When an application is compiled with -fsanitize=address, it crashes on startup. Below is a part of stacktrace. Unfortunately, the qtcurve part is not decoded. I'm on Gentoo, qtcurve installed with debug CXXFLAGS, splitdebug and installsources features enabled, but no good stacktrace :( ==5849==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300005387d at pc 0x7f4157f0215f bp 0x7ffc250a1a30 sp 0x7ffc250a11e0 READ of size 9 at 0x60300005387d thread T0 #0 0x7f4157f0215e (/usr/lib/gcc/x86_64-pc-linux-gnu/6.2.0/libasan.so.3+0x8b15e) #1 0x7f4132e1ba5b (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x99a5b) #2 0x7f4132e20184 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x9e184) #3 0x7f4132e1ec1a (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x9cc1a) #4 0x7f4132da1407 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x1f407) #5 0x7f4132da1318 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x1f318) #6 0x7f4132e00707 (/usr/lib64/qt5/plugins/styles/qtcurve.so+0x7e707) #7 0x7f41449f879a in QStyleFactory::create(QString const&) (/usr/lib64/libQt5Widgets.so.5+0x1c479a) #8 0x7f4144992032 in QApplication::style() (/usr/lib64/libQt5Widgets.so.5+0x15e032) #9 0x7f4144992304 in QApplicationPrivate::initialize() (/usr/lib64/libQt5Widgets.so.5+0x15e304) #10 0x7f4144992353 in QApplicationPrivate::init() (/usr/lib64/libQt5Widgets.so.5+0x15e353)
Recompiled QtCurve with address sanitizer: ==25441==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300003329d at pc 0x7ff558f6219f bp 0x7ffd2db1b1f0 sp 0x7ffd2db1a9a0 READ of size 9 at 0x60300003329d thread T0 #0 0x7ff558f6219e (/usr/lib64/gcc/x86_64-pc-linux-gnu/6.3.0/libasan.so+0x8e19e) #1 0x7ff53ce6c86d in toInd /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:90 #2 0x7ff53ce71e42 in qtcReadConfig(QString const&, Options*, Options*, bool) /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:1205 #3 0x7ff53ce708c5 in qtcReadConfig(QString const&, Options*, Options*, bool) /home/eugene/develop/KDE/live/qtcurve/qt5/common/config_file.cpp:1084 #4 0x7ff53cdf2188 in QtCurve::Style::init(bool) /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve.cpp:382 #5 0x7ff53cdf2c0c in QtCurve::Style::Style() /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve.cpp:368 #6 0x7ff53ce488b5 in QtCurve::StylePlugin::create(QString const&) /home/eugene/develop/KDE/live/qtcurve/qt5/style/qtcurve_plugin.cpp:162 #7 0x7ff552f2d79a in QStyleFactory::create(QString const&) (/usr/lib64/libQt5Widgets.so.5+0x1c479a) #8 0x7ff552ec7032 in QApplication::style() (/usr/lib64/libQt5Widgets.so.5+0x15e032) #9 0x7ff552ec7304 in QApplicationPrivate::initialize() (/usr/lib64/libQt5Widgets.so.5+0x15e304) #10 0x7ff552ec7353 in QApplicationPrivate::init() (/usr/lib64/libQt5Widgets.so.5+0x15e353) #11 0x7ff558c5b196 in kdemain (/usr/lib64/libkdeinit5_dolphin.so+0x5a196) #12 0x7ff55151e740 in __libc_start_main (/lib64/libc.so.6+0x20740) #13 0x400ab8 in _start (/usr/bin/dolphin+0x400ab8)
Obviously, all memcmp() calls in config_file.cpp have to be replaced with, e.g., strncmp
https://git.reviewboard.kde.org/r/129762/
Git commit f164a4b69e3c9153200c90d383e0b19cb993b78e by R.J.V. Bertin. Committed on 03/01/2017 at 19:34. Pushed by rjvbb into branch 'master'. Do not exceed string buffer length while parsing config file REVIEW: 129762 M +97 -97 gtk2/common/config_file.cpp M +108 -108 qt4/common/config_file.cpp M +108 -108 qt5/common/config_file.cpp https://commits.kde.org/qtcurve/f164a4b69e3c9153200c90d383e0b19cb993b78e