Ubuntu
kio package

dolphin crashes on start with buffer overflow when using kio 5.113.0-0ubuntu1

Bug #2046634 reported by lxevolution
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dolphin (Ubuntu)
Invalid
Undecided
Unassigned
kio (Ubuntu)
Fix Released
High
Rik Mills

Bug Description

When kio Version: 5.113.0-0ubuntu1 is installed, `dolphin` crashes:

```
dolphin --version
dolphin 23.08.4
```

```
Package: dolphin
Architecture: amd64
Version: 4:23.08.4-0ubuntu1
```

```
Package: kio
Architecture: amd64
Version: 5.113.0-0ubuntu1
```

```
System:
  Host: lxe-ubuntu Kernel: 6.5.0-9-generic arch: x86_64 bits: 64
    Desktop: GNOME v: 45.2 Distro: Ubuntu 24.04 (Noble Numbat)
```

Reproduce:

```
$ dolphin ~
*** buffer overflow detected ***: terminated
[1] 3593 IOT instruction (core dumped) dolphin ~
```

strace:

```
...
ppoll([{fd=36, events=POLLIN|POLLOUT}], 1, NULL, NULL, 8) = 1 ([{fd=36, revents=POLLOUT}])
write(36, " 14_47_\0\0\0\20file:///home/lxe", 30) = 30
write(5, "\1\0\0\0\0\0\0\0", 8) = 8
write(5, "\1\0\0\0\0\0\0\0", 8) = 8
statx(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/kio_file.so", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFREG|0644, stx_size=125368, ...}) = 0
readlink("/usr", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu/qt5", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu/qt5/plugins", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
readlink("/usr/lib/x86_64-linux-gnu/qt5/plugins/kf5/kio/kio_file.so", 0x7fff692af480, 1023) = -1 EINVAL (Invalid argument)
*** buffer overflow detected ***: terminated
geteuid() = 1000
+++ killed by SIGABRT (core dumped) +++
[1] 8458 IOT instruction (core dumped) strace dolphin ~

```

Downgrading `kio` to kio=5.104.0-0ubuntu1 fixes this issue

Revision history for this message
lxevolution (lxevolution) wrote :

Looks like this already been fixed:

https://launchpadlibrarian.net/703283308/kio_5.113.0-0ubuntu1_5.113.0-0ubuntu2.diff.gz

https://launchpad.net/ubuntu/+source/kio/5.113.0-0ubuntu2

Thank you!

Rik Mills (rikmills)
Changed in dolphin (Ubuntu):
status: New → Invalid
Changed in kio (Ubuntu):
status: New → Fix Committed
importance: Undecided → High
assignee: nobody → Rik Mills (rikmills)
Revision history for this message
Rik Mills (rikmills) wrote :

> Looks like this already been fixed:

Yes, thanks to some awesome testers picking this up.

This may take some some to get to the release pocket from proposed, as the libreoffice autopkgtests triggered by a kio upload take 4-10 hrs to run.

https://ubuntu-archive-team.ubuntu.com/proposed-migration/update_excuses.html#kio

Revision history for this message
Rik Mills (rikmills) wrote :

kio 5.113.0-0ubuntu2 has migrated to the noble release pocket, and I have repun the daily iso to pick that up. So marking this as fixed.

Changed in kio (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.