[okular] [Bug 410844] Okular segfault

[Tobias Deiminger]

https://bugs.kde.org/show_bug.cgi?id=410844

Tobias Deiminger <haxtibal at posteo.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |haxtibal at posteo.de

--- Comment #10 from Tobias Deiminger <haxtibal at posteo.de> ---
(In reply to Albert Astals Cid from comment #9)
> The backtraces really make no sense :/

The only suspicious thing I can spot is the this-pointer of the RefCount object
in comment 0 (this=0xc40c758) and comment 8 (this=0xffe824e92a894476). The
former is uncommonly low, the latter is too high, because it resides in the
hole of non-canonical virtual memory addresses on x86_64. Both traces from two
different people show the same kind of oddness, that's something where one
could dig deeper.

Such an invalid this-pointer could for example occur if in
TextDocumentGenerator::loadDocumentWithPassword, the QVector [] operator in
    objects[ info.page ].append(/*...*/)
does an out of bounds access to the objects array.

There's already some safety implemented
    if ( info.page >= objects.count() )
      continue;
but info.page is a signed int, and the check doesn't catch negative page
numbers. So in theory we could fail here, unless info.page >= 0 is ensured in
some other place.

It's quite late. Can anybody double check for how much nonsense I've just
written?

-- 
You are receiving this mail because:
You are the assignee for the bug.