Application: kate (15.08.3) Qt Version: 5.5.1 Operating System: Linux 4.2.8-300.fc23.x86_64 x86_64 Distribution: "Fedora release 23 (Twenty Three)" -- Information about the crash: - What I was doing when the application crashed: I simply entered "kate .gnupg/secring.gpg" then kate crashed The crash can be reproduced sometimes. -- Backtrace: Application: Kate (kate), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [Current thread is 1 (Thread 0x7f40dcbe8900 (LWP 3547))] Thread 2 (Thread 0x7f40bd8cc700 (LWP 3548)): #0 0x00007f40d54c9ffd in poll () at /lib64/libc.so.6 #1 0x00007f40d23de272 in _xcb_conn_wait () at /lib64/libxcb.so.1 #2 0x00007f40d23dfee7 in xcb_wait_for_event () at /lib64/libxcb.so.1 #3 0x00007f40c029dda9 in QXcbEventReader::run() () at /lib64/libQt5XcbQpa.so.5 #4 0x00007f40d60d23ce in QThreadPrivate::start(void*) () at /lib64/libQt5Core.so.5 #5 0x00007f40d368e60a in start_thread () at /lib64/libpthread.so.0 #6 0x00007f40d54d5a9d in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7f40dcbe8900 (LWP 3547)): [KCrash Handler] #5 0x00007f40d8f95bc1 in kencodingprober::UnicodeGroupProber::HandleData(char const*, unsigned int) () at /lib64/libKF5Codecs.so.5 #6 0x00007f40d8f97a33 in kencodingprober::nsMBCSGroupProber::HandleData(char const*, unsigned int) () at /lib64/libKF5Codecs.so.5 #7 0x00007f40d8f9c0f8 in kencodingprober::nsUniversalDetector::HandleData(char const*, unsigned int) () at /lib64/libKF5Codecs.so.5 #8 0x00007f40d8f8d00c in KEncodingProber::feed(char const*, int) () at /lib64/libKF5Codecs.so.5 #9 0x00007f40dc219821 in Kate::TextBuffer::load(QString const&, bool&, bool&, int&, bool) () at /lib64/libKF5TextEditor.so.5 #10 0x00007f40dc299fbf in KateBuffer::openFile(QString const&, bool) () at /lib64/libKF5TextEditor.so.5 #11 0x00007f40dc28f5f7 in KTextEditor::DocumentPrivate::openFile() () at /lib64/libKF5TextEditor.so.5 #12 0x00007f40dbf2ca31 in KParts::ReadOnlyPartPrivate::openLocalFile() () at /lib64/libKF5Parts.so.5 #13 0x00007f40dbf2d960 in KParts::ReadOnlyPart::openUrl(QUrl const&) () at /lib64/libKF5Parts.so.5 #14 0x00007f40dc279e79 in KTextEditor::DocumentPrivate::openUrl(QUrl const&) () at /lib64/libKF5TextEditor.so.5 #15 0x00007f40dc862c66 in KateDocManager::openUrl(QUrl const&, QString const&, bool, KateDocumentInfo const&) () at /lib64/libkdeinit5_kate.so #16 0x00007f40dc86329a in KateDocManager::openUrls(QList<QUrl> const&, QString const&, bool, KateDocumentInfo const&) () at /lib64/libkdeinit5_kate.so #17 0x00007f40dc8757c7 in KateViewManager::openUrls(QList<QUrl> const&, QString const&, bool, KateDocumentInfo const&) () at /lib64/libkdeinit5_kate.so #18 0x00007f40dc8520b1 in KateApp::startupKate() () at /lib64/libkdeinit5_kate.so #19 0x00007f40dc85336d in KateApp::init() () at /lib64/libkdeinit5_kate.so #20 0x00007f40dc8acfd1 in kdemain () at /lib64/libkdeinit5_kate.so #21 0x00007f40d53f3580 in __libc_start_main () at /lib64/libc.so.6 #22 0x000055d7b5d6fb49 in _start () Reported using DrKonqi
I can reproduce it. It looks like the problem is in kcodecs. UnicodeGroupProber::HandleData has this code: if (4 >= aBuf[1] && aBuf[1] >= 0 && isprint(aBuf[0])) { where isprint is a macro: enum { // non-relevant CTYPE_PRINT = 1 << 6, // non-relevant }; #define ctype_test(c, t) ((ctype_data[(unsigned short)c] & t) != 0) #define isprint(c) ctype_test((c), CTYPE_PRINT) And sometimes aBuf contains negative values. So we got an out-of-bounds index for ctype_data array: c is negative in "(unsigned short)c". I don't know what to do with this, but I think it is a kcodecs bug.
Created attachment 96479 [details] gdb backtrace with additional info
Trace from current sources, tested with file from bug #360797: #0 0x00007ffff48d1e66 in kencodingprober::UnicodeGroupProber::HandleData(char const*, unsigned int) (this=0x7cc6b0, aBuf=0xd38f90 "\341\001\201P\212u\236\273@\242\346\203\001\254U\203\002\310*\203\003\254F\210\004\210\005\230\004\234\006\201\a\202a\274\362\266J\300\326o\326\210\b\377\023\210\t\377\023\203\025\214\356V\211\021\234\022\210", <incomplete sequence \303>, aLen=63) at frameworks/kcodecs/src/probers/UnicodeGroupProber.cpp:89 #1 0x00007ffff48d4046 in kencodingprober::nsMBCSGroupProber::HandleData(char const*, unsigned int) (this=0xa777a0, aBuf=0xda3098 "\341\001", aLen=120) at frameworks/kcodecs/src/probers/nsMBCSGroupProber.cpp:119 #2 0x00007ffff48d56eb in kencodingprober::nsUniversalDetector::HandleData(char const*, unsigned int) (this=0xd42600, aBuf=0xda3098 "\341\001", aLen=120) at frameworks/kcodecs/src/probers/nsUniversalDetector.cpp:149 #3 0x00007ffff48c9c22 in KEncodingProber::feed(char const*, int) (this=0x7fffffffc010, data=0xda3098 "\341\001", len=120) at frameworks/kcodecs/src/kencodingprober.cpp:181 #4 0x00007ffff76cdee8 in Kate::TextLoader::readLine(int&, int&) (this=0x7fffffffc120, offset=@0x7fffffffc18c: 0, length=@0x7fffffffc188: 0) at frameworks/ktexteditor/src/buffer/katetextloader.h:266 #5 0x00007ffff76cb2f0 in Kate::TextBuffer::load(QString const&, bool&, bool&, int&, bool) (this= 0x7df1e0, filename=..., encodingErrors=@0x7df2a8: false, tooLongLinesWrapped=@0x7df2a9: false, longestLineLoaded=@0x7df2ac: 0, enforceTextCodec=false) at frameworks/ktexteditor/src/buffer/katetextbuffer.cpp:621 #6 0x00007ffff777aef3 in KateBuffer::openFile(QString const&, bool) (this=0x7df1e0, m_file=..., enforceTextCodec=false) at frameworks/ktexteditor/src/document/katebuffer.cpp:195 #7 0x00007ffff775133e in KTextEditor::DocumentPrivate::openFile() (this=0x7d4cc0) at frameworks/ktexteditor/src/document/katedocument.cpp:2252 #8 0x00007ffff6f57035 in KParts::ReadOnlyPartPrivate::openLocalFile() (this=0x7cc280) at frameworks/kparts/src/readonlypart.cpp:187 #9 0x00007ffff6f56cc2 in KParts::ReadOnlyPart::openUrl(QUrl const&) (this=0x7d4cc0, url=...) at frameworks/kparts/src/readonlypart.cpp:150 #10 0x00007ffff7753c44 in KTextEditor::DocumentPrivate::openUrl(QUrl const&) (this=0x7d4cc0, url=...) at frameworks/ktexteditor/src/document/katedocument.cpp:2596 #11 0x000000000041bbf1 in KWrite::loadURL(QUrl const&) (this=0x7398b0, url=...) at kde/applications/kate/kwrite/kwrite.cpp:202 #12 0x00000000004176e0 in main(int, char**) (argc=2, argv=0x7fffffffd9a8) at kde/app And here the valgrind trace for the same file: ==26843== Conditional jump or move depends on uninitialised value(s) ==26843== at 0x8137D93: kencodingprober::UnicodeGroupProber::HandleData(char const*, unsigned int) (UnicodeGroupProber.cpp:84) ==26843== by 0x813A045: kencodingprober::nsMBCSGroupProber::HandleData(char const*, unsigned int) (nsMBCSGroupProber.cpp:119) ==26843== by 0x813B6EA: kencodingprober::nsUniversalDetector::HandleData(char const*, unsigned int) (nsUniversalDetector.cpp:149) ==26843== by 0x812FC21: KEncodingProber::feed(char const*, int) (kencodingprober.cpp:181) ==26843== by 0x4EF8EE7: Kate::TextLoader::readLine(int&, int&) (katetextloader.h:266) ==26843== by 0x4EF62EF: Kate::TextBuffer::load(QString const&, bool&, bool&, int&, bool) (katetextbuffer.cpp:621) ==26843== by 0x4FA5EF2: KateBuffer::openFile(QString const&, bool) (katebuffer.cpp:195) ==26843== by 0x4F7C33D: KTextEditor::DocumentPrivate::openFile() (katedocument.cpp:2252) ==26843== by 0x5A9A034: KParts::ReadOnlyPartPrivate::openLocalFile() (readonlypart.cpp:187) ==26843== by 0x5A99CC1: KParts::ReadOnlyPart::openUrl(QUrl const&) (readonlypart.cpp:150) ==26843== by 0x4F7EC43: KTextEditor::DocumentPrivate::openUrl(QUrl const&) (katedocument.cpp:2596) ==26843== by 0x41BBF0: KWrite::loadURL(QUrl const&) (kwrite.cpp:202) ==26843== ==26843== Conditional jump or move depends on uninitialised value(s) ==26843== at 0x8137E1F: kencodingprober::UnicodeGroupProber::HandleData(char const*, unsigned int) (UnicodeGroupProber.cpp:85) ==26843== by 0x813A045: kencodingprober::nsMBCSGroupProber::HandleData(char const*, unsigned int) (nsMBCSGroupProber.cpp:119) ==26843== by 0x813B6EA: kencodingprober::nsUniversalDetector::HandleData(char const*, unsigned int) (nsUniversalDetector.cpp:149) ==26843== by 0x812FC21: KEncodingProber::feed(char const*, int) (kencodingprober.cpp:181) ==26843== by 0x4EF8EE7: Kate::TextLoader::readLine(int&, int&) (katetextloader.h:266) ==26843== by 0x4EF62EF: Kate::TextBuffer::load(QString const&, bool&, bool&, int&, bool) (katetextbuffer.cpp:621) ==26843== by 0x4FA5EF2: KateBuffer::openFile(QString const&, bool) (katebuffer.cpp:195) ==26843== by 0x4F7C33D: KTextEditor::DocumentPrivate::openFile() (katedocument.cpp:2252) ==26843== by 0x5A9A034: KParts::ReadOnlyPartPrivate::openLocalFile() (readonlypart.cpp:187) ==26843== by 0x5A99CC1: KParts::ReadOnlyPart::openUrl(QUrl const&) (readonlypart.cpp:150) ==26843== by 0x4F7EC43: KTextEditor::DocumentPrivate::openUrl(QUrl const&) (katedocument.cpp:2596) ==26843== by 0x41BBF0: KWrite::loadURL(QUrl const&) (kwrite.cpp:202) ==26843== ==26843== ==26843== Process terminating with default action of signal 11 (SIGSEGV) ==26843== Bad permissions for mapped region at address 0x8170F22 ==26843== at 0x8137E66: kencodingprober::UnicodeGroupProber::HandleData(char const*, unsigned int) (UnicodeGroupProber.cpp:89) ==26843== by 0x813A045: kencodingprober::nsMBCSGroupProber::HandleData(char const*, unsigned int) (nsMBCSGroupProber.cpp:119) ==26843== by 0x813B6EA: kencodingprober::nsUniversalDetector::HandleData(char const*, unsigned int) (nsUniversalDetector.cpp:149) ==26843== by 0x812FC21: KEncodingProber::feed(char const*, int) (kencodingprober.cpp:181) ==26843== by 0x4EF8EE7: Kate::TextLoader::readLine(int&, int&) (katetextloader.h:266) ==26843== by 0x4EF62EF: Kate::TextBuffer::load(QString const&, bool&, bool&, int&, bool) (katetextbuffer.cpp:621) ==26843== by 0x4FA5EF2: KateBuffer::openFile(QString const&, bool) (katebuffer.cpp:195) ==26843== by 0x4F7C33D: KTextEditor::DocumentPrivate::openFile() (katedocument.cpp:2252) ==26843== by 0x5A9A034: KParts::ReadOnlyPartPrivate::openLocalFile() (readonlypart.cpp:187) ==26843== by 0x5A99CC1: KParts::ReadOnlyPart::openUrl(QUrl const&) (readonlypart.cpp:150) ==26843== by 0x4F7EC43: KTextEditor::DocumentPrivate::openUrl(QUrl const&) (katedocument.cpp:2596) ==26843== by 0x41BBF0: KWrite::loadURL(QUrl const&) (kwrite.cpp:202)
*** Bug 360797 has been marked as a duplicate of this bug. ***
Git commit d9a99dce9d63cab0429ac94acb160304e2bfa36f by Dominik Haumann. Committed on 29/03/2016 at 15:52. Pushed by dhaumann into branch 'master'. encoding detection: fix crash in wrong usage of isprint If the first characters was negative, we always hit a crash in the encoding detection. This patch fixes this. REVIEW: 127488 CHANGELOG: encoding detection: fix crash in wrong usage of isprint (bug #357341) A +- -- autotests/data/binary_data M +11 -0 autotests/kencodingprobertest.cpp M +3 -1 src/probers/UnicodeGroupProber.cpp http://commits.kde.org/kcodecs/d9a99dce9d63cab0429ac94acb160304e2bfa36f
*** Bug 343261 has been marked as a duplicate of this bug. ***
*** Bug 362273 has been marked as a duplicate of this bug. ***