[kontact] [Bug 370646] Crash because of stale (dangling) pointers in the attribute registry

RJVB via KDE Bugzilla bugzilla_noreply at kde.org
Sun Oct 16 17:22:48 BST 2016


https://bugs.kde.org/show_bug.cgi?id=370646

--- Comment #8 from RJVB <rjvbertin at gmail.com> ---
This bug has gotten under my skin. Having looked at this a bit more and asking
around a bit, the most likely explanation for the crash is this:

- KCModuleLoader::loadModule() loads the library to get a pointer to the
create_ function. The library registers its attributes.
- libnoteshared (or the kcm depending on it) doesn't have such a function, and
so KCModuleLoader::loadModule() unloads the library again
- somewhat thereafter, the library (and/or the kcm depending on it) is loaded
once more, and again registers its attributes
- the attribute factory finds a previous registration, and attempts to delete
the registered attributes
- since the library was unloaded and reloaded since those attributes were
"new'ed", the dtor lives (potentially) at a different address.
- delete *it invokes the dtor ... which may SEGV if the dtor address has
changed.

I see that `KCModuleLoader::loadModule()` has hardly changed and not at all in
the aspects outlined above. IOW, this bug is likely to occur in KDE PIM5 too if
libnoteshared hasn't obtained a create_ function since.

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list