Ubuntu
kdebase package

konqueror causes segfault in libpcre

Bug #203744 reported by lcampagn
14
Affects Status Importance Assigned to Milestone
KDE Base
Invalid
High
kdebase (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: konqueror

Using kubuntu/gutsy, KDE 3.5.8. When I go to this webpage:
   http://www3.interscience.wiley.com/journal/117928903/tocgroup
and click on any of the links numbered by year (the ones under "ALL ISSUES", not those under "ISSUE NAVIGATION"), konqueror segfaults. The backtrace looks like this:

(gdb) backtrace
#0 0xb5b807ac in ?? () from /usr/lib/libpcre.so.3
Cannot access memory at address 0xbf0e6d70

I've tried installing libpcre3-dbgsym, but there seem to be some dependency issues with that package at the moment.

Revision history for this message
Yuriy Kozlov (yuriy-kozlov) wrote :
Download full text (4.6 KiB)

I installed libpcre3-dbg under Hardy and ran konqueror 3.5.9 under gdb and got a backtrace with this repeating over and over (the eptr and the exact string change). Looks like it's getting into some sort of infinitely loop trying to parse the page.

#6013 0x00007f64308b8d31 in match (
    eptr=0x1302653 ">Volume 237 Issue 2</a>&nbsp;-&nbsp;8 July 1985&nbsp;-&nbsp;(145-289)<br/></li><li><a href=\"/journal/109688358/issue\">Volume 237 Issue 1</a>&nbsp;-&nbsp;1 July 1985&nbsp;-&nbsp;(1-143)<br/></li><li><a"..., ecode=0x13e9577 "U",
    mstart=0x1301ae0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<ul xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:i18n=\"http://apache.org/cocoon/i18n/2.1\" xmlns:cin"..., offset_top=6, md=0x7fff442441e0, ims=0,
    eptrb=0x0, flags=0, rdepth=<value optimized out>) at pcre_exec.c:1289
#6014 0x00007f64308b636c in match (
    eptr=0x1302652 "\">Volume 237 Issue 2</a>&nbsp;-&nbsp;8 July 1985&nbsp;-&nbsp;(145-289)<br/></li><li><a href=\"/journal/109688358/issue\">Volume 237 Issue 1</a>&nbsp;-&nbsp;1 July 1985&nbsp;-&nbsp;(1-143)<br/></li><li><"..., ecode=0x13e956d "^",
    mstart=0x1301ae0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<ul xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:i18n=\"http://apache.org/cocoon/i18n/2.1\" xmlns:cin"..., offset_top=6, md=0x7fff442441e0, ims=0,
    eptrb=0x0, flags=0, rdepth=5861) at pcre_exec.c:690
#6015 0x00007f64308b8d31 in match (
    eptr=0x1302652 "\">Volume 237 Issue 2</a>&nbsp;-&nbsp;8 July 1985&nbsp;-&nbsp;(145-289)<br/></li><li><a href=\"/journal/109688358/issue\">Volume 237 Issue 1</a>&nbsp;-&nbsp;1 July 1985&nbsp;-&nbsp;(1-143)<br/></li><li><"..., ecode=0x13e9577 "U",
    mstart=0x1301ae0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<ul xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:i18n=\"http://apache.org/cocoon/i18n/2.1\" xmlns:cin"..., offset_top=6, md=0x7fff442441e0, ims=0,
    eptrb=0x0, flags=0, rdepth=<value optimized out>) at pcre_exec.c:1289
#6016 0x00007f64308b636c in match (
    eptr=0x1302651 "e\">Volume 237 Issue 2</a>&nbsp;-&nbsp;8 July 1985&nbsp;-&nbsp;(145-289)<br/></li><li><a href=\"/journal/109688358/issue\">Volume 237 Issue 1</a>&nbsp;-&nbsp;1 July 1985&nbsp;-&nbsp;(1-143)<br/></li><li>"..., ecode=0x13e956d "^",
    mstart=0x1301ae0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n<ul xmlns=\---Type <return> to continue, or q <return> to quit---
"http://www.w3.org/1999/xhtml\" xmlns:i18n=\"http://apache.org/cocoon/i18n/2.1\" xmlns:cin"..., offset_top=6, md=0x7fff442441e0, ims=0,
    eptrb=0x0, flags=0, rdepth=5859) at pcre_exec.c:690
#6017 0x00007f64308b8d31 in match (
    eptr=0x1302651 "e\">Volume 237 Issue 2</a>&nbsp;-&nbsp;8 July 1985&nbsp;-&nbsp;(145-289)<br/></li><li><a href=\"/journal/109688358/issue\">Volume 237 Issue 1</a>&nbsp;-&nbsp;1 July 1985&nbsp;-&nbsp;(1-143)<br/></li><li>"..., ecode=0x13e9577 "U",
    mstart=0x1301ae0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://w...

Read more...

Revision history for this message
Yuriy Kozlov (yuriy-kozlov) wrote :

Confirmed on Hardy and guessing that the bug is in libpcre3

Changed in kdebase:
status: New → Confirmed
Revision history for this message
Yuriy Kozlov (yuriy-kozlov) wrote :

Works fine in konqueror 4.0, so unless they worked around it or are no longer using libpcre3, the bug is in konqueror 3.5.

Revision history for this message
Jonathan Thomas (echidnaman) wrote :

Fixed in Intrepid since it ships with Konqueror 4.1.

Changed in kdebase:
status: Confirmed → Fix Released
Revision history for this message
Christophe Giboudeaux (krop) wrote :

Hum no, your assertion is wrong.

We didn't close these issues yet on KDE bugzilla.

Bug Watch Updater (bug-watch-updater)
Changed in kdebase:
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in kdebase:
status: Unknown → Confirmed
Yuriy Kozlov (yuriy-kozlov)
Changed in kdebase:
importance: Undecided → Low
status: Fix Released → Confirmed
Jonathan Thomas (echidnaman)
Changed in kdebase:
status: Confirmed → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in kdebase:
status: Confirmed → Invalid
Revision history for this message
Jonathan Thomas (echidnaman) wrote :

Closed now.

Changed in kdebase:
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in kdebase:
importance: Unknown → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.