https://bugs.kde.org/show_bug.cgi?id=400499
--- Comment #15 from Matt Fagnani <matthew.fagn...@utoronto.ca> ---
AddressSanitizer caught a use-after-free error in TopLevel::answerReceived at
ksysguard.cpp:450 while ksysguard was closing on the 24th time I ran it. The
second function from the top was KSGRD::SensorAgent::processAnswer at
SensorAgent.cpp:186 which makes it more likely as being involved in the errors
and crashes. The error's invalid read of size 4 and its stack matches the
second in the first three valgrind runs I previously mentioned and a later one
in the last run. The AddressSanitizer output was the following.
=================================================================
==5225==ERROR: AddressSanitizer: heap-use-after-free on address 0xa95219b8 at
pc 0xb78da97e bp 0xbf88b7d8 sp 0xbf88b7c8
READ of size 4 at 0xa95219b8 thread T0
#0 0xb78da97d in TopLevel::answerReceived(int, QList<QByteArray> const&)
/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/gui/ksysguard.cpp:450
#1 0xb6e30924 in KSGRD::SensorAgent::processAnswer(char const*, int)
/usr/src/debug/libksysguard-5.14.3-1.fc29.i386/ksgrd/SensorAgent.cpp:186
#2 0xb6e37e8d in KSGRD::SensorShellAgent::msgRcvd()
/usr/src/debug/libksysguard-5.14.3-1.fc29.i386/ksgrd/SensorShellAgent.cpp:93
#3 0xb56e8b43 in QMetaObject::activate(QObject*, int, int, void**)
(/lib/libQt5Core.so.5+0x269b43)
#4 0xb56e9050 in QMetaObject::activate(QObject*, QMetaObject const*, int,
void**) (/lib/libQt5Core.so.5+0x26a050)
#5 0xb56560f4 in
QProcess::readyReadStandardOutput(QProcess::QPrivateSignal)
.moc/moc_qprocess.cpp:362
#6 0xb565b8aa in
QProcessPrivate::tryReadFromChannel(QProcessPrivate::Channel*)
io/qprocess.cpp:1070
#7 0xb565be86 in QProcessPrivate::_q_canReadStandardOutput()
io/qprocess.cpp:1081
#8 0xb565be86 in QProcess::qt_static_metacall(QObject*, QMetaObject::Call,
int, void**) .moc/moc_qprocess.cpp:207
#9 0xb56e8a15 in QMetaObject::activate(QObject*, int, int, void**)
(/lib/libQt5Core.so.5+0x269a15)
#10 0xb56e9050 in QMetaObject::activate(QObject*, QMetaObject const*, int,
void**) (/lib/libQt5Core.so.5+0x26a050)
#11 0xb56f4ba9 in QSocketNotifier::activated(int,
QSocketNotifier::QPrivateSignal) .moc/moc_qsocketnotifier.cpp:136
#12 0xb56f4f71 in QSocketNotifier::event(QEvent*)
(/lib/libQt5Core.so.5+0x275f71)
#13 0xb6028da9 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
kernel/qapplication.cpp:3727
#14 0xb6030e58 in QApplication::notify(QObject*, QEvent*)
kernel/qapplication.cpp:3486
#15 0xb56bde65 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/lib/libQt5Core.so.5+0x23ee65)
#16 0xb5715be3 in socketNotifierSourceDispatch
../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#17 0xaf6e85c4 in g_main_dispatch gmain.c:3182
#18 0xaf6e89a8 in g_main_context_iterate gmain.c:3920
#19 0xaf6e8a5a in g_main_context_iteration (/lib/libglib-2.0.so.0+0x4ba5a)
#20 0xb571515c in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
kernel/qeventdispatcher_glib.cpp:423
#21 0xa7c29e36 (/lib/libQt5XcbQpa.so.5+0xd6e36)
#22 0xb56bcb6e in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/lib/libQt5Core.so.5+0x23db6e)
#23 0xb56c53e1 in QCoreApplication::exec() (/lib/libQt5Core.so.5+0x2463e1)
#24 0xb5a64234 in QGuiApplication::exec() (/lib/libQt5Gui.so.5+0xe1234)
#25 0xb6028d17 in QApplication::exec() (/lib/libQt5Widgets.so.5+0xfcd17)
#26 0xb78e1027 in kdemain
/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/gui/ksysguard.cpp:609
#27 0x4d810a in main
(/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/i686-redhat-linux-gnu/bin/ksysguard+0x110a)
#28 0xb506ac08 in __libc_start_main (/lib/libc.so.6+0x1ac08)
#29 0x4d81b4 in _start
(/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/i686-redhat-linux-gnu/bin/ksysguard+0x11b4)
0xa95219b8 is located 104 bytes inside of 132-byte region
[0xa9521950,0xa95219d4)
freed by thread T0 here:
#0 0xb7a337f4 in operator delete(void*) (/lib/libasan.so.5+0xf47f4)
#1 0xb78f5cc0 in TopLevel::~TopLevel()
/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/i686-redhat-linux-gnu/gui/kdeinit_ksysguard_autogen/EWIEGA46WW/../../../../gui/ksysguard.h:41
#2 0xb56e977a in QObject::event(QEvent*) (/lib/libQt5Core.so.5+0x26a77a)
#3 0xb606e66c in QWidget::event(QEvent*) (/lib/libQt5Widgets.so.5+0x14266c)
previously allocated by thread T0 here:
#0 0xb7a3299c in operator new(unsigned int) (/lib/libasan.so.5+0xf399c)
#1 0xb78e0d5c in kdemain
/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/gui/ksysguard.cpp:588
#2 0x4d810a in main
(/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/i686-redhat-linux-gnu/bin/ksysguard+0x110a)
#3 0xb506ac08 in __libc_start_main (/lib/libc.so.6+0x1ac08)
SUMMARY: AddressSanitizer: heap-use-after-free
/programs/ksysguard/fedora/ksysguard/ksysguard-5.14.3/gui/ksysguard.cpp:450 in
TopLevel::answerReceived(int, QList<QByteArray> const&)
Shadow bytes around the buggy address:
0x352a42e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fa fa
0x352a42f0: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
0x352a4300: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x352a4310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x352a4320: fd fd fa fa fa fa fa fa fa fa fd fd fd fd fd fd
=>0x352a4330: fd fd fd fd fd fd fd[fd]fd fd fd fa fa fa fa fa
0x352a4340: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x352a4350: 00 00 00 00 01 fa fa fa fa fa fa fa fa fa fd fd
0x352a4360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x352a4370: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x352a4380: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5225==ABORTING
--
You are receiving this mail because:
You are watching all bug changes.
