[Kolab-devel] [issue2573] Crash because of freeing apparently uninitialized memory in KMail (KMMsgBase)

Jaroslaw Staniek kolab-issues at intevation.de
Fri Mar 28 11:41:22 CET 2008 

New submission from Jaroslaw Staniek <kexipl at gmail.com>:

In KMMsgBase::getStringPart(MsgPartType t), g_chunk looks like uninitialized
(it's less probably double freed) so free(g_chunk); causes a crash.



The backtrace:

>	kmailprivate.dll!KMMsgBase::getStringPart(KMMsgBase::MsgPartType t=MsgTagPart)
 Line 676 + 0xe bytes	C++
 	kmailprivate.dll!KMMsgInfo::tagList()  Line 302 + 0x4c bytes	C++
 	kmailprivate.dll!KMMsgInfo::tagString()  Line 295 + 0x35 bytes	C++
 	kmailprivate.dll!KMMsgBase::asIndexString(int & length=58)  Line 906 + 0x1f
bytes	C++
 	kmailprivate.dll!KMMsgBase::syncIndexString()  Line 953 + 0xc bytes	C++
 	kmailprivate.dll!KMFolderIndex::updateIndex()  Line 119 + 0x16 bytes	C++
 	kmailprivate.dll!KMFolderMbox::close(const char * owner=0x084ba850, bool
aForced=false)  Line 312 + 0x12 bytes	C++
 	kmailprivate.dll!KMFolderImap::close(const char * owner=0x084ba850, bool
aForced=false)  Line 147	C++
 	kmailprivate.dll!KMFolder::close(const char * owner=0x084ba850, bool
force=false)  Line 503 + 0x20 bytes	C++
 	kmailprivate.dll!KMHeaders::setFolder(KMFolder * aFolder=0x00000000, bool
forceJumpToUnread=false)  Line 733	C++
 	kmailprivate.dll!KMMainWidget::folderSelected(KMFolder * aFolder=0x08f68bd8,
bool forceJumpToUnread=false)  Line 2164 + 0x22 bytes	C++
 	kmailprivate.dll!KMMainWidget::qt_metacall(QMetaObject::Call
_c=InvokeMetaMethod, int _id=6, void * * _a=0x00dabaa4)  Line 321 + 0x13 bytes	C++
 	QtCored4.dll!QMetaObject::activate(QObject * sender=0x09139630, int
from_signal_index=133, int to_signal_index=133, void * * argv=0x00dabaa4)  Line
2995 + 0x2b bytes	C++
 	QtCored4.dll!QMetaObject::activate(QObject * sender=0x09139630, const
QMetaObject * m=0x084b62f8, int local_signal_index=0, void * * argv=0x00dabaa4)
 Line 3065 + 0x15 bytes	C++
 	kmailprivate.dll!KMFolderTree::folderSelected(KMFolder * _t1=0x08f68bd8)  Line
296 + 0x17 bytes	C++
 	kmailprivate.dll!KMFolderTree::doFolderSelected(Q3ListViewItem *
qlvi=0x09286f00, bool keepSelection=true)  Line 1016	C++
 	kmailprivate.dll!KMFolderTree::contentsMouseReleaseEvent(QMouseEvent *
me=0x00dabb6c)  Line 1192	C++
 	Qt3Supportd4.dll!Q3ScrollView::viewportMouseReleaseEvent(QMouseEvent *
e=0x00dac21c)  Line 1762	C++
 	Qt3Supportd4.dll!Q3ScrollView::eventFilter(QObject * obj=0x0913a6c0, QEvent *
e=0x00dac21c)  Line 1480	C++
 	Qt3Supportd4.dll!Q3ListView::eventFilter(QObject * o=0x0913a6c0, QEvent *
e=0x00dac21c)  Line 3778	C++
 	kmailprivate.dll!KMFolderTree::eventFilter(QObject * o=0x0913a6c0, QEvent *
e=0x00dac21c)  Line 1801 + 0x13 bytes	C++
 	QtCored4.dll!QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject *
receiver=0x0913a6c0, QEvent * event=0x00dac21c)  Line 693 + 0x15 bytes	C++
 	QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0913a6c0,
QEvent * e=0x00dac21c)  Line 3753 + 0x11 bytes	C++
 	QtGuid4.dll!QApplication::notify(QObject * receiver=0x0913a6c0, QEvent *
e=0x00dac21c)  Line 3486 + 0x2f bytes	C++
 	kdeui.dll!01798224() 	
 	kdeui.dll!01975fc1() 	
 	QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0913a6c0,
QEvent * event=0x00dac21c)  Line 586 + 0x15 bytes	C++
 	QtCored4.dll!QCoreApplication::sendSpontaneousEvent(QObject *
receiver=0x0913a6c0, QEvent * event=0x00dac21c)  Line 218 + 0x38 bytes	C++
 	QtGuid4.dll!QApplicationPrivate::sendMouseEvent(QWidget * receiver=0x0913a6c0,
QMouseEvent * event=0x00dac21c, QWidget * alienWidget=0x0913a6c0, QWidget *
nativeWidget=0x042f32d0, QWidget * * buttonDown=0x65a505a0, QPointer<QWidget> &
lastMouseReceiver={...})  Line 2751 + 0xe bytes	C++
 	QtGuid4.dll!QETWidget::translateMouseEvent(const tagMSG & msg={...})  Line
3098 + 0x28 bytes	C++
 	QtGuid4.dll!QtWndProc(HWND__ * hwnd=0x00071516, unsigned int message=514,
unsigned int wParam=0, long lParam=36962508)  Line 1566 + 0xc bytes	C++
 	user32.dll!75e91a10() 	
 	user32.dll!75e91ae8() 	
 	user32.dll!75e91a91() 	
 	user32.dll!75e92a47() 	
 	user32.dll!75e92a98() 	
 	QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags={...})  Line 743 + 0x21 bytes	C++
 	QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags={...})  Line 1089 + 0x15 bytes	C++
 	QtCored4.dll!QEventLoop::processEvents(QFlags<enum
QEventLoop::ProcessEventsFlag> flags={...})  Line 147	C++
 	QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag>
flags={...})  Line 197 + 0x1c bytes	C++
 	QtCored4.dll!QCoreApplication::exec()  Line 838 + 0x15 bytes	C++
 	QtGuid4.dll!QApplication::exec()  Line 3290	C++
 	kontact.exe!main(int argc=1, char * * argv=0x040ad790)  Line 165 + 0x8 bytes	C++
 	kontact.exe!WinMain(HINSTANCE__ * instance=0x00400000, HINSTANCE__ *
prevInstance=0x00000000, char * __formal=0x001c291a, int cmdShow=1)  Line 140 +
0x12 bytes	C++
 	kontact.exe!__tmainCRTStartup()  Line 589 + 0x35 bytes	C
 	kontact.exe!WinMainCRTStartup()  Line 414	C

----------
messages: 14242
nosy: jstaniek
priority: bug
status: unread
title: Crash because of freeing apparently uninitialized memory in KMail (KMMsgBase)
topic: kowi
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue2573>
___________________________________________________

More information about the devel mailing list