--===============1861504994041023678== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/128893/ ----------------------------------------------------------- (Updated Sept. 11, 2016, 4:40 p.m.) Status ------ This change has been marked as submitted. Review request for KDE Frameworks and Boudhayan Gupta. Changes ------- Submitted with commit 6e5b41e88d92c90df8e54d99163cea08f17d0554 by Christoph Cullmann to branch master. Repository: baloo Description ------- Old code was plain wrong: - auto it = std::upper_bound(subDocs.begin(), subDocs.end(), id); - - // Merge the id if it does not - auto prev = it - 1; - if (*prev != id) { - subDocs.insert(it, id); - } => you deref begin()-1 in my test case => BAM ;) valgrind backtrace for old code (moved it to template method) 0 PASS : DocumentUrlDBTest::testGetId() it == begin 1 ==22283== Invalid read of size 8 ==22283== at 0x406F20: void Baloo::sortedIdInsert >, unsigned long long>(std::vector >&, unsigned long long const&) (idutils.h:101) ==22283== by 0x406965: DocumentUrlDBTest::testSortedIdInsert() (documenturldbtest.cpp:158) ==22283== by 0x404DD9: DocumentUrlDBTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (documenturldbtest.moc:99) ==22283== by 0x57F90BD: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /usr/lib/libQt5Core.so.5.7.0) ==22283== by 0x4E489D6: ??? (in /usr/lib/libQt5Test.so.5.7.0) ==22283== by 0x4E49405: ??? (in /usr/lib/libQt5Test.so.5.7.0) ==22283== by 0x4E49A51: ??? (in /usr/lib/libQt5Test.so.5.7.0) ==22283== by 0x4E49F60: QTest::qExec(QObject*, int, char**) (in /usr/lib/libQt5Test.so.5.7.0) ==22283== by 0x404CF1: main (documenturldbtest.cpp:167) ==22283== Address 0xbf25418 is 8 bytes before a block of size 8 alloc'd ==22283== at 0x4C2A0FC: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==22283== by 0x40AF63: __gnu_cxx::new_allocator::allocate(unsigned long, void const*) (new_allocator.h:104) ==22283== by 0x40AD46: std::allocator_traits >::allocate(std::allocator&, unsigned long) (alloc_traits.h:416) ==22283== by 0x40A171: std::_Vector_base >::_M_allocate(unsigned long) (stl_vector.h:170) ==22283== by 0x409151: void std::vector >::_M_emplace_back_aux(unsigned long long&&) (vector.tcc:412) ==22283== by 0x40886C: void std::vector >::emplace_back(unsigned long long&&) (vector.tcc:101) ==22283== by 0x406E55: std::vector >::push_back(unsigned long long&&) (stl_vector.h:933) ==22283== by 0x40694A: DocumentUrlDBTest::testSortedIdInsert() (documenturldbtest.cpp:155) ==22283== by 0x404DD9: DocumentUrlDBTest::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (documenturldbtest.moc:99) ==22283== by 0x57F90BD: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /usr/lib/libQt5Core.so.5.7.0) ==22283== by 0x4E489D6: ??? (in /usr/lib/libQt5Test.so.5.7.0) ==22283== by 0x4E49405: ??? (in /usr/lib/libQt5Test.so.5.7.0) ==22283== Bug report: https://bugs.kde.org/show_bug.cgi?id=367991 Diffs ----- autotests/unit/engine/documenturldbtest.cpp 448821b src/engine/documenturldb.cpp 5083e7a src/engine/idutils.h cc7da9c src/engine/writetransaction.cpp 3808970 Diff: https://git.reviewboard.kde.org/r/128893/diff/ Testing ------- Wrote test, valgrind shows error (or you get segfault, depending on luck) with old code, new one works. Thanks, Christoph Cullmann --===============1861504994041023678== MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit
This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/128893/

This change has been marked as submitted.

Review request for KDE Frameworks and Boudhayan Gupta.
By Christoph Cullmann.

Updated Sept. 11, 2016, 4:40 p.m.

Changes

Submitted with commit 6e5b41e88d92c90df8e54d99163cea08f17d0554 by Christoph Cullmann to branch master.
Repository: baloo

Description 

Old code was plain wrong:


-        auto it = std::upper_bound(subDocs.begin(), subDocs.end(), id);


    

  • // Merge the id if it does not
    • 

  • auto prev = it - 1;
    • 

  • if (*prev != id) {
    • 

  • subDocs.insert(it, id);
    • 

  • }
    • 



=> you deref begin()-1 in my test case


=> BAM ;)


valgrind backtrace for old code (moved it to template method)


0
PASS   : DocumentUrlDBTest::testGetId()
it == begin 1
==22283== Invalid read of size 8
==22283==    at 0x406F20: void Baloo::sortedIdInsert<std::vector<unsigned long long, std::allocator<unsigned long long> >, unsigned long long>(std::vector<unsigned long long, std::allocator<unsigned long long> >&, unsigned long long const&) (idutils.h:101)
==22283==    by 0x406965: DocumentUrlDBTest::testSortedIdInsert() (documenturldbtest.cpp:158)
==22283==    by 0x404DD9: DocumentUrlDBTest::qt_static_metacall(QObject, QMetaObject::Call, int, void) (documenturldbtest.moc:99)
==22283==    by 0x57F90BD: QMetaMethod::invoke(QObject, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /usr/lib/libQt5Core.so.5.7.0)
==22283==    by 0x4E489D6: ??? (in /usr/lib/libQt5Test.so.5.7.0)
==22283==    by 0x4E49405: ??? (in /usr/lib/libQt5Test.so.5.7.0)
==22283==    by 0x4E49A51: ??? (in /usr/lib/libQt5Test.so.5.7.0)
==22283==    by 0x4E49F60: QTest::qExec(QObject, int, char) (in /usr/lib/libQt5Test.so.5.7.0)
==22283==    by 0x404CF1: main (documenturldbtest.cpp:167)
==22283==  Address 0xbf25418 is 8 bytes before a block of size 8 alloc'd
==22283==    at 0x4C2A0FC: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22283==    by 0x40AF63: __gnu_cxx::new_allocator<unsigned long long>::allocate(unsigned long, void const) (new_allocator.h:104)
==22283==    by 0x40AD46: std::allocator_traits<std::allocator<unsigned long long> >::allocate(std::allocator<unsigned long long>&, unsigned long) (alloc_traits.h:416)
==22283==    by 0x40A171: std::_Vector_base<unsigned long long, std::allocator<unsigned long long> >::_M_allocate(unsigned long) (stl_vector.h:170)
==22283==    by 0x409151: void std::vector<unsigned long long, std::allocator<unsigned long long> >::_M_emplace_back_aux<unsigned long long>(unsigned long long&&) (vector.tcc:412)
==22283==    by 0x40886C: void std::vector<unsigned long long, std::allocator<unsigned long long> >::emplace_back<unsigned long long>(unsigned long long&&) (vector.tcc:101)
==22283==    by 0x406E55: std::vector<unsigned long long, std::allocator<unsigned long long> >::push_back(unsigned long long&&) (stl_vector.h:933)
==22283==    by 0x40694A: DocumentUrlDBTest::testSortedIdInsert() (documenturldbtest.cpp:155)
==22283==    by 0x404DD9: DocumentUrlDBTest::qt_static_metacall(QObject, QMetaObject::Call, int, void) (documenturldbtest.moc:99)
==22283==    by 0x57F90BD: QMetaMethod::invoke(QObject, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (in /usr/lib/libQt5Core.so.5.7.0)
==22283==    by 0x4E489D6: ??? (in /usr/lib/libQt5Test.so.5.7.0)
==22283==    by 0x4E49405: ??? (in /usr/lib/libQt5Test.so.5.7.0)
==22283==


Bug report:


https://bugs.kde.org/show_bug.cgi?id=367991

Testing 

Wrote test, valgrind shows error (or you get segfault, depending on luck) with old code, new one works.

Diffs

  • autotests/unit/engine/documenturldbtest.cpp (448821b)
  • src/engine/documenturldb.cpp (5083e7a)
  • src/engine/idutils.h (cc7da9c)
  • src/engine/writetransaction.cpp (3808970)

View Diff
--===============1861504994041023678==--