crash while searching z3950.gbv.de

Sun Apr 1 17:03:26 MDT 2007

Hi all,

On Thu, Mar 15, 2007 at 12:12:08PM +0100, Benjamin von Engelhardt wrote:
> Am Mittwoch, 14. März 2007 21:22 schrieb Robby Stephenson:
> > On Wednesday 14 March 2007, Benjamin von Engelhardt wrote:
> > > while searching the gbv-Databases via z3950.gbv.de it get some entries,
> > > but then tellico crashes while still searching. This doesn't occur with
> > > the library of congress. I tried all different formats and codes (utf8
> > > etc.), always the same result (btw. I get only with the iso-8859-1 the
> > > correct german "Umlaute", with all the others, and also the library of
> > > congress, the umlauts are not correctly displayed).
> >
> > I need exact information to debug anything. What server, what port, what
> > character set, what user/pass, what search terms?
> 
> Server: z3950.gbv.de
> Port: 20010 (20012 for UTF-8)
> database: stabikat (same result with gvk)
> character set: iso-8891-1
> user: 999
> pass: abc
> search term: - tomuschat (person)
> 		     - engelhardt, dietrich (person)

I tried to reproduce this in a valgrind session but have to confess I do not
know where to insert these settings. Choosing "Data sources" -> "New" in the
config dialog I cannot insert these settings. I selected "Library of Congress"
and inserted the server and port number but failed to specify a database,
character set and other settings.

After selecting "Apply" I got a crash:

==19741== Invalid read of size 4
==19741==    at 0x80BCBBD: Tellico::ConfigDialog::saveConfiguration() (configdialog.cpp:637)
==19741==    by 0x80C3FB8: Tellico::MainWindow::slotHandleConfigChange() (mainwindow.cpp:1506)
==19741==    by 0x80CF3C5: Tellico::MainWindow::qt_invoke(int, QUObject*) (mainwindow.moc:265)
==19741==    by 0x549ED4E: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.7)
==19741==    by 0x549F7DF: QObject::activate_signal(int) (in /usr/lib/libqt-mt.so.3.3.7)
==19741==    by 0x80B5789: Tellico::ConfigDialog::signalConfigChanged() (configdialog.moc:122)
==19741==    by 0x80B72B8: Tellico::ConfigDialog::slotApply() (configdialog.cpp:170)
==19741==    by 0x80B559D: Tellico::ConfigDialog::slotOk() (configdialog.cpp:165)
==19741==    by 0x4DA4DE8: KDialogBase::qt_invoke(int, QUObject*) (in /usr/lib/libkdeui.so.4.2.0)
==19741==    by 0x80BC8C0: Tellico::ConfigDialog::qt_invoke(int, QUObject*) (configdialog.moc:145)
==19741==    by 0x549ED4E: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/libqt-mt.so.3.3.7)
==19741==    by 0x549F7DF: QObject::activate_signal(int) (in /usr/lib/libqt-mt.so.3.3.7)
==19741==  Address 0xC4 is not stack'd, malloc'd or (recently) free'd
KCrash: Application 'tellico' crashing...

I attached a minor patch which fixes two wrong memory accesses.

Jens
-------------- next part --------------
Index: ../src/detailedlistview.cpp
===================================================================

--- ../src/detailedlistview.cpp	(Revision 1672)
+++ ../src/detailedlistview.cpp	(Arbeitskopie)
@@ -726,13 +726,13 @@
   GUI::ListView::setSorting(column_, ascending_);
 }
 
-// it's possible to have a zero-length vector and have this called, so check bounds
+// it's possible to have a zero-length vector or negative column and have this called, so check bounds
 bool DetailedListView::isNumber(int column_) const {
-  return column_ < static_cast<int>(m_isNumber.size()) && m_isNumber[column_];
+  return column_ >= 0 && column_ < static_cast<int>(m_isNumber.size()) && m_isNumber[column_];
 }
 
 bool DetailedListView::isTitle(int column_) const {
-  return column_ < static_cast<int>(m_isTitle.size()) && m_isTitle[column_];
+  return column_ >= 0 && column_ < static_cast<int>(m_isTitle.size()) && m_isTitle[column_];
 }
 
 void DetailedListView::updateFirstSection() {
