[ktnef] [Bug 356812] New: use-after-free crash on closing ktnef after opening a non-TNEF file

Santhiar via KDE Bugzilla bugzilla_noreply at kde.org
Thu Dec 17 03:58:29 GMT 2015 

https://bugs.kde.org/show_bug.cgi?id=356812

            Bug ID: 356812
           Summary: use-after-free crash on closing ktnef after opening a
                    non-TNEF file
           Product: ktnef
           Version: unspecified
          Platform: Compiled Sources
                OS: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: santhiar.anirudh at gmail.com

ktnef crashes with a use-after-free bug if it is closed when the error dialog
saying cannot open file is being shown

Reproducible: Always

Steps to Reproduce:
1. Open a non TNEF file from File -> Open
2. When the error dialog saying cannot open file is shown,
3. Quit ktnef from the command line, saying "qdbus `qdbus | grep ktnef`
/ktnef/MainWindow_1/actions/file_quit trigger"

Actual Results:  
ktnef crashes

Expected Results:  
ktnef closes smoothly

Version information:
Qt: 4.8.7
KDE Development Platform: 4.14.13
KTnef: 4.14.10

Here is the backtrace from KCrash:
Application: KTnef (ktnef), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f1653389780 (LWP 23215))]

Thread 2 (Thread 0x7f164104d700 (LWP 23217)):
#0  0x00007f164d82f4ac in send () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f164d82a020 in __vsyslog_chk () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f164d82a3af in syslog () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007f164e3aac93 in QMutex::lock (this=0x259d650) at
thread/qmutex.cpp:180
#4  0x00007f164e389645 in QMutex::lockInline (this=0x259d650) at
../../include/QtCore/../../src/corelib/thread/qmutex.h:201
#5  0x00007f164e3866c0 in QMutexLocker::QMutexLocker (this=0x7f164104ca20,
m=0x259d650) at ../../include/QtCore/../../src/corelib/thread/qmutex.h:109
#6  0x00007f164e58be54 in QThreadData::canWaitLocked (this=0x259d600) at
../../include/QtCore/private/../../../src/corelib/thread/qthread_p.h:236
#7  0x00007f164e58f30b in QEventDispatcherUNIX::processEvents
(this=0x7f163c0008f0, flags=...) at kernel/qeventdispatcher_unix.cpp:911
#8  0x00007f164e537f6c in QEventLoop::processEvents (this=0x7f164104cc78,
flags=...) at kernel/qeventloop.cpp:149
#9  0x00007f164e538332 in QEventLoop::exec (this=0x7f164104cc78, flags=...) at
kernel/qeventloop.cpp:225
#10 0x00007f164e3b00a0 in QThread::exec (this=0x259d7d0) at
thread/qthread.cpp:659
#11 0x00007f164e507994 in QInotifyFileSystemWatcherEngine::run (this=0x259d7d0)
at io/qfilesystemwatcher_inotify.cpp:265
#12 0x00007f164e3b4b2a in QThreadPrivate::start (arg=0x259d7d0) at
thread/qthread_unix.cpp:361
#13 0x00007f164d525e9a in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#14 0x00007f164d82e38d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#15 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f1653389780 (LWP 23215)):
[KCrash Handler]
#6  QPointer<QItemSelectionModel>::operator QItemSelectionModel* (this=0x2a8)
at ../../include/QtCore/../../src/corelib/kernel/qpointer.h:78
#7  0x00007f16501a215b in QAbstractItemView::selectionModel (this=0x22d0eb0) at
itemviews/qabstractitemview.cpp:766
#8  0x00007f1650268fa9 in QTreeWidget::clear (this=0x22d0eb0) at
itemviews/qtreewidget.cpp:3273
#9  0x000000000041ccf3 in KTNEFView::setAttachments (this=0x22d0eb0, list=...)
at KDE/kde/applications/kdepim/ktnef/ktnefview.cpp:90
#10 0x0000000000417c30 in KTNEFMain::loadFile (this=0x2295e10, filename=...) at
KDE/kde/applications/kdepim/ktnef/ktnefmain.cpp:204
#11 0x000000000041830e in KTNEFMain::openFile (this=0x2295e10) at
KDE/kde/applications/kdepim/ktnef/ktnefmain.cpp:228
#12 0x00007f164e564607 in QMetaObject::activate (sender=0x229b690,
m=0x7f1650979540 <QAction::staticMetaObject>, local_signal_index=1,
argv=0x7fffb7a04920) at kernel/qobject.cpp:3569
#13 0x00007f164f95b41d in QAction::triggered (this=0x229b690, _t1=false) at
.moc/debug-shared/moc_qaction.cpp:277
#14 0x00007f164f95b232 in QAction::activate (this=0x229b690,
event=QAction::Trigger) at kernel/qaction.cpp:1257
#15 0x00007f164f95d6ca in QAction::trigger (this=0x229b690) at
qt/src/gui/kernel/qaction.h:218
#16 0x00007f16500bbf93 in QToolButton::nextCheckState (this=0x22ee2a0) at
widgets/qtoolbutton.cpp:1152
#17 0x00007f164ff761c4 in QAbstractButtonPrivate::click (this=0x22e51c0) at
widgets/qabstractbutton.cpp:530
#18 0x00007f164ff7775c in QAbstractButton::mouseReleaseEvent (this=0x22ee2a0,
e=0x7fffb7a06278) at widgets/qabstractbutton.cpp:1123
#19 0x00007f16500bb854 in QToolButton::mouseReleaseEvent (this=0x22ee2a0,
e=0x7fffb7a06278) at widgets/qtoolbutton.cpp:723
#20 0x00007f164f9f497e in QWidget::event (this=0x22ee2a0, event=0x7fffb7a06278)
at kernel/qwidget.cpp:8389
#21 0x00007f164ff77581 in QAbstractButton::event (this=0x22ee2a0,
e=0x7fffb7a06278) at widgets/qabstractbutton.cpp:1082
#22 0x00007f16500bc029 in QToolButton::event (this=0x22ee2a0,
event=0x7fffb7a06278) at widgets/qtoolbutton.cpp:1168
#23 0x00007f164f96b48f in QApplicationPrivate::notify_helper (this=0x21c4920,
receiver=0x22ee2a0, e=0x7fffb7a06278) at kernel/qapplication.cpp:4565
#24 0x00007f164f96e893 in QApplication::notify (this=0x7fffb7a07930,
receiver=0x22ee2a0, e=0x7fffb7a06278) at kernel/qapplication.cpp:4108
#25 0x00007f1650f9ef7b in KApplication::notify (this=0x7fffb7a07930,
receiver=0x22ee2a0, event=0x7fffb7a06278) at
KDE/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
#26 0x00007f164e53cdc6 in QCoreApplication::notifyInternal
(this=0x7fffb7a07930, receiver=0x22ee2a0, event=0x7fffb7a06278) at
kernel/qcoreapplication.cpp:955
#27 0x00007f164f97602f in QCoreApplication::sendSpontaneousEvent
(receiver=0x22ee2a0, event=0x7fffb7a06278) at
qt/src/gui/../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#28 0x00007f164f96c531 in QApplicationPrivate::sendMouseEvent
(receiver=0x22ee2a0, event=0x7fffb7a06278, alienWidget=0x22ee2a0,
nativeWidget=0x2295e10, buttonDown=0x7f16509bf050 <qt_button_down>,
lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3171
#29 0x00007f164fa3d5e5 in QETWidget::translateMouseEvent (this=0x2295e10,
event=0x7fffb7a075b8) at kernel/qapplication_x11.cpp:4524
#30 0x00007f164fa38ff6 in QApplication::x11ProcessEvent (this=0x7fffb7a07930,
event=0x7fffb7a075b8) at kernel/qapplication_x11.cpp:3520
#31 0x00007f164fa83456 in QEventDispatcherX11::processEvents (this=0x21984c0,
flags=...) at kernel/qeventdispatcher_x11.cpp:151
#32 0x00007f164e537f6c in QEventLoop::processEvents (this=0x7fffb7a078b0,
flags=...) at kernel/qeventloop.cpp:149
#33 0x00007f164e538332 in QEventLoop::exec (this=0x7fffb7a078b0, flags=...) at
kernel/qeventloop.cpp:225
#34 0x00007f164e53d5ee in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1229
#35 0x00007f164f96d526 in QApplication::exec () at kernel/qapplication.cpp:3823
#36 0x000000000041db6b in main (argc=<optimized out>, argv=<optimized out>) at
KDE/kde/applications/kdepim/ktnef/main.cpp:63

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list