Created attachment 66614 [details] One of the corrupted autostart files Version: 4.4.5 (using KDE 4.4.5) OS: Linux 1) Was asked by Konqueror to restore non properly terminated session. 2) pressed yes 3) Konqueror read autosave file and created necessary tabs. 4) Konqueror crashed with segfault when trying to load pages Reproducible: Always Steps to Reproduce: Just feed the attached auto-save files to restore Expected Results: Pages loaded without any flaw Seems to be some buffer overflow exploit on the "buffer" parameter in the auto-save files. Looking at the url i found about sevaral thousand \x00 characters and other crap where asside of the original url also the following url was embeded http://static.addtoany.com/menu/sm7.html with the original url passed as one of the parameters. The length of this buffer url is incredibly long causing the segfault. Somewhere along the restore process.
Created attachment 66616 [details] another example
cuting all \x00 charaters and the http://static.addtoany.com/menu/sm7.html address including its parameters from the buffer urls solves the segfault problem. The annoying thing is that after i have loaded the pages i may have to do this manually again. To be on the safe side i deleted the cache and reject now any cookie from the two sites addtoany.com and addthis.com. Hope that helps. I have no clue how far this bug is duplicating https://bugs.kde.org/show_bug.cgi?id=276169 https://bugs.kde.org/show_bug.cgi?id=284733 Yours Christoph
bkocked now the addtoany.com and addthis.com sites for javascript, java, plugins and added them to add filters including http and https urls. Now i do not find any reference to them any more in the auto save file. I also removed all cookies set by them and disallowed them to create any new. I emptied the cache and the history. Still the hex code is added into the history buffer field. Even though i opened a new window and loaded the pages by pasting the addresses visible in the address line into the subtabs of this new window.
Your analysis of the problem is simply wrong. The "HistoryItemViewT0_19Buffer" is not the URL with its parameter! It is rather the data from the page that was saved in case a restore is required. The data is simply in binary format and hence all those \x00 characters. Anyhow, you never provided the backtrace from the crash ; so it is rather hard to determine what the actual cause of the crash was. Please provide the crash log (read: backtrace) from Dr. Konqi.
Created attachment 66752 [details] New crash information added by DrKonqi Konqueror again crashed during loading last kde session. I have no clue whether this crash is linked to the above symptoms. But it is the only one i have.
Created attachment 66753 [details] New crash information added by DrKonqi And again when klicking restore session.
Hi Am Dienstag 13 Dezember 2011, 02:13:20 schrieb Dawit Alemayehu: > https://bugs.kde.org/show_bug.cgi?id=288700 > > > Dawit Alemayehu <adawit@kde.org> changed: > > What |Removed |Added > --------------------------------------------------------------------------- > - Status|UNCONFIRMED |NEEDSINFO > CC| |adawit@kde.org > Resolution| |WAITINGFORINFO > > > > > --- Comment #4 from Dawit Alemayehu <adawit kde org> 2011-12-13 01:13:19 > --- Your analysis of the problem is simply wrong. The > "HistoryItemViewT0_19Buffer" is not the URL with its parameter! It is > rather the data from the page that was saved in case a restore is > required. The data is simply in binary format and hence all those \x00 > characters. Anyhow, you never provided the backtrace from the crash ; so > it is rather hard to determine what the actual cause of the crash was. > Please provide the crash log (read: backtrace) from Dr. Konqi. Had the same problem again. Added now the crash reports. Anyway it has to do something with the history item as simply restarting crashed it again. Clearing the history buffer (ok better wold have been removing anything except the basic url as done above) at least started konqueror without any crash. Christoph
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!