[dolphin] [Bug 482016] Dolphin crashes after trying to extract a .zip archive with wrong password

Nicolas Fella bugzilla_noreply at kde.org
Sun Mar 3 16:42:09 GMT 2024


https://bugs.kde.org/show_bug.cgi?id=482016

--- Comment #7 from Nicolas Fella <nicolas.fella at gmx.de> ---
==9403==ERROR: AddressSanitizer: heap-use-after-free on address 0x517000108b88
at pc 0x7f29b692b71c bp 0x7ffe20edf050 sp 0x7ffe20edf048
READ of size 8 at 0x517000108b88 thread T0
    #0 0x7f29b692b71b in QProcessPrivate::q_func()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess_p.h:194
    #1 0x7f29b692b71b in
QProcessPrivate::tryReadFromChannel(QProcessPrivate::Channel*)
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1114
    #2 0x7f29b692bac7 in QProcessPrivate::_q_canReadStandardError()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1193
    #3 0x7f29b692bd6e in QProcessPrivate::_q_processDied()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1212
    #4 0x7f29b692c3ca in QProcess::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**)
/home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qprocess.cpp:256
    #5 0x7f29b645eca1 in void doActivate<false>(QObject*, int, void**)
(/home/nico/kde-asan/usr/lib64/libQt6Core.so.6+0x45eca1) (BuildId:
2503cc5a23788b86390f3b24862625fb0d1b1b70)
    #6 0x7f29b643d9c7 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4120
    #7 0x7f29b64894c0 in QSocketNotifier::activated(QSocketDescriptor,
QSocketNotifier::Type, QSocketNotifier::QPrivateSignal)
/home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qsocketnotifier.cpp:196
    #8 0x7f29b648b126 in QSocketNotifier::event(QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qsocketnotifier.cpp:327
    #9 0x7f29b9067833 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/widgets/kernel/qapplication.cpp:3298
    #10 0x7f29b90834ca in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/widgets/kernel/qapplication.cpp:3249
    #11 0x7f29b635956a in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1134
    #12 0x7f29b63596f8 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1575
    #13 0x7f29b6b0f304 in socketNotifierSourceDispatch
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:75
    #14 0x7f29b3290f2f in g_main_dispatch ../glib/gmain.c:3476
    #15 0x7f29b3290f2f in g_main_context_dispatch_unlocked ../glib/gmain.c:4284
    #16 0x7f29b3292b57 in g_main_context_iterate_unlocked ../glib/gmain.c:4349
    #17 0x7f29b329320b in g_main_context_iteration ../glib/gmain.c:4414
    #18 0x7f29b6b0c001 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394
    #19 0x7f29b85de8f7 in
QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6/qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:87
    #20 0x7f29b63765b9 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventloop.cpp:100
    #21 0x7f29b6377a61 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventloop.cpp:182
    #22 0x7f29b636176a in QCoreApplication::exec()
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1478
    #23 0x7f29b780d77f in QGuiApplication::exec()
/home/nico/workspace/qt6/qtbase/src/gui/kernel/qguiapplication.cpp:1926
    #24 0x7f29b9066ec8 in QApplication::exec()
/home/nico/workspace/qt6/qtbase/src/widgets/kernel/qapplication.cpp:2568
    #25 0x45a3df in main /home/nico/kde-asan/src/dolphin/src/main.cpp:255
    #26 0x7f29b582a1ef in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #27 0x7f29b582a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
    #28 0x44ffc4 in _start ../sysdeps/x86_64/start.S:115

0x517000108b88 is located 8 bytes inside of 688-byte region
[0x517000108b80,0x517000108e30)
freed by thread T0 here:
    #0 0x7f29c22fd0d8 in operator delete(void*, unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:164
    #1 0x7f29b692e379 in QProcessPrivate::~QProcessPrivate()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:975
    #2 0x7f29b645a887 in
QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*)
/home/nico/workspace/qt6/qtbase/src/corelib/tools/qscopedpointer.h:24
    #3 0x7f29b645a887 in QScopedPointer<QObjectData,
QScopedPointerDeleter<QObjectData> >::~QScopedPointer()
/home/nico/workspace/qt6/qtbase/src/corelib/tools/qscopedpointer.h:81
    #4 0x7f29b645554d in QObject::~QObject()
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:1177
    #5 0x7f29b629c1dc in QIODevice::~QIODevice()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qiodevice.cpp:466
    #6 0x7f29b692c7e1 in QProcess::~QProcess()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1321
    #7 0x7f29bb9e1acc in KProcess::~KProcess()
/home/nico/kde-asan/src/kcoreaddons/src/lib/io/kprocess.cpp:42
    #8 0x7f299617cbe4 in KPtyProcess::~KPtyProcess()
/home/nico/kde-asan/src/kpty/src/kptyprocess.cpp:87
    #9 0x7f299617cc09 in KPtyProcess::~KPtyProcess()
/home/nico/kde-asan/src/kpty/src/kptyprocess.cpp:87
    #10 0x7f2994b60d6b in Kerfuffle::CliInterface::extractProcessFinished(int,
QProcess::ExitStatus)
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:331
    #11 0x7f2994b7f00e in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>,
QtPrivate::List<int, QProcess::ExitStatus>, void, void
(Kerfuffle::CliInterface::*)(int, QProcess::ExitStatus)>::call(void
(Kerfuffle::CliInterface::*)(int, QProcess::ExitStatus),
Kerfuffle::CliInterface*, void**)
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:145
    #12 0x7f2994b7ccd9 in void QtPrivate::FunctionPointer<void
(Kerfuffle::CliInterface::*)(int,
QProcess::ExitStatus)>::call<QtPrivate::List<int, QProcess::ExitStatus>,
void>(void (Kerfuffle::CliInterface::*)(int, QProcess::ExitStatus),
Kerfuffle::CliInterface*, void**)
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:182
    #13 0x7f2994b7c1d1 in QtPrivate::QCallableObject<void
(Kerfuffle::CliInterface::*)(int, QProcess::ExitStatus), QtPrivate::List<int,
QProcess::ExitStatus>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*,
void**, bool*) /home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:553
    #14 0x7f29b645e85b in void doActivate<false>(QObject*, int, void**)
(/home/nico/kde-asan/usr/lib64/libQt6Core.so.6+0x45e85b) (BuildId:
2503cc5a23788b86390f3b24862625fb0d1b1b70)
    #15 0x7f29b643d9c7 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4120
    #16 0x7f29b69271c3 in QProcess::finished(int, QProcess::ExitStatus)
/home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qprocess.cpp:347
    #17 0x7f29b692bc0d in QProcessPrivate::processFinished()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1249
    #18 0x7f29b6946dac in QProcessPrivate::waitForFinished(QDeadlineTimer
const&) /home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess_unix.cpp:1253
    #19 0x7f29b692978e in QProcess::waitForFinished(int)
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:2087
    #20 0x7f2994b6992d in Kerfuffle::CliInterface::killProcess(bool)
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:675
    #21 0x7f2994b6ac23 in Kerfuffle::CliInterface::readStdout(bool)
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:779
    #22 0x7f2994b5e9a6 in operator()
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:255
    #23 0x7f2994b737ac in call
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:137
    #24 0x7f2994b7371e in call<QtPrivate::List<>, void>
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:345
    #25 0x7f2994b736d5 in impl
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:555
    #26 0x7f29b645e85b in void doActivate<false>(QObject*, int, void**)
(/home/nico/kde-asan/usr/lib64/libQt6Core.so.6+0x45e85b) (BuildId:
2503cc5a23788b86390f3b24862625fb0d1b1b70)
    #27 0x7f29b643d9c7 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:4120
    #28 0x7f29b692762c in
QProcess::readyReadStandardOutput(QProcess::QPrivateSignal)
/home/nico/workspace/qt6/qtbase/src/corelib/Core_autogen/include/moc_qprocess.cpp:368
    #29 0x7f29b692b99d in
QProcessPrivate::tryReadFromChannel(QProcessPrivate::Channel*)
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1174
    #30 0x7f29b692bab5 in QProcessPrivate::_q_canReadStandardOutput()
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1185

previously allocated by thread T0 here:
    #0 0x7f29c22fc1d8 in operator new(unsigned long)
../../../../libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x7f29b6928f9a in QProcess::QProcess(QObject*)
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess.cpp:1298
    #2 0x7f29bb9e18d1 in KProcess::KProcess(QObject*)
/home/nico/kde-asan/src/kcoreaddons/src/lib/io/kprocess.cpp:29
    #3 0x7f299617c5df in KPtyProcess::KPtyProcess(int, QObject*)
/home/nico/kde-asan/src/kpty/src/kptyprocess.cpp:39
    #4 0x7f299617bc00 in KPtyProcess::KPtyProcess(QObject*)
/home/nico/kde-asan/src/kpty/src/kptyprocess.cpp:33
    #5 0x7f2994b5f1df in Kerfuffle::CliInterface::runProcess(QString const&,
QList<QString> const&)
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:246
    #6 0x7f2994b5a32e in
Kerfuffle::CliInterface::extractFiles(QList<Kerfuffle::Archive::Entry*> const&,
QString const&, Kerfuffle::ExtractionOptions const&)
/home/nico/kde-asan/src/ark/kerfuffle/cliinterface.cpp:111
    #7 0x7f2994add109 in Kerfuffle::ExtractJob::doWork()
/home/nico/kde-asan/src/ark/kerfuffle/jobs.cpp:584
    #8 0x7f2994af6b1f in QtPrivate::FunctorCall<QtPrivate::IndexesList<>,
QtPrivate::List<>, void, void (Kerfuffle::Job::*)()>::call(void
(Kerfuffle::Job::*)(), Kerfuffle::Job*, void**)
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:145
    #9 0x7f2994af5e21 in void QtPrivate::FunctionPointer<void
(Kerfuffle::Job::*)()>::call<QtPrivate::List<>, void>(void
(Kerfuffle::Job::*)(), Kerfuffle::Job*, void**)
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:182
    #10 0x7f2994af4143 in QtPrivate::QCallableObject<void
(Kerfuffle::Job::*)(), QtPrivate::List<>, void>::impl(int,
QtPrivate::QSlotObjectBase*, QObject*, void**, bool*)
/home/nico/kde-asan/usr/include/QtCore/qobjectdefs_impl.h:553
    #11 0x7f29b6430f4b in QtPrivate::QSlotObjectBase::call(QObject*, void**)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobjectdefs_impl.h:469
    #12 0x7f29b6430f4b in QMetaCallEvent::placeMetaCall(QObject*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:650
    #13 0x7f29b64435ed in QObject::event(QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qobject.cpp:1446
    #14 0x7f29b9067833 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/widgets/kernel/qapplication.cpp:3298
    #15 0x7f29b90834ca in QApplication::notify(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/widgets/kernel/qapplication.cpp:3249
    #16 0x7f29b635956a in QCoreApplication::notifyInternal2(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1134
    #17 0x7f29b63596f8 in QCoreApplication::sendEvent(QObject*, QEvent*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1575
    #18 0x7f29b635aa5b in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1946
    #19 0x7f29b635ad50 in QCoreApplication::sendPostedEvents(QObject*, int)
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qcoreapplication.cpp:1803
    #20 0x7f29b6b0da71 in postEventSourceDispatch
/home/nico/workspace/qt6/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:244
    #21 0x7f29b3290f2f in g_main_dispatch ../glib/gmain.c:3476
    #22 0x7f29b3290f2f in g_main_context_dispatch_unlocked ../glib/gmain.c:4284

SUMMARY: AddressSanitizer: heap-use-after-free
/home/nico/workspace/qt6/qtbase/src/corelib/io/qprocess_p.h:194 in
QProcessPrivate::q_func()

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the kfm-devel mailing list