316723 – Double-free in legacy KGAPI::Services::Contact API

Bug 316723 - Double-free in legacy KGAPI::Services::Contact API

Summary: Double-free in legacy KGAPI::Services::Contact API

Status:	RESOLVED FIXED

Alias:	None

Product:	libkgapi
Classification:	Frameworks and Libraries
Component:	General (show other bugs)
Version:	GIT
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Daniel Vrátil

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-14 15:49 UTC by René Serral
Modified:	2013-03-14 17:46 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	http://commits.kde.org/akonadi-google/c8334aeec5fabbad9638c1e26ce6d0889dc5119a
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description René Serral 2013-03-14 15:49:50 UTC

Application: akonadi_googlecontacts_resource (4.10)
KDE Platform Version: 4.10.1 (Compiled from sources)
Qt Version: 4.8.2
Operating System: Linux 3.8.2 x86_64
Distribution: Debian GNU/Linux 7.0 (wheezy)

-- Information about the crash:
I just inserted a new contact to my addressbook, and after selecting a nepomuk category it crashed. Since then on every start of the resource I get the crash as attached on the backtrace.

I observed that modifying a contact adding the category also causes the crash.

The crash can be reproduced sometimes.

-- Backtrace:
Application: Google Contacts (akonadi_googlecontacts_resource), signal: Aborted
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[KCrash Handler]
#6  0x00007f91f4abc475 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x00007f91f4abf6f0 in *__GI_abort () at abort.c:92
#8  0x00007f91f4af752b in __libc_message (do_abort=<optimized out>, fmt=<optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#9  0x00007f91f4b00d76 in malloc_printerr (action=3, str=0x7f91f4bd9228 "double free or corruption (out)", ptr=<optimized out>) at malloc.c:6283
#10 0x00007f91f4b05aac in *__GI___libc_free (mem=<optimized out>) at malloc.c:3738
#11 0x00007f91f73f36d4 in KGAPI::Objects::Contact::~Contact (this=0x7fff5843e090, __in_chrg=<optimized out>) at /media/kdesvn/kde4svn/src/libkgapi/common/contact.inc.cpp:84
#12 0x00007f91f74071b9 in QtSharedPointer::ExternalRefCount<KGAPI2::Contact>::deref (d=0xb046c0, value=0x7fff5843e090) at /usr/include/qt4/QtCore/qsharedpointer_impl.h:342
#13 0x00007f91f7406e20 in QtSharedPointer::ExternalRefCount<KGAPI2::Contact>::deref (this=0x7fff5843e030) at /usr/include/qt4/QtCore/qsharedpointer_impl.h:336
#14 0x00007f91f740697c in QtSharedPointer::ExternalRefCount<KGAPI2::Contact>::~ExternalRefCount (this=0x7fff5843e030, __in_chrg=<optimized out>) at /usr/include/qt4/QtCore/qsharedpointer_impl.h:401
#15 0x00007f91f7406880 in QSharedPointer<KGAPI2::Contact>::~QSharedPointer (this=0x7fff5843e030, __in_chrg=<optimized out>) at /usr/include/qt4/QtCore/qsharedpointer_impl.h:466
#16 0x00007f91f7404fac in KGAPI::Services::Contacts::objectToXML (this=0x7fff5843e0c0, object=0x7fff5843e090) at /media/kdesvn/kde4svn/src/libkgapi/libkgapi/services/contacts.cpp:64
#17 0x000000000040e584 in ContactsResource::itemChanged (this=0xae8310, item=..., partIdentifiers=...) at /media/kdesvn/kde4svn/src/kdepim-runtime/resources/google/contacts/contactsresource.cpp:363
#18 0x00007f91f90ede74 in Akonadi::AgentBasePrivate::itemChanged (this=0xaab520, item=..., partIdentifiers=...) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/agentbase.cpp:327
#19 0x00007f91f91cb26a in Akonadi::ResourceBasePrivate::itemChanged (this=0xaab520, item=..., partIdentifiers=...) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/resourcebase.cpp:226
#20 0x00007f91f91c9785 in Akonadi::ResourceBasePrivate::qt_static_metacall (_o=0xaab520, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fff5843e420) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/resourcebase.moc:89
#21 0x00007f91f8a4954f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#22 0x00007f91f91adc6f in Akonadi::Monitor::itemChanged (this=0xaa71d0, _t1=..., _t2=...) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/moc_monitor.cpp:189
#23 0x00007f91f91b1eb4 in Akonadi::MonitorPrivate::emitItemNotification (this=0xab2050, msg=..., item=..., collection=..., collectionDest=...) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/monitor_p.cpp:554
#24 0x00007f91f91b06a3 in Akonadi::MonitorPrivate::emitNotification (this=0xab2050, msg=...) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/monitor_p.cpp:296
#25 0x00007f91f910f562 in Akonadi::ChangeRecorderPrivate::emitNotification (this=0xab2050, msg=...) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/changerecorder_p.cpp:54
#26 0x00007f91f91b1351 in Akonadi::MonitorPrivate::flushPipeline (this=0xab2050) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/monitor_p.cpp:457
#27 0x00007f91f91b13cc in Akonadi::MonitorPrivate::dataAvailable (this=0xab2050) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/monitor_p.cpp:466
#28 0x00007f91f91adaaf in Akonadi::Monitor::qt_static_metacall (_o=0xaa71d0, _c=QMetaObject::InvokeMetaMethod, _id=23, _a=0x7fff5843e9b0) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/moc_monitor.cpp:137
#29 0x00007f91f8a4954f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#30 0x00007f91f9154013 in Akonadi::EntityCacheBase::dataAvailable (this=0xaaf7a0) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/moc_entitycache_p.cpp:102
#31 0x00007f91f9115bfa in Akonadi::EntityCache<Akonadi::Item, Akonadi::ItemFetchJob, Akonadi::ItemFetchScope>::processResult (this=0xaaf7a0, job=0x974810) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/entitycache_p.h:196
#32 0x00007f91f9153eec in Akonadi::EntityCacheBase::qt_static_metacall (_o=0xaaf7a0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff5843ec30) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/moc_entitycache_p.cpp:54
#33 0x00007f91f8a4954f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#34 0x00007f91f7ce378b in KJob::result (this=0x974810, _t1=0x974810) at /media/kdesvn/kde4svn/build/kdelibs/kdecore/kjob.moc:208
#35 0x00007f91f7ce2c4f in KJob::emitResult (this=0x974810) at /media/kdesvn/kde4svn/src/kdelibs/kdecore/jobs/kjob.cpp:318
#36 0x00007f91f91a88d6 in Akonadi::JobPrivate::delayedEmitResult (this=0x96a750) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/job.cpp:144
#37 0x00007f91f91a9a8e in Akonadi::Job::qt_static_metacall (_o=0x974810, _c=QMetaObject::InvokeMetaMethod, _id=6, _a=0xa53ef0) at /media/kdesvn/kde4svn/build/kdepimlibs/akonadi/moc_job.cpp:68
#38 0x00007f91f8a48a2e in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#39 0x00007f91f59e870c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#40 0x00007f91f59ecb8a in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#41 0x00007f91f675a0c6 in KApplication::notify (this=0x7fff5843f6c0, receiver=0x974810, event=0xcdd0e0) at /media/kdesvn/kde4svn/src/kdelibs/kdeui/kernel/kapplication.cpp:311
#42 0x00007f91f8a33b5e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#43 0x00007f91f8a379e1 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#44 0x00007f91f8a620e3 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#45 0x00007f91f3a33355 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#46 0x00007f91f3a33688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#47 0x00007f91f3a33744 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#48 0x00007f91f8a62276 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#49 0x00007f91f5a8983e in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#50 0x00007f91f8a328af in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#51 0x00007f91f8a32b38 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#52 0x00007f91f8a37cf8 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#53 0x00007f91f91c517f in Akonadi::ResourceBase::init (r=0xae8310) at /media/kdesvn/kde4svn/src/kdepimlibs/akonadi/resourcebase.cpp:451
#54 0x0000000000413ae6 in Akonadi::ResourceBase::init<ContactsResource> (argc=3, argv=0x7fff5843f818) at /home/kde4/kde/include/KDE/Akonadi/../../akonadi/resourcebase.h:188
#55 0x0000000000411ee6 in main (argc=3, argv=0x7fff5843f818) at /media/kdesvn/kde4svn/src/kdepim-runtime/resources/google/contacts/contactsresource.cpp:730

Reported using DrKonqi

Comment 1 Daniel Vrátil 2013-03-14 17:46:30 UTC

Git commit c8334aeec5fabbad9638c1e26ce6d0889dc5119a by Dan Vrátil.
Committed on 14/03/2013 at 18:46.
Pushed by dvratil into branch 'master'.

Fix double-free corruption in legacy Contacts service

M  +4    -2    libkgapi/services/contacts.cpp

http://commits.kde.org/akonadi-google/c8334aeec5fabbad9638c1e26ce6d0889dc5119a