heap buffer overflow in PropertiesWidget::displayFilesListMenu #1978
Comments
|
I found an error: const QModelIndex index = *(selectedRows.begin()); // empty check is required! |
|
I thought that I had recently disabled showing popup menus when nothing was selected... |
|
Yes, I use latest git master. Look at src/properties/propertieswidget.cpp:495. The problem is not when no torrents are selected, but when some torrent is selected, but I right-clicked on empty space. |
|
As pull request is merged, I think this could be closed. |
|
(you can close issues that you have opened too) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I compiled qbittorrent with enabled address-sanitizer. http://code.google.com/p/address-sanitizer/
qbittorrent crashes when I select some torrent with few files and then right-click on empty space in file list.
ivan@liberty:~/d/qbittorrent$ src/qbittorrent
==12425== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x600600dfb7a8 at pc 0x69097b bp 0x7fffa4273560 sp 0x7fffa4273558
READ of size 8 at 0x600600dfb7a8 thread T0
#0 0x69097a in QList::Node::t() /usr/include/qt4/QtCore/qlist.h:114
#1 0x69097a in QList::iterator::operator_() const /usr/include/qt4/QtCore/qlist.h:193
#2 0x69097a in PropertiesWidget::displayFilesListMenu(QPoint const&) /home/ivan/d/qbittorrent/src/properties/propertieswidget.cpp:495
#3 0x7ff55e49d879 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x191879)
#4 0x7ff55ed44a61 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x20ba61)
#5 0x7ff55ed528e6 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x2198e6)
#6 0x7ff55f0f3fcd (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x5bafcd)
#7 0x7ff55f2035b2 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x6ca5b2)
#8 0x7ff55f24218f (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x70918f)
#9 0x7ff55e489645 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x17d645)
#10 0x7ff55ed02e0b (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1c9e0b)
#11 0x7ff55ed0a1f7 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x1d11f7)
#12 0x823321 in SessionApplication::notify(QObject_, QEvent*) /home/ivan/d/qbittorrent/src/sessionapplication.cpp:44
#13 0x7ff55e4894dc (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x17d4dc)
#14 0x7ff55ed7da1f (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x244a1f)
#15 0x7ff55ed7d268 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x244268)
#16 0x7ff55eda4b01 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bb01)
#17 0x7ff55cbc9e03 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03)
#18 0x7ff55cbca047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047)
#19 0x7ff55cbca0eb (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb)
#20 0x7ff55e4b67a0 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x1aa7a0)
#21 0x7ff55eda4bb5 (/usr/lib/x86_64-linux-gnu/libQtGui.so.4+0x26bbb5)
#22 0x7ff55e4880ae (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x17c0ae)
#23 0x7ff55e4883a4 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x17c3a4)
#24 0x7ff55e48db78 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x181b78)
#25 0x512c06 in main /home/ivan/d/qbittorrent/src/main.cpp:394
#26 0x7ff55d747ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#27 0x517994 in _start (/home/ivan/d/qbittorrent/src/qbittorrent+0x517994)
0x600600dfb7a8 is located 0 bytes to the right of 24-byte region [0x600600dfb790,0x600600dfb7a8)
allocated by thread T0 here:
#0 0x7ff56093441a (/usr/lib/x86_64-linux-gnu/libasan.so.0+0x1541a)
#1 0x7ff55e3a42d0 (/usr/lib/x86_64-linux-gnu/libQtCore.so.4+0x982d0)
SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/qt4/QtCore/qabstractitemmodel.h:65 QModelIndex
Shadow bytes around the buggy address:
0x0c01401b76a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c01401b76b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c01401b76c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c01401b76d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c01401b76e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c01401b76f0: fa fa 00 00 00[fa]fa fa 00 00 00 00 fa fa fd fd
0x0c01401b7700: fd fd fa fa fd fd fd fd fa fa 00 00 00 00 fa fa
0x0c01401b7710: 00 00 00 fa fa fa 00 00 00 fa fa fa fd fd fd fd
0x0c01401b7720: fa fa 00 00 00 00 fa fa fd fd fd fd fa fa fd fd
0x0c01401b7730: fd fd fa fa 00 00 00 fa fa fa fd fd fd fd fa fa
0x0c01401b7740: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==12425== ABORTING
The text was updated successfully, but these errors were encountered: