[frameworks-baloo] [Bug 367480] Crash inside Baloo::PostingCodec::decode

[NightSky]

https://bugs.kde.org/show_bug.cgi?id=367480

NightSky <risimi...@gmail.com> changed:

   What|Removed |Added

 CC||risimi...@gmail.com

--- Comment #48 from NightSky <risimi...@gmail.com> ---
(In reply to Christoph Cullmann from comment #15)
Here is another one (Gentoo linux,  kde frameworks 5.29.0):

#6  Baloo::getVarint32Ptr (value=0x7f309520d940, limit=0x7ef11446c64f
"\002\003\v\006'\017\031\f\v\006\005\n\b\016\016\017\f\a\024\t\a\004\020\003\n\003\v\003\a\n\t\004\b\004\003\b\a\005\b\a\006\003\a\006\003\f\n\023\003\006\t\004\a\004\003\r\005\v\b\003\016\004\025\b\004\b\004\033\b\005\017\a\a\004\v\005\003\005\b\a\r\020\004\004\030\n\005\020\003\037\v\005\b\003\005\002\n\006\n\t\005\b\a\004\b\005\021\004\004\v\003\a\004\a\005\003\n\006\003\t\003\003\r\t\004\017\026\a\004\t\004\020\005\b\003\004\005\v\n\004\a\020\006\005\004\004\002\b\005\r\023\n\n\t\v\003\026\026\f\003\020\a\005\b\v\003\f\005\f\022\006\003\005\003\003\005\004\022\003\n\005\002\006\006\025\031\003\024\r\003\016\003\t\016\017\b\a\017\002\f"...,
p=0x0) at baloo-5.29.0/src/codecs/coding.h:97
#7  Baloo::getDifferentialVarInt32 (p=0x0, p@entry=0x7ef1143d7d27 "ddb",
limit=limit@entry=0x7ef11446c64f
"\002\003\v\006'\017\031\f\v\006\005\n\b\016\016\017\f\a\024\t\a\004\020\003\n\003\v\003\a\n\t\004\b\004\003\b\a\005\b\a\006\003\a\006\003\f\n\023\003\006\t\004\a\004\003\r\005\v\b\003\016\004\025\b\004\b\004\033\b\005\017\a\a\004\v\005\003\005\b\a\r\020\004\004\030\n\005\020\003\037\v\005\b\003\005\002\n\006\n\t\005\b\a\004\b\005\021\004\004\v\003\a\004\a\005\003\n\006\003\t\003\003\r\t\004\017\026\a\004\t\004\020\005\b\003\004\005\v\n\004\a\020\006\005\004\004\002\b\005\r\023\n\n\t\v\003\026\026\f\003\020\a\005\b\v\003\f\005\f\022\006\003\005\003\003\005\004\022\003\n\005\002\006\006\025\031\003\024\r\003\016\003\t\016\017\b\a\017\002\f"...,
values=values@entry=0x7f309520d9f8) at baloo-5.29.0/src/codecs/coding.cpp:121
#8  0x7f309601fbdc in Baloo::PositionCodec::decode
(this=this@entry=0x7f309520da4f, arr=...) at
baloo-5.29.0/src/codecs/positioncodec.cpp:56
#9  0x7f309600a26f in Baloo::PositionDB::get
(this=this@entry=0x7f309520db30, term=...) at
baloo-5.29.0/src/engine/positiondb.cpp:101
#10 0x7f309601cc03 in Baloo::WriteTransaction::commit (this=) at baloo-5.29.0/src/engine/writetransaction.cpp:272
#11 0x7f309601497e in Baloo::Transaction::commit
(this=this@entry=0x7f309520dc50) at baloo-5.29.0/src/engine/transaction.cpp:262
#12 0x00411d6c in Baloo::FirstRunIndexer::run (this=0x235adf0) at
baloo-5.29.0/src/file/firstrunindexer.cpp:81
#13 0x003a980b80ea in QThreadPoolThread::run (this=0x24c2120) at
thread/qthreadpool.cpp:99
#14 0x003a980bdef6 in QThreadPrivate::start (arg=0x24c2120) at
thread/qthread_unix.cpp:368
#15 0x003733407446 in start_thread (arg=0x7f309520e700) at
pthread_create.c:334
#16 0x0037330e8d3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

I think it is due to the fact, that getVarint32PtrFallback
(src/codecs/coding.cpp) can return a NULL, but neither getVarint32Ptr
(src/codecs/coding.h) or getDifferentialVarInt32 (src/codecs/coding.cpp), that
call it directly and indirectly, handles it.

Relevant pieces of code:
src/codecs/coding.h:
 : inline char* getVarint32Ptr(char* p, char* limit, quint32* value)
 : ...
 : if (p < limit) {
 : quint32 result = *(reinterpret_cast(p));  
//<<< 'p' can be NULL
 : ...
 : return getVarint32PtrFallback(p, limit, value);   //<<<
getVarint32PtrFallback can return NULL


src/codecs/coding.cpp:
 : char* getDifferentialVarInt32(char* p, char* limit, QVector*
values)
 : ...
 : while (p < limit && size) {
 : quint32 n;
 : p = getVarint32Ptr(p, limit, );   //<<< getVarint32Ptr can return
NULL
 : ...

 : char* getVarint32PtrFallback(char* p, char* limit, quint32* value)
 : ...
 : return NULL;

-- 
You are receiving this mail because:
You are watching all bug changes.

[Akonadi] [Bug 362420] DAV Resource 16.08.0: Segfaults randomly

[NightSky]

https://bugs.kde.org/show_bug.cgi?id=362420

NightSky <risimi...@gmail.com> changed:

   What|Removed |Added

 CC||risimi...@gmail.com

--- Comment #2 from NightSky <risimi...@gmail.com> ---
Same here on Gentoo Linux, kde-frameworks-5.29, kde-applications-16.12.0 with
similar stack trace.

According to the stack trace:
EtagCache::setEtag (this=__0x0__, remoteId=..., etag=...)
DavGroupwareResource::onItemFetched(...)
it looks like DavGroupwareResource::onItemFetched() is got a nullptr instead of
EtagCache*.

Relevant lines from davgroupwareresource.cpp:
956:// update etag
957:item.setRemoteRevision(davItem.etag());
958:>>> EtagCache *etag = mEtagCaches[collection.remoteId()]; <<<
959:etag->setEtag(item.remoteId(), davItem.etag());

If collection.remoteId() is not in the mEtagCaches, the etag pointer will be
initialized to null.
( https://doc.qt.io/qt-5.7/qmap.html#operator-5b-5d )
( https://doc.qt.io/qt-5.7/containers.html#default-constructed-value )

I don't really know what the DavGroupwareResource should do in such case, so
meanwhile I just copy pasted a relevant check from another DavGroupwareResource
method (see below).
And now, instead of the segfault I get an "org.kde.pim.davresource: Fetched
item is in a collection we don't have in the cache" in the logs, each time I
open KOrganizer.

Hope that helps.

 - - -  - - - - - - - - - - - - - - - - - - - - - - - - ->8
diff --git a/resources/dav/resource/davgroupwareresource.cpp
b/resources/dav/resource/davgroupwareresource.cpp
--- a/resources/dav/resource/davgroupwareresource.cpp
+++ b/resources/dav/resource/davgroupwareresource.cpp
@@ -955,6 +955,14 @@

 // update etag
 item.setRemoteRevision(davItem.etag());
+
+if (!mEtagCaches.contains(collection.remoteId())) {
+qCWarning(DAVRESOURCE_LOG) << "Fetched item is in a collection we
don't have in the cache";
+// TODO: fix #362420 "DAV Resource 16.08.0: Segfaults randomly"
+cancelTask();
+return;
+}
+
 EtagCache *etag = mEtagCaches[collection.remoteId()];
 etag->setEtag(item.remoteId(), davItem.etag());

8< - -  - - - - - - - - - - - - - - - - - - - - - - - - - -

-- 
You are receiving this mail because:
You are watching all bug changes.