Bug 414227 - Dolphin crashes in KFileMetaData::UserMetaData::queryAttributes() when retrieving metadata from dangling symlink
Summary: Dolphin crashes in KFileMetaData::UserMetaData::queryAttributes() when retrie...
Status: RESOLVED FIXED
Alias: None
Product: frameworks-kfilemetadata
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: 5.64.0
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Pinak Ahuja
URL:
Keywords: drkonqi
: 414372 414453 415198 415212 415275 415312 415418 415590 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-11-17 11:44 UTC by Ismael Asensio
Modified: 2019-12-29 21:44 UTC (History)
11 users (show)

See Also:
Latest Commit: https://commits.kde.org/kfilemetadata/4bb4195a6fc6841dd9ce1d3f564fc122b6032d86
Version Fixed In: 5.65

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Ismael Asensio 2019-11-17 11:44:31 UTC 
Application: dolphin (19.11.80)
 (Compiled from sources)
Qt Version: 5.12.4
Frameworks Version: 5.65.0
Operating System: Linux 5.3.0-23-generic x86_64
Distribution: Ubuntu 19.10

-- Information about the crash:
- Steps to reproduce:
With panel information open, hover over a dangling symlink

The crash can be reproduced every time.

-- Backtrace:
Application: Dolphin (dolphin), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fb1c8498280 (LWP 28827))]

Thread 5 (Thread 0x7fb1bde3e700 (LWP 28854)):
#0  __libc_enable_asynccancel () at ../sysdeps/unix/sysv/linux/x86_64/cancellation.S:56
#1  0x00007fb1cee75c17 in __GI___poll (fds=0x7fb1ac0025e0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#2  0x00007fb1ca61ea3e in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb1ca61eb73 in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fb1cc90e6c3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fb1cc8b563b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fb1cc6eea75 in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fb1cc6efcc2 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007fb1caebc669 in start_thread (arg=<optimized out>) at pthread_create.c:479
#9  0x00007fb1cee82323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 4 (Thread 0x7fb1bfebe700 (LWP 28830)):
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x563116765408) at ../sysdeps/unix/sysv/linux/futex-internal.h:80
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x5631167653b8, cond=0x5631167653e0) at pthread_cond_wait.c:508
#2  __pthread_cond_wait (cond=0x5631167653e0, mutex=0x5631167653b8) at pthread_cond_wait.c:638
#3  0x00007fb1c46c097b in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007fb1c46c059b in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007fb1caebc669 in start_thread (arg=<optimized out>) at pthread_create.c:479
#6  0x00007fb1cee82323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7fb1c646f700 (LWP 28829)):
#0  0x00007fb1cee75c2f in __GI___poll (fds=0x7fb1b8012220, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb1ca61ea3e in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fb1ca61eb73 in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fb1cc90e6c3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#4  0x00007fb1cc8b563b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fb1cc6eea75 in QThread::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#6  0x00007fb1ccb8fefa in ?? () from /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5
#7  0x00007fb1cc6efcc2 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#8  0x00007fb1caebc669 in start_thread (arg=<optimized out>) at pthread_create.c:479
#9  0x00007fb1cee82323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7fb1c7359700 (LWP 28828)):
#0  0x00007fb1cee75c2f in __GI___poll (fds=0x7fb1c7358ca8, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007fb1cae79917 in ?? () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#2  0x00007fb1cae7b53a in xcb_wait_for_event () from /usr/lib/x86_64-linux-gnu/libxcb.so.1
#3  0x00007fb1c7b3c288 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#4  0x00007fb1cc6efcc2 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#5  0x00007fb1caebc669 in start_thread (arg=<optimized out>) at pthread_create.c:479
#6  0x00007fb1cee82323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7fb1c8498280 (LWP 28827)):
[KCrash Handler]
#6  0x00007fb1cc6fd651 in QByteArray::QByteArray(int, Qt::Initialization) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007fb1cc3646df in k_queryAttributes (path=..., attributes=...) at /home/isma/kde/src/kfilemetadata/src/xattr_p.h:240
#8  0x00007fb1cc36616f in KFileMetaData::UserMetaData::queryAttributes (this=0x7fff6d802950, attributes=...) at /home/isma/kde/src/kfilemetadata/src/usermetadata.cpp:220
#9  0x00007fb1ce68fd25 in Baloo::Private::convertUserMetaData (metaData=...) at /home/isma/kde/src/baloo-widgets/src/filemetadatautil.cpp:37
#10 0x00007fb1ce67ce75 in Baloo::FileFetchJob::doStart (this=0x563116b8d010) at /home/isma/kde/src/baloo-widgets/src/filefetchjob.cpp:72
#11 0x00007fb1ce699c5c in Baloo::FileFetchJob::qt_static_metacall (_o=0x563116b8d010, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x563117ac04c0) at /home/isma/kde/build/baloo-widgets/src/KF5BalooWidgets_autogen/EWIEGA46WW/moc_filefetchjob.cpp:71
#12 0x00007fb1cc8e2eba in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007fb1cd3caa86 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007fb1cd3d3e00 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007fb1cc8b6a9a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007fb1cc8b9718 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007fb1cc90f0a7 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007fb1ca61e84d in g_main_context_dispatch () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007fb1ca61ead0 in ?? () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007fb1ca61eb73 in g_main_context_iteration () from /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007fb1cc90e6a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007fb1cc8b563b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007fb1cc8bd3a6 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00007fb1cefdcec0 in kdemain (argc=1, argv=0x7fff6d803168) at /home/isma/kde/src/dolphin/src/main.cpp:188
#25 0x00005631151bf193 in main (argc=1, argv=0x7fff6d803168) at /home/isma/kde/build/dolphin/src/dolphin_dummy.cpp:3
[Inferior 1 (process 28827) detached]

Possible duplicates by query: bug 401024, bug 398191, bug 395128, bug 351850, bug 335214.

Reported using DrKonqi
Comment 1 Nate Graham 2019-11-21 18:14:27 UTC 
Moving to KFileMetaData, since that's what's crashing.
Comment 2 Nate Graham 2019-11-21 18:14:49 UTC 
*** Bug 414372 has been marked as a duplicate of this bug. ***
Comment 3 Elvis Angelaccio 2019-11-24 12:11:38 UTC 
*** Bug 414453 has been marked as a duplicate of this bug. ***
Comment 4 Ismael Asensio 2019-12-12 20:50:39 UTC 
Git commit 4bb4195a6fc6841dd9ce1d3f564fc122b6032d86 by Ismael Asensio.
Committed on 12/12/2019 at 20:50.
Pushed by iasensio into branch 'master'.

xattr: fix crash on dangling symlinks

Summary:
When requesting metadata on a dangling symlink, the framestack ends up calling
`k_queryAttributes()` with the symlink path, where the `listxattr` syscall
returns `size==-1` and `errno==ENOENT` (No such file or directory).
This case was not covered before, and provoked a segfault on `QByteArray`.
Full traceback on: https://bugs.kde.org/show_bug.cgi?id=414227

It might be also a good idea to always protect the function when `size==-1`

Test Plan:
- `bin/usermetadatawritertest` : added test
- On dolphin, with panel information open, hover over a dangling symlink

Reviewers: astippich, bruns

Reviewed By: bruns

Subscribers: bruns, kde-frameworks-devel, #baloo

Tags: #frameworks, #baloo

Differential Revision: https://phabricator.kde.org/D25414

M  +11   -0    autotests/usermetadatawritertest.cpp
M  +1    -0    autotests/usermetadatawritertest.h
M  +6    -6    src/xattr_p.h

https://commits.kde.org/kfilemetadata/4bb4195a6fc6841dd9ce1d3f564fc122b6032d86
Comment 5 David Hallas 2019-12-18 14:15:13 UTC 
*** Bug 415198 has been marked as a duplicate of this bug. ***
Comment 6 David Hallas 2019-12-18 14:23:15 UTC 
*** Bug 415275 has been marked as a duplicate of this bug. ***
Comment 7 Nate Graham 2019-12-21 02:38:40 UTC 
*** Bug 415418 has been marked as a duplicate of this bug. ***
Comment 8 Nate Graham 2019-12-21 02:39:44 UTC 
*** Bug 415212 has been marked as a duplicate of this bug. ***
Comment 9 Ismael Asensio 2019-12-23 13:32:04 UTC 
I've just noticed that the fix was also commited to Frameworks 5.65, so it should be fixed from there on.
Comment 10 Ismael Asensio 2019-12-26 22:37:07 UTC 
*** Bug 415590 has been marked as a duplicate of this bug. ***
Comment 11 Elvis Angelaccio 2019-12-28 19:11:22 UTC 
*** Bug 415312 has been marked as a duplicate of this bug. ***