Results:  
Application: KDE Daemon (kded4), signal: Aborted
82 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[KCrash Handler]
#6  0x0000003a560329a5 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x0000003a56034185 in abort () at abort.c:92
#8  0x0000003a5606fd5b in __libc_message (do_abort=2, fmt=0x3a561438f8 "***
glibc detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:186
#9  0x0000003a56075676 in malloc_printerr (action=3, str=0x3a56143c80 "double
free or corruption (fasttop)", ptr=<value optimized out>) at malloc.c:6283
#10 0x0000003c532ba55d in KIO::AuthInfo::~AuthInfo (this=0x2368440,
__in_chrg=<value optimized out>) at
/usr/src/debug/kdelibs-4.5.2/kio/kio/authinfo.cpp:128
#11 0x00007f08f93f3fa4 in ~AuthInfoContainer (this=<value optimized out>,
key=<value optimized out>, info=...) at
/usr/src/debug/kdebase-runtime-4.5.2/kpasswdserver/kpasswdserver.h:81
#12 KPasswdServer::findAuthInfoItem (this=<value optimized out>, key=<value
optimized out>, info=...) at
/usr/src/debug/kdebase-runtime-4.5.2/kpasswdserver/kpasswdserver.cpp:749
#13 0x00007f08f93f8454 in KPasswdServer::checkAuthInfoAsync (this=0x259edb0,
info=..., windowId=0, usertime=<value optimized out>)
    at /usr/src/debug/kdebase-runtime-4.5.2/kpasswdserver/kpasswdserver.cpp:306
#14 0x00007f08f93fa122 in KPasswdServerAdaptor::checkAuthInfoAsync
(this=0x2596f20, info=<value optimized out>, windowId=0, usertime=494612290)
    at
/usr/src/debug/kdebase-runtime-4.5.2/x86_64-redhat-linux-gnu/kpasswdserver/kpasswdserveradaptor.cpp:57
#15 0x00007f08f93fa443 in KPasswdServerAdaptor::qt_metacall (this=0x2596f20,
_c=<value optimized out>, _id=5, _a=0x7fffba7993c0)
    at
/usr/src/debug/kdebase-runtime-4.5.2/x86_64-redhat-linux-gnu/kpasswdserver/kpasswdserveradaptor.moc:151
#16 0x0000003a69021eb6 in QDBusConnectionPrivate::deliverCall (this=0x1fa6960,
object=0x2596f20, msg=..., metaTypes=..., slotIdx=9) at qdbusintegrator.cpp:904
#17 0x0000003a6902312b in QDBusConnectionPrivate::activateCall (this=0x1fa6960,
object=0x2596f20, flags=497, msg=...) at qdbusintegrator.cpp:816
#18 0x0000003a69023b9d in QDBusConnectionPrivate::activateObject
(this=0x1fa6960, node=..., msg=..., pathStartPos=<value optimized out>) at
qdbusintegrator.cpp:1364
#19 0x0000003a69023e38 in QDBusActivateObjectEvent::placeMetaCall
(this=0x25b1d10) at qdbusintegrator.cpp:1477
#20 0x0000003a60962f31 in QObject::event (this=0x259edb0, e=0x25b1d10) at
kernel/qobject.cpp:1248
#21 0x0000003a617ab39c in QApplicationPrivate::notify_helper (this=0x1fba510,
receiver=0x259edb0, e=0x25b1d10) at kernel/qapplication.cpp:4306
#22 0x0000003a617b165b in QApplication::notify (this=<value optimized out>,
receiver=0x259edb0, e=0x25b1d10) at kernel/qapplication.cpp:4189
#23 0x0000003c51c1d126 in KApplication::notify (this=0x7fffba79a130,
receiver=0x259edb0, event=0x25b1d10) at
/usr/src/debug/kdelibs-4.5.2/kdeui/kernel/kapplication.cpp:310
#24 0x0000003a60953ddc in QCoreApplication::notifyInternal
(this=0x7fffba79a130, receiver=0x259edb0, event=0x25b1d10) at
kernel/qcoreapplication.cpp:726
#25 0x0000003a60955ed4 in sendEvent (receiver=0x0, event_type=0,
data=0x1f83540) at kernel/qcoreapplication.h:215
#26 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0,
data=0x1f83540) at kernel/qcoreapplication.cpp:1367
#27 0x0000003a60979d23 in sendPostedEvents (s=<value optimized out>) at
kernel/qcoreapplication.h:220
#28 postEventSourceDispatch (s=<value optimized out>) at
kernel/qeventdispatcher_glib.cpp:276
#29 0x0000003a5a03bd02 in g_main_dispatch (context=0x1fbd120) at gmain.c:1960
#30 IA__g_main_context_dispatch (context=0x1fbd120) at gmain.c:2513
#31 0x0000003a5a03fae8 in g_main_context_iterate (context=0x1fbd120, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2591
#32 0x0000003a5a03fc9c in IA__g_main_context_iteration (context=0x1fbd120,
may_block=1) at gmain.c:2654
#33 0x0000003a60979863 in QEventDispatcherGlib::processEvents (this=0x1f82c60,
flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412
#34 0x0000003a6184a84e in QGuiEventDispatcherGlib::processEvents (this=<value
optimized out>, flags=<value optimized out>) at
kernel/qguieventdispatcher_glib.cpp:204
#35 0x0000003a60952822 in QEventLoop::processEvents (this=<value optimized
out>, flags=...) at kernel/qeventloop.cpp:149
#36 0x0000003a60952aec in QEventLoop::exec (this=0x7fffba79a080, flags=...) at
kernel/qeventloop.cpp:201
#37 0x0000003a609561bb in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1003
#38 0x0000003c5380ae97 in kdemain (argc=1, argv=0x7fffba79a4f8) at
/usr/src/debug/kdelibs-4.5.2/kded/kded.cpp:894
#39 0x0000003a5601ec5d in __libc_start_main (main=0x400800 <main(int, char**)>,
argc=1, ubp_av=0x7fffba79a4f8, init=<value optimized out>, fini=<value
optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fffba79a4e8) at
libc-start.c:226
#40 0x0000000000400739 in _start ()

Expected Results:  
No crash.

I've reported this on Fedora's Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=651476
Comment 1 Christoph Feck 2010-11-19 18:24:14 UTC

*** This bug has been marked as a duplicate of bug 256712 ***