https://bugs.kde.org/show_bug.cgi?id=343153
Bug ID: 343153 Summary: kio_sftp crashes if sftp_write(...) fails (double-free in sftpProtocol::sftpPut) Product: kio-extras Version: unspecified Platform: Other OS: Linux Status: UNCONFIRMED Severity: crash Priority: NOR Component: default Assignee: plasma-devel@kde.org Reporter: kf...@kde.org Situation: Disk on remote server is full. In that case, when saving the file, sftp_write inside kio_sftp.cpp will fail. This leads to a crash later on. Error in `kio_sftp.so [kdeinit5] sftp local:/run/user/1000/klauncherXM8394.1.slave-socket local:/run/user/1000/katewZ9343.3.slave-socket': free(): invalid pointer: 0x0000000000a54770 *** Tested with Kate 5.x when working on a file opened via sftp protocol. Valgrind report: (...) ==10659== Invalid read of size 8 ==10659== at 0xF79E62E: sftp_attributes_free (sftp.c:1542) ==10659== by 0xF56807B: sftpProtocol::sftpPut(KUrl const&, int, QFlags<KIO::JobFlag>, int&, int) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString const&, int, QFlags<KIO::JobFlag>, int&) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int, QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0xF5646C3: kdemain (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4016B7: main (in /usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave) ==10659== Address 0x17f8f188 is 40 bytes inside a block of size 144 free'd ==10659== at 0x4C2C2E0: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10659== by 0xF568073: sftpProtocol::sftpPut(KUrl const&, int, QFlags<KIO::JobFlag>, int&, int) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString const&, int, QFlags<KIO::JobFlag>, int&) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int, QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0xF5646C3: kdemain (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4016B7: main (in /usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave) ==10659== ==10659== Invalid free() / delete / delete[] / realloc() ==10659== at 0x4C2BE10: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10659== by 0xF56807B: sftpProtocol::sftpPut(KUrl const&, int, QFlags<KIO::JobFlag>, int&, int) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString const&, int, QFlags<KIO::JobFlag>, int&) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int, QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0xF5646C3: kdemain (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4016B7: main (in /usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave) ==10659== Address 0x17f8f160 is 0 bytes inside a block of size 144 free'd ==10659== at 0x4C2C2E0: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10659== by 0xF568073: sftpProtocol::sftpPut(KUrl const&, int, QFlags<KIO::JobFlag>, int&, int) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString const&, int, QFlags<KIO::JobFlag>, int&) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int, QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in /usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0) ==10659== by 0xF5646C3: kdemain (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so) ==10659== by 0x4016B7: main (in /usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave) (Sorry for the missing line numbers, Kubuntu's debug packages are a bit messed up atm) Reproducible: Always Steps to Reproduce: 1. Open file via sftp protocol in Kate 2. Try to save 3. kio_sftp crashes -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel