[sword-devel] crashes with ciphering code

Martin Gruner mg.pub at gmx.net
Mon Nov 27 10:56:21 MST 2006 

Hi Troy.

I wrote you that we are having difficulties with BibleTime's stability since 
we use my dumb "check that the entered cipher key is valid" function, which 
basically just calls 

(*m_module) = sword::TOP;
QString test = QString::fromLatin1( m_module->getRawEntryBuf().c_str() );

These lines _sometimes_ make BibleTime crash like this:

And the KDE crash handler backtrace is:
 Using host libthread_db
 library "/lib/libthread_db.so.1".
 [Thread debugging using libthread_db enabled]
 [New Thread -1241056400 (LWP 5365)]
 [KCrash handler]
 #6 *__GI_strcpy (dest=0x0, src=0x12f75880 <Address
 0x12f75880 out of bounds>)
 at ../sysdeps/generic/strcpy.c:39
 #7 0xb65ebbe6 in sword::zStr::getCompressedText ()
 from /usr/lib/libsword-1.5.9.so
 #8 0xb65ecce7 in sword::zStr::getText ()
 from /usr/lib/libsword-1.5.9.so
 #9 0xb664928c in sword::zLD::getEntry ()
 from /usr/lib/libsword-1.5.9.so
 #10 0xb66494e9 in sword::zLD::getRawEntryBuf ()
 from /usr/lib/libsword-1.5.9.so
 #11 0xb6647bab in sword::SWLD::setPosition ()
 from /usr/lib/libsword-1.5.9.so
 #12 0x08128af1 in CSwordModuleInfo::unlockKeyIsValid

(Strange thing here: crashes on (*m_module) = sword::TOP;)
A user now posted a more detailed analysis:

"Well, I've narrowed down the bug a bit, to somewhere in sword's 
ciphered-text--handling  system, or possibly in how bibletime uses that 
system. When I removed the two "locked" modules, gerhfa2002
 and gerhfalex2002, from  my /usr/share/sword tree, the crashes don't seem to 
be happening.
 (Although I still get "Error reading ulBuffNum" sometimes while creating 
indices, which I  got before.)
 
  zStr::getCompressedText calls
 strcpy(*buf, cacheBlock->getEntry(entry));
 the getEntry is in entriesblk.cpp, and it calls getMetaEntry. getEntry then 
returns: return (offset) ? block+offset : empty;
 The crashing occurs when offset is non-zero but
 block+offset is not a valid string pointer.
 Hence, in the previous post:
 #6 *__GI_strcpy (dest=0x0, src=0x12f75880 <Address 
 0x12f75880 out of bounds>)
 
 0x12f75880 in this case was block+offset (confirmed by
 printing out the value of  block+offset on another occasion).

Do you think this is something that can be fixed? If not, I'll have to disable 
the "check cipher key" function again. Or is it even an error in BibleTime?

Thanks for your guidance in this matter.

mg

More information about the sword-devel mailing list