#26 heap-use-after-free in kmail/kmcommands.cpp:1999 in KMCopyCommand::execute()

Open
opened 1 year ago by luke-jr · 0 comments
luke-jr commented 1 year ago

Not really sure how to reproduce this...

==14595==ERROR: AddressSanitizer: heap-use-after-free on address 0x610003568548 at pc 0x7fc273becc50 bp 0x7fff9f210840 sp 0x7fff9f210830
READ of size 8 at 0x610003568548 thread T0
    #0 0x7fc273becc4f in KMCopyCommand::execute() /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:1999
    #1 0x7fc273bb1db9 in KMCommand::slotPostTransfer(KMCommand::Result) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:267
    #2 0x7fc273be938b in KMCommand::tqt_invoke(int, TQUObject*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:160
    #3 0x7fc271bf3bb7 in TQObject::activate_signal(TQConnectionList*, TQUObject*) kernel/qobject.cpp:2813
    #4 0x7fc273bb0341 in KMCommand::messagesTransfered(KMCommand::Result) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:137
    #5 0x7fc273bb0d38 in KMCommand::transferSelectedMsgs() /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:362
    #6 0x7fc273be9330 in KMCommand::tqt_invoke(int, TQUObject*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:159
    #7 0x7fc271bf3bb7 in TQObject::activate_signal(TQConnectionList*, TQUObject*) kernel/qobject.cpp:2813
    #8 0x7fc271f0bbbf in TQSignal::signal(TQVariant const&) .moc/release-shared-mt/moc_ntqsignal.cpp:110
    #9 0x7fc271c0c341 in TQSignal::activate() kernel/qsignal.cpp:215
    #10 0x7fc271c18fed in TQSingleShotTimer::event(TQEvent*) kernel/qtimer.cpp:289
    #11 0x7fc271b95e6c in TQApplication::internalNotify(TQObject*, TQEvent*) kernel/qapplication.cpp:2883
    #12 0x7fc271b964b6 in TQApplication::notify(TQObject*, TQEvent*) kernel/qapplication.cpp:2726
    #13 0x7fc2727cfa6c in TDEApplication::notify(TQObject*, TQEvent*) /var/tmp/portage/trinity-base/tdelibs-9999/work/tdelibs-9999/tdecore/tdeapplication.cpp:660
    #14 0x7fc271b8b3b7 in TQEventLoop::activateTimers() kernel/qeventloop_unix.cpp:564
    #15 0x7fc271b75716 in TQEventLoop::processEvents(unsigned int) kernel/qeventloop_x11.cpp:396
    #16 0x7fc271bacdde in TQEventLoop::enterLoop() kernel/qeventloop.cpp:227
    #17 0x7fc271bacd21 in TQEventLoop::exec() kernel/qeventloop.cpp:174
    #18 0x5617e0a32bb8 in main (/usr/trinity/14/bin/kmail+0x3bb8)
    #19 0x7fc2710da850 in __libc_start_main ../csu/libc-start.c:308
    #20 0x5617e0a32d79 in _start (/usr/trinity/14/bin/kmail+0x3d79)

0x610003568548 is located 8 bytes inside of 192-byte region [0x610003568540,0x610003568600)
freed by thread T0 here:
    #0 0x7fc27470cef7 in operator delete(void*, unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:151
    #1 0x7fc273c5b593 in KMFolderIndex::setIndexEntry(int, KMMessage*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmfolderindex.cpp:521

previously allocated by thread T0 here:
    #0 0x7fc27470b557 in operator new(unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:90
    #1 0x7fc2739c8cbf in KMFolderMbox::readMsg(int) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmfoldermbox.cpp:825

SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:1999 in KMCopyCommand::execute()
Not really sure how to reproduce this... ``` ==14595==ERROR: AddressSanitizer: heap-use-after-free on address 0x610003568548 at pc 0x7fc273becc50 bp 0x7fff9f210840 sp 0x7fff9f210830 READ of size 8 at 0x610003568548 thread T0 #0 0x7fc273becc4f in KMCopyCommand::execute() /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:1999 #1 0x7fc273bb1db9 in KMCommand::slotPostTransfer(KMCommand::Result) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:267 #2 0x7fc273be938b in KMCommand::tqt_invoke(int, TQUObject*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:160 #3 0x7fc271bf3bb7 in TQObject::activate_signal(TQConnectionList*, TQUObject*) kernel/qobject.cpp:2813 #4 0x7fc273bb0341 in KMCommand::messagesTransfered(KMCommand::Result) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:137 #5 0x7fc273bb0d38 in KMCommand::transferSelectedMsgs() /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:362 #6 0x7fc273be9330 in KMCommand::tqt_invoke(int, TQUObject*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999_build/kmail/kmcommands.moc:159 #7 0x7fc271bf3bb7 in TQObject::activate_signal(TQConnectionList*, TQUObject*) kernel/qobject.cpp:2813 #8 0x7fc271f0bbbf in TQSignal::signal(TQVariant const&) .moc/release-shared-mt/moc_ntqsignal.cpp:110 #9 0x7fc271c0c341 in TQSignal::activate() kernel/qsignal.cpp:215 #10 0x7fc271c18fed in TQSingleShotTimer::event(TQEvent*) kernel/qtimer.cpp:289 #11 0x7fc271b95e6c in TQApplication::internalNotify(TQObject*, TQEvent*) kernel/qapplication.cpp:2883 #12 0x7fc271b964b6 in TQApplication::notify(TQObject*, TQEvent*) kernel/qapplication.cpp:2726 #13 0x7fc2727cfa6c in TDEApplication::notify(TQObject*, TQEvent*) /var/tmp/portage/trinity-base/tdelibs-9999/work/tdelibs-9999/tdecore/tdeapplication.cpp:660 #14 0x7fc271b8b3b7 in TQEventLoop::activateTimers() kernel/qeventloop_unix.cpp:564 #15 0x7fc271b75716 in TQEventLoop::processEvents(unsigned int) kernel/qeventloop_x11.cpp:396 #16 0x7fc271bacdde in TQEventLoop::enterLoop() kernel/qeventloop.cpp:227 #17 0x7fc271bacd21 in TQEventLoop::exec() kernel/qeventloop.cpp:174 #18 0x5617e0a32bb8 in main (/usr/trinity/14/bin/kmail+0x3bb8) #19 0x7fc2710da850 in __libc_start_main ../csu/libc-start.c:308 #20 0x5617e0a32d79 in _start (/usr/trinity/14/bin/kmail+0x3d79) 0x610003568548 is located 8 bytes inside of 192-byte region [0x610003568540,0x610003568600) freed by thread T0 here: #0 0x7fc27470cef7 in operator delete(void*, unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:151 #1 0x7fc273c5b593 in KMFolderIndex::setIndexEntry(int, KMMessage*) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmfolderindex.cpp:521 previously allocated by thread T0 here: #0 0x7fc27470b557 in operator new(unsigned long) /var/tmp/portage/sys-devel/gcc-8.2.0-r6/work/gcc-8.2.0/libsanitizer/asan/asan_new_delete.cc:90 #1 0x7fc2739c8cbf in KMFolderMbox::readMsg(int) /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmfoldermbox.cpp:825 SUMMARY: AddressSanitizer: heap-use-after-free /var/tmp/portage/trinity-base/kmail-9999/work/kmail-9999/kmail/kmcommands.cpp:1999 in KMCopyCommand::execute() ```
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.