https://bugs.kde.org/show_bug.cgi?id=410844
Tobias Deiminger <haxti...@posteo.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |haxti...@posteo.de
--- Comment #10 from Tobias Deiminger <haxti...@posteo.de> ---
(In reply to Albert Astals Cid from comment #9)
> The backtraces really make no sense :/
The only suspicious thing I can spot is the this-pointer of the RefCount object
in comment 0 (this=0xc40c758) and comment 8 (this=0xffe824e92a894476). The
former is uncommonly low, the latter is too high, because it resides in the
hole of non-canonical virtual memory addresses on x86_64. Both traces from two
different people show the same kind of oddness, that's something where one
could dig deeper.
Such an invalid this-pointer could for example occur if in
TextDocumentGenerator::loadDocumentWithPassword, the QVector [] operator in
objects[ info.page ].append(/*...*/)
does an out of bounds access to the objects array.
There's already some safety implemented
if ( info.page >= objects.count() )
continue;
but info.page is a signed int, and the check doesn't catch negative page
numbers. So in theory we could fail here, unless info.page >= 0 is ensured in
some other place.
It's quite late. Can anybody double check for how much nonsense I've just
written?
--
You are receiving this mail because:
You are the assignee for the bug.
