[kio-extras] [Bug 343153] New: kio_sftp crashes if sftp_write(...) fails (double-free in sftpProtocol::sftpPut)
Kevin Funk
kfunk at kde.org
Thu Jan 22 13:04:36 UTC 2015
https://bugs.kde.org/show_bug.cgi?id=343153
Bug ID: 343153
Summary: kio_sftp crashes if sftp_write(...) fails (double-free
in sftpProtocol::sftpPut)
Product: kio-extras
Version: unspecified
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: crash
Priority: NOR
Component: default
Assignee: plasma-devel at kde.org
Reporter: kfunk at kde.org
Situation: Disk on remote server is full. In that case, when saving the file,
sftp_write inside kio_sftp.cpp will fail. This leads to a crash later on.
Error in `kio_sftp.so [kdeinit5] sftp
local:/run/user/1000/klauncherXM8394.1.slave-socket
local:/run/user/1000/katewZ9343.3.slave-socket': free(): invalid pointer:
0x0000000000a54770 ***
Tested with Kate 5.x when working on a file opened via sftp protocol.
Valgrind report:
(...)
==10659== Invalid read of size 8
==10659== at 0xF79E62E: sftp_attributes_free (sftp.c:1542)
==10659== by 0xF56807B: sftpProtocol::sftpPut(KUrl const&, int,
QFlags<KIO::JobFlag>, int&, int) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString
const&, int, QFlags<KIO::JobFlag>, int&) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int,
QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0xF5646C3: kdemain (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4016B7: main (in
/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave)
==10659== Address 0x17f8f188 is 40 bytes inside a block of size 144 free'd
==10659== at 0x4C2C2E0: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10659== by 0xF568073: sftpProtocol::sftpPut(KUrl const&, int,
QFlags<KIO::JobFlag>, int&, int) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString
const&, int, QFlags<KIO::JobFlag>, int&) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int,
QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0xF5646C3: kdemain (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4016B7: main (in
/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave)
==10659==
==10659== Invalid free() / delete / delete[] / realloc()
==10659== at 0x4C2BE10: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10659== by 0xF56807B: sftpProtocol::sftpPut(KUrl const&, int,
QFlags<KIO::JobFlag>, int&, int) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString
const&, int, QFlags<KIO::JobFlag>, int&) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int,
QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0xF5646C3: kdemain (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4016B7: main (in
/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave)
==10659== Address 0x17f8f160 is 0 bytes inside a block of size 144 free'd
==10659== at 0x4C2C2E0: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10659== by 0xF568073: sftpProtocol::sftpPut(KUrl const&, int,
QFlags<KIO::JobFlag>, int&, int) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF568DE3: sftpProtocol::sftpCopyPut(KUrl const&, QString
const&, int, QFlags<KIO::JobFlag>, int&) (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0xF5692B7: sftpProtocol::copy(QUrl const&, QUrl const&, int,
QFlags<KIO::JobFlag>) (in /usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4EBDA08: KIO::SlaveBase::dispatch(int, QByteArray const&) (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0x4EB7BBD: KIO::SlaveBase::dispatchLoop() (in
/usr/lib/x86_64-linux-gnu/libKF5KIOCore.so.5.3.0)
==10659== by 0xF5646C3: kdemain (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/kio_sftp.so)
==10659== by 0x4016B7: main (in
/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave)
(Sorry for the missing line numbers, Kubuntu's debug packages are a bit messed
up atm)
Reproducible: Always
Steps to Reproduce:
1. Open file via sftp protocol in Kate
2. Try to save
3. kio_sftp crashes
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Plasma-devel
mailing list