[Bug 229154] crash after select a particular message

Thomas Jarosch thomas.jarosch at intra2net.com
Wed Mar 3 16:25:25 GMT 2010 

https://bugs.kde.org/show_bug.cgi?id=229154





--- Comment #2 from Thomas Jarosch <thomas jarosch intra2net com>  2010-03-03 17:25:22 ---
Running kmail in valgrind shows memory reads of previoulsy freed memory:

==28684== Syscall param write(buf) points to uninitialised byte(s)
==28684==    at 0x35D1E0DD20: __write_nocancel (in /lib64/libpthread-2.10.2.so)
==28684==    by 0x35D6E0902E: (within /usr/lib64/libICE.so.6.3.0)
==28684==    by 0x35D6E0D8BF: _IceWrite (in /usr/lib64/libICE.so.6.3.0)
==28684==    by 0x35D6E0D9A3: IceFlush (in /usr/lib64/libICE.so.6.3.0)
==28684==    by 0x35DEC1FFCC: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEC2401F: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEC349DD: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEC356D8: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35D6A0624E: _SmcProcessMessage (in /usr/lib64/libSM.so.6.0.0)
==28684==    by 0x35D6E123EB: IceProcessMessages (in
/usr/lib64/libICE.so.6.3.0)
==28684==    by 0x35DEC2050E: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DC77991E: QMetaObject::activate(QObject*, QMetaObject
const*, int, void**) (in /usr/lib64/libQtCore.so.4.6.2)
==28684==  Address 0xd76b4ac is 12 bytes inside a block of size 1,024 alloc'd
==28684==    at 0x4A05414: calloc (vg_replace_malloc.c:397)
==28684==    by 0x35D6E05D88: IceOpenConnection (in /usr/lib64/libICE.so.6.3.0)
==28684==    by 0x35D6A026F2: SmcOpenConnection (in /usr/lib64/libSM.so.6.0.0)
==28684==    by 0x35DEC271C7: QSessionManager::QSessionManager(QApplication*,
QString&, QString&) (in /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEBB644B: QApplicationPrivate::initialize() (in
/usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEBB656A: QApplicationPrivate::construct(_XDisplay*,
unsigned long, unsigned long) (in /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35DEBB7287: QApplication::QApplication(int&, char**, bool,
int) (in /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x35E2221D4B: KApplication::KApplication(bool, KComponentData
const&) (in /usr/lib64/libkdeui.so.5.4.0)
==28684==    by 0x35E2228302: KUniqueApplication::KUniqueApplication(bool,
bool) (in /usr/lib64/libkdeui.so.5.4.0)
==28684==    by 0x35F1012FB6:
KontactInterface::PimUniqueApplication::PimUniqueApplication() (in
/usr/lib64/libkontactinterface.so.4.4.0)
==28684==    by 0x40322A: main (main.cpp:49)

The interesting part:

==28684==  Address 0x1782f190 is 40 bytes inside a block of size 80 free'd
==28684==    at 0x4A05E3F: operator delete(void*) (vg_replace_malloc.c:342)
==28684==    by 0x35DF14B648: QTreeWidgetItem::~QTreeWidgetItem() (in
/usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x4F64002: KMMimePartTreeItem::~KMMimePartTreeItem()
(kmmimeparttree.h:105)
==28684==    by 0x35DF142B85: (within /usr/lib64/libQtGui.so.4.6.2)
==28684==    by 0x4F60025: KMMimePartTree::clearAndResetSortOrder()
(kmmimeparttree.cpp:103)
==28684==    by 0x4E0EFB0: KMReaderWin::displayMessage() (kmreaderwin.cpp:1517)
==28684==    by 0x4E0F25F: KMReaderWin::updateReaderWin()
(kmreaderwin.cpp:1478)
==28684==    by 0x4E0FB34: KMReaderWin::update(KMail::Interface::Observable*)
(kmreaderwin.cpp:903)
==28684==    by 0x5033AA0: KMail::ISubject::notify() (isubject.cpp:33)
==28684==    by 0x4D3496B: KMMessage::updateBodyPart(QString, QByteArray
const&) (kmmessage.cpp:3185)
==28684==    by 0x500B7E8: KMail::ImapJob::slotGetMessageResult(KJob*)
(imapjob.cpp:435)
==28684==    by 0x500D36A: KMail::ImapJob::qt_metacall(QMetaObject::Call, int,
void**) (imapjob.moc:88)
==28684== 
==28684== Invalid read of size 8
==28684==    at 0x4F6033F: KMMimePartTreeItem::correctSize() (qlist.h:90)
==28684==    by 0x4F603B9: KMMimePartTreeItem::correctSize()
(kmmimeparttree.cpp:431)
==28684==    by 0x4F603B9: KMMimePartTreeItem::correctSize()
(kmmimeparttree.cpp:431)
==28684==    by 0x4F62783:
KMMimePartTreeItem::KMMimePartTreeItem(KMMimePartTreeItem*, partNode*, QString
const&, QString const&, QString const&, unsigned long long, bool)
(kmmimeparttree.cpp:404)
==28684==    by 0x4FA6BF2: partNode::fillMimePartTree(KMMimePartTreeItem*,
KMMimePartTree*, QString const&, QString const&, QString const&, unsigned long
long, bool) (partNode.cpp:549)
==28684==    by 0x4FA6C9B: partNode::fillMimePartTree(KMMimePartTreeItem*,
KMMimePartTree*, QString const&, QString const&, QString const&, unsigned long
long, bool) (partNode.cpp:561)
==28684==    by 0x4FA65D6: partNode::fillMimePartTree(KMMimePartTreeItem*,
KMMimePartTree*, QString const&, QString const&, QString const&, unsigned long
long, bool) (partNode.cpp:500)
==28684==    by 0x4FA6C9B: partNode::fillMimePartTree(KMMimePartTreeItem*,
KMMimePartTree*, QString const&, QString const&, QString const&, unsigned long
long, bool) (partNode.cpp:561)
==28684==    by 0x4F9559B:
KMail::ObjectTreeParser::insertAndParseNewChildNode(partNode&, char const*,
char const*, bool, bool) (objecttreeparser.cpp:232)
==28684==    by 0x4F9938F:
KMail::ObjectTreeParser::processMessageRfc822Subtype(partNode*,
KMail::ProcessResult&) (objecttreeparser.cpp:1582)
==28684==    by 0x4F94CC8: KMail::ObjectTreeParser::parseObjectTree(partNode*)
(objecttreeparser.cpp:318)
==28684==    by 0x4F94FE4: KMail::ObjectTreeParser::stdChildHandling(partNode*)
(objecttreeparser.cpp:1278)

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list