https://bugs.kde.org/show_bug.cgi?id=399849
Stefan Brüns <stefan.bru...@rwth-aachen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|DUPLICATE |---
Status|RESOLVED |REOPENED
Ever confirmed|0 |1
--- Comment #4 from Stefan Brüns <stefan.bru...@rwth-aachen.de> ---
Hm, not really,
the first backtrace is from PostingCodec::decode. Unfortunately the backtrace
is to incomplete to tell whats going wrong here. It is a bit fishy how this can
go wrong, as it just allocates a vector the same size as the raw data from the
DB and copies it. Source:
https://cgit.kde.org/baloo.git/tree/src/codecs/postingcodec.cpp?id=2d31a8500edb755dbf253656f41a34c55223438e
The only think I can think of is mdb_get returning something other than
MDB_SUCCESS or MDB_NOTFOUND, val.mv_size is uninitialized and we try copy a
random amount of data afterwards:
https://cgit.kde.org/baloo.git/tree/src/engine/postingdb.cpp?id=2d31a8500edb755dbf253656f41a34c55223438e#n82
---
The second backtrace has a crash in the doctermscodec:
https://cgit.kde.org/baloo.git/tree/src/codecs/doctermscodec.cpp?id=2d31a8500edb755dbf253656f41a34c55223438e#n76
The crash happens when the docterm array is reallocated to grow. 200 MByte (of
d-ptrs) are about 25 million terms. Although thats not impossible, it is also
somewhat unlikely.
It may have the same reason as above, unchecked lmdb return code, attempting to
decode random data.
--
You are receiving this mail because:
You are watching all bug changes.
