[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 Albert Astals Cid changed: What|Removed |Added Latest Commit|https://invent.kde.org/netw |https://invent.kde.org/netw |ork/kio-extras/-/commit/3bd |ork/kio-extras/-/commit/cf5 |4906f2e37456eb296a527913b30 |d29ae48c627d6299638a5c535f5 |5ba472b761 |d8c2ae36fa --- Comment #9 from Albert Astals Cid --- Git commit cf5d29ae48c627d6299638a5c535f5d8c2ae36fa by Albert Astals Cid, on behalf of Daniel Schulte. Committed on 11/09/2023 at 22:57. Pushed by aacid into branch 'release/23.08'. thumbnail: Fix heap-use-after-free in AudioCreator::create There is a heap-use-after-free issue in `AudioCreator::create` resulting from storing the pointer to a temporary `QByteArray`'s data() in a pointer and accessing it after the byte-array has been freed (when the the temporary object was created on is over). This fixes it by moving the `QByteArray` onto the stack, thus making it not temporary anymore, keeping it around until its data isn't needed anymore. (cherry picked from commit 3bd4906f2e37456eb296a527913b305ba472b761) M +2-1thumbnail/audiocreator.cpp https://invent.kde.org/network/kio-extras/-/commit/cf5d29ae48c627d6299638a5c535f5d8c2ae36fa -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 Albert Astals Cid changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED Latest Commit||https://invent.kde.org/netw ||ork/kio-extras/-/commit/3bd ||4906f2e37456eb296a527913b30 ||5ba472b761 --- Comment #8 from Albert Astals Cid --- Git commit 3bd4906f2e37456eb296a527913b305ba472b761 by Albert Astals Cid, on behalf of Daniel Schulte. Committed on 11/09/2023 at 22:57. Pushed by aacid into branch 'master'. thumbnail: Fix heap-use-after-free in AudioCreator::create There is a heap-use-after-free issue in `AudioCreator::create` resulting from storing the pointer to a temporary `QByteArray`'s data() in a pointer and accessing it after the byte-array has been freed (when the the temporary object was created on is over). This fixes it by moving the `QByteArray` onto the stack, thus making it not temporary anymore, keeping it around until its data isn't needed anymore. M +2-1thumbnail/audiocreator.cpp https://invent.kde.org/network/kio-extras/-/commit/3bd4906f2e37456eb296a527913b305ba472b761 -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 --- Comment #7 from Daniel Schulte --- I'm pretty sure I found the issue. At least on my machine it doesn't happen anymore with the fix and before I could reproduce it every time I opened my ~/music folder in Dolphin. I've created a merge request for the fix at https://invent.kde.org/network/kio-extras/-/merge_requests/281 -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 --- Comment #6 from Daniel Schulte --- For me it still crashes with 5.107.0 on ArchLinux. Except only on the music library now. The crash with the file open dialog showing my home directory seem resolved (or I moved/deleted the offending file thee, not sure about which). Current system information: Operating System: Arch Linux KDE Plasma Version: 5.27.6 KDE Frameworks Version: 5.107.0 Qt Version: 5.15.10 Kernel Version: 6.4.1-arch2-1 (64-bit) Graphics Platform: Wayland Processors: 8 × Intel® Xeon® CPU E3-1245 v5 @ 3.50GHz Memory: 31,1 GiB of RAM Graphics Processor: AMD Radeon RX 580 Series Manufacturer: Supermicro Product Name: Super Server System Version: 0123456789 -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 --- Comment #5 from Daniel Schulte --- Created attachment 160086 --> https://bugs.kde.org/attachment.cgi?id=160086=edit Crash report from kioslave5 -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 postix changed: What|Removed |Added Version Fixed In||5.107 --- Comment #4 from postix --- Looks like it's indeed fixed in 5.107. -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 --- Comment #3 from postix --- I have built the current plasma5/kf5 branch of plasma-workspace, plasma-desktop, dolphin and kio-extra with kdesrc-build and there could no longer reproduce the issue. Not sure what might have fixed it though. -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 postix changed: What|Removed |Added See Also|https://bugs.kde.org/show_b |https://bugs.kde.org/show_b |ug.cgi?id=439034|ug.cgi?id=427448 -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 postix changed: What|Removed |Added See Also||https://bugs.kde.org/show_b ||ug.cgi?id=439034 Ever confirmed|0 |1 Status|REPORTED|CONFIRMED -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458
Daniel Schulte changed:
What|Removed |Added
CC||trilader+kdeb...@gmail.com
--- Comment #2 from Daniel Schulte ---
I also have this issue (on ArchLinux). The following is the report generated by
Dr.Konqi while running version 5.106.
kioslave5 crashes when opening a folder containing my music library in Dolphin,
or when opening my home folder in Kates "Open File" dialog. Interestingly it is
not crashing when opening my home folder in Dolphin. File previews are enabled
(and it doesn't crash with them disabled). The file in question in both cases
is an ext4 filesystem, on an internal SSD drive for my home and on a normal HDD
for my music library.
I tried to convince gdb to give me the name of the failing file by following
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/Debugging_IOSlaves
and attaching to the thumbnail kio process but I've not had any luck as the
types are incomplete (I think some TagLib stuff was optimized out too much or
the ArchLinux debug information aren't complete enough).
```
Application: kioslave5 (kioslave5), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr = {get() = }
[KCrash Handler]
#6 0x7f557419e514 in () at /usr/lib/libtag.so.1
#7 0x7f557419f436 in TagLib::MP4::Atoms::find(char const*, char const*,
char const*, char const*) () at /usr/lib/libtag.so.1
#8 0x7f557419f4e2 in TagLib::MP4::File::hasMP4Tag() const () at
/usr/lib/libtag.so.1
#9 0x7f55837940ca in parseMP4Tag (file=...) at
/usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/audiocreator.cpp:101
#10 AudioCreator::create(KIO::ThumbnailRequest const&)
(this=this@entry=0x55f37e5054a0, request=...) at
/usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/audiocreator.cpp:179
#11 0x7f558f6348c9 in
ThumbnailProtocol::createThumbnail(ThumbCreatorWithMetadata*, QString const&,
int, int, QImage&) (this=this@entry=0x7ffccde07f50,
thumbCreator=thumbCreator@entry=0x55f37e5053c0, filePath=..., width=128,
height=height@entry=128, thumbnail=...) at
/usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:851
#12 0x7f558f63a5d5 in ThumbnailProtocol::get(QUrl const&)
(this=0x7ffccde07f50, url=) at
/usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:256
#13 0x7f558f508a64 in KIO::WorkerSlaveBaseBridge::get(QUrl const&)
(this=0x55f37e4f4c40, url=) at
/usr/src/debug/kio/kio-5.106.0/src/core/workerbase_p.h:71
#14 0x7f558f505156 in KIO::SlaveBase::dispatch(int, QByteArray const&)
(this=0x55f37e4f4c40, command=67, data=...) at
/usr/src/debug/kio/kio-5.106.0/src/core/slavebase.cpp:1257
#15 0x7f558f4fd2ae in KIO::SlaveBase::dispatchLoop() (this=0x55f37e4f4c40)
at /usr/src/debug/kio/kio-5.106.0/src/core/slavebase.cpp:342
#16 0x7f558f6362c2 in kdemain(int, char**) (argc=,
argv=) at
/usr/src/debug/kio-extras/kio-extras-23.04.1/thumbnail/thumbnail.cpp:121
#17 0x55f37d84b1fd in main(int, char**) (argc=5, argv=0x7ffccde08b98) at
/usr/src/debug/kio/kio-5.106.0/src/kioslave/kioslave.cpp:145
[Inferior 1 (process 7388) detached]
```
--
You are receiving this mail because:
You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 --- Comment #1 from postix --- It only happens if the "show file preview" option is enabled in Dolphin. -- You are receiving this mail because: You are watching all bug changes.
[frameworks-kio] [Bug 469458] kioslave5 crashes in parseMP4Tag when displaying m4a files in Dolphin
https://bugs.kde.org/show_bug.cgi?id=469458 postix changed: What|Removed |Added Summary|kioslave5 crashes when |kioslave5 crashes in |displaying m4a files in |parseMP4Tag when displaying m4a ||files in Dolphin -- You are receiving this mail because: You are watching all bug changes.
