[bt-devel] [ bibletime-Bugs-1589388 ] crash when "OK" clicked after creating indices

SourceForge.net noreply at sourceforge.net
Fri Dec 1 10:05:40 MST 2006 

Bugs item #1589388, was opened at 2006-11-02 17:44
Message generated for change (Comment added) made by mgruner
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100954&aid=1589388&group_id=954

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Backend / SWORD
Group: in progress
>Status: Closed
>Resolution: Fixed
Priority: 8
Private: No
Submitted By: umicron (umicron)
Assigned to: Martin Gruner (mgruner)
Summary: crash when "OK" clicked after creating indices

Initial Comment:
[moved here from the "feature requests" section, where
it was placed erroneously]

 bibletime 1.6.1, compiled from source today
sword 1.5.9, compiled from source
today: --prefix=/usr --sysconfdir=/etc --with-lucene

I was in the bookshelf manager under "Manage search
indices". I added three indices: KJV, TR, and
StrongsGreek, I believe in that order. When I
clicked "OK" to exit the dialog window, bibletime
crashed. When I tried to backtrace, my computer froze
until I rebooted.

A bit later I created a StrongsHebrew index with no
problem.

Yet later (just ~ a minute ago) I created a Vulgate
index and then GreekHebrew, HebrewGreek, and Josephus
indices (two separate times clicking "create
indices") and this time bibletime crashed.
In the console I got:

*** BibleTime got signal 11 (Crashing). Trying to
save settings.
*** Saving seemed to be successful. If restoring does
not work on next startup please use the
option --ignore-session
KCrash: Application 'bibletime' crashing...

And the KDE crash handler backtrace is:
Using host libthread_db
library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1241056400 (LWP 5365)]
[KCrash handler]
#6 *__GI_strcpy (dest=0x0, src=0x12f75880 <Address
0x12f75880 out of bounds>)
at ../sysdeps/generic/strcpy.c:39
#7 0xb65ebbe6 in sword::zStr::getCompressedText ()
from /usr/lib/libsword-1.5.9.so
#8 0xb65ecce7 in sword::zStr::getText ()
from /usr/lib/libsword-1.5.9.so
#9 0xb664928c in sword::zLD::getEntry ()
from /usr/lib/libsword-1.5.9.so
#10 0xb66494e9 in sword::zLD::getRawEntryBuf ()
from /usr/lib/libsword-1.5.9.so
#11 0xb6647bab in sword::SWLD::setPosition ()
from /usr/lib/libsword-1.5.9.so
#12 0x08128af1 in CSwordModuleInfo::unlockKeyIsValid
()
#13 0x08128d28 in CSwordModuleInfo::isLocked ()
#14 0x0815ea56 in CToolClass::getIconForModule ()
#15 0x080ba56d in CModuleItem::update ()
#16 0x080bd39a in CTreeFolder::initTree ()
#17 0x080bcdc4 in CTreeFolder::init ()
#18 0x080bf679 in CTreeFolder::addGroup ()
#19 0x080bd58e in CTreeFolder::initTree ()
#20 0x080bcdc4 in CTreeFolder::init ()
#21 0x080b4e8d in CMainIndex::addGroup ()
#22 0x080b69ee in CMainIndex::initTree ()
#23 0x0807d81e in BibleTime::slotSwordSetupChanged ()
#24 0x08086b7d in BibleTime::qt_invoke ()
#25 0xb6becd69 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#26 0xb6bed200 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#27 0x0811672d in
BookshelfManager::CSwordSetupDialog::signalSwordSetupChanged
()
#28 0xb75246e9 in KDialogBase::qt_invoke ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#29 0x08116590 in
BookshelfManager::CSwordSetupDialog::qt_invoke ()
#30 0xb6becd69 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#31 0xb6bed200 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#32 0xb6f3027c in QButton::clicked ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#33 0xb6c81fa6 in QButton::mouseReleaseEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#34 0xb6c269e8 in QWidget::event ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#35 0xb6b8d681 in QApplication::internalNotify ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#36 0xb6b8e413 in QApplication::notify ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#37 0xb71a043e in KApplication::notify ()
from /opt/kde-3.5.5/lib/libkdecore.so.4
#38 0xb6b29191 in QETWidget::translateMouseEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#39 0xb6b27bef in QApplication::x11ProcessEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#40 0xb6b3b45a in QEventLoop::processEvents ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#41 0xb6ba41c9 in QEventLoop::enterLoop ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#42 0xb6b8d0cf in QApplication::enter_loop ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#43 0xb6d770ae in QDialog::exec ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#44 0x0807d798 in BibleTime::slotSwordSetupDialog ()
#45 0x08086870 in BibleTime::qt_invoke ()
#46 0xb6becd69 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#47 0xb6bed200 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#48 0xb747dde9 in KAction::activated ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#49 0xb747df41 in KAction::slotActivated ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#50 0xb748078e in KAction::slotPopupActivated ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#51 0xb7480a61 in KAction::qt_invoke ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#52 0xb6becd69 in QObject::activate_signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#53 0xb6f288b2 in QSignal::signal ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#54 0xb6c0994b in QSignal::activate ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#55 0xb6cf43e8 in QPopupMenu::mouseReleaseEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#56 0xb746dba1 in KPopupMenu::mouseReleaseEvent ()
from /opt/kde-3.5.5/lib/libkdeui.so.4
#57 0xb6c269e8 in QWidget::event ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#58 0xb6b8d681 in QApplication::internalNotify ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#59 0xb6b8e413 in QApplication::notify ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#60 0xb71a043e in KApplication::notify ()
from /opt/kde-3.5.5/lib/libkdecore.so.4
#61 0xb6b294c0 in QETWidget::translateMouseEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#62 0xb6b27bef in QApplication::x11ProcessEvent ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#63 0xb6b3b45a in QEventLoop::processEvents ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#64 0xb6ba41e3 in QEventLoop::enterLoop ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#65 0xb6ba40c6 in QEventLoop::exec ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#66 0xb6b8d09f in QApplication::exec ()
from /opt/qt-3.3.6/lib/libqt-mt.so.3
#67 0x08082cca in main ()

Apparently caused by libsword, in the file
src/modules/common/zstr.c, in
zStr::getCompressedText:
strcpy(*buf, cacheBlock->getEntry(entry));

Use Canned Response: (?)
 (admin)
AND/OR Attach A Comment: (?)


Followups:

Comments

Date: 2006-11-02 06:20
Sender: umicron
Logged In: YES 
user_id=1635726

Well, I've narrowed down the bug a bit, to somewhere in
sword's ciphered-text--handling 
system, or possibly in how bibletime uses that system.
When I removed the two "locked" modules, gerhfa2002
and gerhfalex2002, from 
my /usr/share/sword tree, the crashes don't seem to be
happening.
(Although I still get "Error reading ulBuffNum"
sometimes while creating indices, which I 
got before.)


zStr::getCompressedText calls
strcpy(*buf, cacheBlock->getEntry(entry));
the getEntry is in entriesblk.cpp, and it calls
getMetaEntry.
getEntry then returns: return (offset) ? block+offset :
empty;
The crashing occurs when offset is non-zero but
block+offset is
not a valid string pointer.
Hence, in the previous post:
#6 *__GI_strcpy (dest=0x0, src=0x12f75880 <Address 
 0x12f75880 out of bounds>)

0x12f75880 in this case was block+offset (confirmed by
printing
out the value of 
block+offset on another occasion).

							

----------------------------------------------------------------------

>Comment By: Martin Gruner (mgruner)
Date: 2006-12-01 18:05

Message:
Logged In: YES 
user_id=169722
Originator: NO

This is a bug in Sword. The patch below fixes it, apply it against Sword
1.5.9 and recompile. Thanks again. I hope there will be a bugfix sword
release soon, if not we'll offer the patch for download.

mg

-------------------------

Index: src/modules/common/zverse.cpp
===================================================================
--- src/modules/common/zverse.cpp	(Revision 2017)
+++ src/modules/common/zverse.cpp	(Arbeitskopie)
@@ -237,6 +237,7 @@
 		unsigned long len = 0;
 		compressor->Buf(0, &len);
 		cacheBuf = (char *)calloc(len + 1, 1);
+		cacheBuf[0]='\0'; //just in case len==0
 		memcpy(cacheBuf, compressor->Buf(), len);
 
 		cacheTestament = testmt;
@@ -257,13 +258,11 @@
 
 void zVerse::zReadText(char testmt, long start, unsigned short size,
SWBuf &inBuf) {
 	inBuf = "";
-	inBuf.setFillByte(0);
-	inBuf.setSize(size+1);
-	if (size > 0) {
-		if (cacheBuf)
-			strncpy(inBuf.getRawData(), &(cacheBuf[start]), size);
+	if ( (size > 0) && cacheBuf && ((start+size) <= strlen(cacheBuf)) ){
//TODO: optimize this, remove strlen
+		inBuf.setFillByte(0);
+		inBuf.setSize(size+1);
+		strncpy(inBuf.getRawData(), &(cacheBuf[start]), size);
 	}
-	inBuf.setSize(strlen(inBuf.c_str()));
 }
 
 
Index: src/modules/common/zipcomprs.cpp
===================================================================
--- src/modules/common/zipcomprs.cpp	(Revision 2017)
+++ src/modules/common/zipcomprs.cpp	(Arbeitskopie)
@@ -79,7 +79,7 @@
 	if (len)
 	{
 		//printf("Doing compress\n");
-		if (compress((Bytef*)zbuf, &zlen, (const Bytef*)buf, len)!=Z_OK)
+		if (compress((Bytef*)zbuf, &zlen, (const Bytef*)buf, len) != Z_OK)
 		{
 			printf("ERROR in compression\n");
 		}
@@ -89,7 +89,7 @@
 	}
 	else
 	{
-		fprintf(stderr, "No buffer to compress\n");
+		fprintf(stderr, "ERROR: no buffer to compress\n");
 	}
 	delete [] zbuf;
 	free (buf);
@@ -144,15 +144,18 @@
 		unsigned long blen = zlen*20;	// trust compression is less than 1000%
 		char *buf = new char[blen]; 
 		//printf("Doing decompress {%s}\n", zbuf);
-		if (uncompress((Bytef*)buf, &blen, (Bytef*)zbuf, zlen) != Z_OK) {
-			fprintf(stderr, "no room in outbuffer to during decompression. see
zipcomp.cpp\n");
+		slen = 0;
+		switch (uncompress((Bytef*)buf, &blen, (Bytef*)zbuf, zlen)){
+			case Z_OK: SendChars(buf, blen); slen = blen; break;
+			case Z_MEM_ERROR: fprintf(stderr, "ERROR: not enough memory during
decompression.\n"); break;
+			case Z_BUF_ERROR: fprintf(stderr, "ERROR: not enough room in the out
buffer during decompression.\n"); break;
+			case Z_DATA_ERROR: fprintf(stderr, "ERROR: corrupt data during
decompression.\n"); break;
+			default: fprintf(stderr, "ERROR: an unknown error occured during
decompression.\n"); break;
 		}
-		SendChars(buf, blen);
 		delete [] buf;
-		slen = blen;
 	}
 	else {
-		fprintf(stderr, "No buffer to decompress!\n");
+		fprintf(stderr, "ERROR: no buffer to decompress!\n");
 	}
 	//printf("Finished decoding\n");
 	free (zbuf);


----------------------------------------------------------------------

Comment By: Martin Gruner (mgruner)
Date: 2006-11-27 18:58

Message:
Logged In: YES 
user_id=169722
Originator: NO

Thank you for the detailed information. I'm not good enough on this level
of programming, so I sent a request for help to the sword-devel mailing
list. If you can come up with a solution (probably a patch to sword), that
would be most awesome!

God bless, mg

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100954&aid=1589388&group_id=954

More information about the bt-devel mailing list