[prev in list] [next in list] [prev in thread] [next in thread] 

List:       konq-bugs
Subject:    [Bug 311680] New: konqueror crashes on billion laughs xml
From:       John Haxby <john.haxby () oracle ! com>
Date:       2012-12-14 11:30:08
Message-ID: bug-311680-5021 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=311680

            Bug ID: 311680
          Severity: crash
           Version: 4.9.3
          Priority: NOR
          Assignee: konq-bugs@kde.org
           Summary: konqueror crashes on billion laughs xml
    Classification: Unclassified
                OS: Linux
          Reporter: john.haxby@oracle.com
          Hardware: Fedora RPMs
            Status: UNCONFIRMED
         Component: general
           Product: konqueror

Application: konqueror (4.9.3)
KDE Platform Version: 4.9.3
Qt Version: 4.8.4
Operating System: Linux 3.6.9-2.fc17.x86_64 x86_64
Distribution: "Fedora release 17 (Beefy Miracle)"

-- Information about the crash:
- What I was doing when the application crashed:

Mainly to see what would happen :) I extracted the Billion Laughs xml from
http://en.wikipedia.org/wiki/Billion_laughs and put it in a file and called
/tmp/billion.xml and ran:

    konqueror /tmp/billion.xml

konqueror opened up the window and then sat chewing CPU for quite a while and
finally keeled over.  At the time it died, its RSS had reached 2.1GB.

This is a fairly well-known DoS attack and presumably could be triggered by
visiting a suitably malicious web site.

-- Backtrace:
Application: Konqueror (konqueror), signal: Aborted
Using host libthread_db library "/lib64/libthread_db.so.1".
82    T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7fbc1ad1e880 (LWP 8053))]

Thread 2 (Thread 0x7fbc0ab58700 (LWP 8055)):
#0  0x00000030db4e8bdf in __GI___poll (fds=<optimized out>, nfds=<optimized
out>, timeout=<optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000030dd447af4 in g_main_context_poll (n_fds=1, fds=0x7fbc04002bb0,
timeout=-1, context=0x7fbc040009a0, priority=<optimized out>) at gmain.c:3440
#2  g_main_context_iterate (context=context@entry=0x7fbc040009a0,
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at
gmain.c:3141
#3  0x00000030dd447c14 in g_main_context_iteration (context=0x7fbc040009a0,
may_block=1) at gmain.c:3207
#4  0x00000033011a5fe6 in QEventDispatcherGlib::processEvents
(this=0x7fbc040008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426
#5  0x00000033011766ef in QEventLoop::processEvents
(this=this@entry=0x7fbc0ab57cd0, flags=...) at kernel/qeventloop.cpp:149
#6  0x0000003301176978 in QEventLoop::exec (this=0x7fbc0ab57cd0, flags=...) at
kernel/qeventloop.cpp:204
#7  0x0000003301078940 in QThread::exec (this=<optimized out>) at
thread/qthread.cpp:542
#8  0x0000003301156f0f in QInotifyFileSystemWatcherEngine::run (this=0x15972b0)
at io/qfilesystemwatcher_inotify.cpp:256
#9  0x000000330107b91c in QThreadPrivate::start (arg=0x15972b0) at
thread/qthread_unix.cpp:338
#10 0x00000030dc007d14 in start_thread (arg=0x7fbc0ab58700) at
pthread_create.c:309
#11 0x00000030db4f168d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7fbc1ad1e880 (LWP 8053)):
[KCrash Handler]
#6  0x00000030db435935 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x00000030db4370e8 in __GI_abort () at abort.c:91
#8  0x00000030dfc60dad in __gnu_cxx::__verbose_terminate_handler () at
../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#9  0x00000030dfc5eea6 in __cxxabiv1::__terminate (handler=<optimized out>) at
../../../../libstdc++-v3/libsupc++/eh_terminate.cc:40
#10 0x00000030dfc5eed3 in std::terminate () at
../../../../libstdc++-v3/libsupc++/eh_terminate.cc:50
#11 0x00000030dfc5f146 in __cxxabiv1::__cxa_rethrow () at
../../../../libstdc++-v3/libsupc++/eh_throw.cc:116
#12 0x0000003301176be4 in QEventLoop::exec (this=<optimized out>, flags=...) at
kernel/qeventloop.cpp:218
#13 0x000000330117b768 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1218
#14 0x00000033074b0572 in kdemain (argc=<optimized out>, argv=<optimized out>)
at /usr/src/debug/kde-baseapps-4.9.3/konqueror/src/konqmain.cpp:227
#15 0x00000030db421735 in __libc_start_main (main=0x400820 <main(int, char**)>,
argc=2, ubp_av=0x7ffffd7d0658, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7ffffd7d0648) at libc-start.c:226
#16 0x0000000000400851 in _start ()

Possible duplicates by query: bug 308801, bug 308152, bug 306773, bug 306218,
bug 305584.

Reported using DrKonqi

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Konq-bugs mailing list
Konq-bugs@kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic