Bug#527585: kdelibs4c2a: integer overflow in yearFromTime()
Package: kdelibs4c2a
Version: 4:3.5.10.dfsg.1-0lenny1
Severity: normal
Following javascript (as well as http://harrypotter.wikia.com/)
hangs konqueror:
<script type="text/javascript"><!--
var d=new Date(0);
d.setFullYear(2147483647);
d.setHours(2147483647);
d.getFullYear();
--></script>
The condition in
while (timeFromYear(y + 1) < t)
++y;
is always true, because of huge t.
Backtrace:
0xf7d51b81 in floor ()
from /lib/i686/cmov/libm.so.6
(gdb) bt
#0 0xf7d51b81 in floor () from /lib/i686/cmov/libm.so.6
#1 0x0000077f in ?? ()
#2 0xb353037f in ?? ()
#3 0xf59fd523 in timeFromYear (year=-1895703155) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/date_object.cpp:138
#4 0xf59fd5dd in yearFromTime (t=6.7775707143111606e+19)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/date_object.cpp:172
#5 0xf5a1d4b0 in KJS::DateProtoFuncImp::call (this=0x968e800, exec=0xffd87778, thisObj=@0xffd87500, args=@0xffd874f4)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/date_object.cpp:442
#6 0xf5a18ba9 in KJS::Object::call (this=0xffd87518, exec=0xffd87778, thisObj=@0xffd87500, args=@0xffd874f4)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/object.cpp:73
#7 0xf5a31f63 in KJS::FunctionCallNode::evaluate (this=0x941a378, exec=0xffd87778)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/nodes.cpp:870
#8 0xf5a2f9d6 in KJS::ExprStatementNode::execute (this=0x9698e60, exec=0xffd87778)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/nodes.cpp:1980
#9 0xf5a2e008 in KJS::SourceElementsNode::execute (this=0x9697698, exec=0xffd87778)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/nodes.cpp:3114
#10 0xf5a29179 in KJS::BlockNode::execute (this=0x9698ec8, exec=0xffd87778)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/nodes.cpp:1942
#11 0xf5a3352d in KJS::InterpreterImp::evaluate (this=0x968d250, code=@0xffd87870, thisV=@0xffd87874)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/internal.cpp:904
#12 0xf5a3390a in KJS::Interpreter::evaluate (this=0x968d200, code=@0xffd87870, thisV=@0xffd87874)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kjs/interpreter.cpp:166
#13 0xf5e00a76 in KJS::KJSProxyImpl::evaluate (this=0x93daca8, filename=
{static null = {static null = <same as static member of an already seen type>, d = 0x90f90c0, static shared_null = 0x90f90c0}, d = 0xffd87920, static shared_null = 0x90f90c0}, baseLine=1, str=@0xffd87b48, n=@0xffd879a0,
completion=0xffd878f8) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/ecma/kjs_proxy.cpp:164
#14 0xf5c35c84 in KHTMLPart::executeScript (this=0x942ba28, filename=@0xffd879b8, baseLine=1, n=@0xffd879a0,
script=@0xffd87b48) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/khtml_part.cpp:1155
#15 0xf5cbfb75 in khtml::HTMLTokenizer::scriptExecution (this=0x9381af0, str=@0xffd87b48, scriptURL=@0xf74262c0,
baseLine=0) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/html/htmltokenizer.cpp:452
#16 0xf5cd6d4d in khtml::HTMLTokenizer::scriptHandler (this=0x9381af0)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/html/htmltokenizer.cpp:416
#17 0xf5cd849a in khtml::HTMLTokenizer::parseSpecial (this=0x9381af0, src=@0x9381ff4)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/html/htmltokenizer.cpp:332
#18 0xf5cda1e6 in khtml::HTMLTokenizer::parseTag (this=0x9381af0, src=@0x9381ff4)
---Type <return> to continue, or q <return> to quit---
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/html/htmltokenizer.cpp:1211
#19 0xf5cdb6c5 in khtml::HTMLTokenizer::write (this=0x9381af0, str=@0xffd87efc, appendData=true)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/html/htmltokenizer.cpp:1457
#20 0xf5c3b9f2 in KHTMLPart::write (this=0x942ba28, str=@0xffd87f48)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/khtml_part.cpp:2004
#21 0xf5c297bb in KHTMLPart::end (this=0x942ba28) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/khtml_part.cpp:2016
#22 0xf5c4c41a in KHTMLPart::slotFinished (this=0x942ba28, job=0x93be178)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./khtml/khtml_part.cpp:1869
#23 0xf5c62f27 in KHTMLPart::qt_invoke (this=0x942ba28, _id=19, _o=0xffd880b4) at ./khtml_part.moc:503
#24 0xf6f9412d in QObject::activate_signal (this=0x93be178, clist=0x94178d8, o=0xffd880b4) at kernel/qobject.cpp:2383
#25 0xf75a62ce in KIO::Job::result (this=0x93be178, t0=0x93be178) at ./jobclasses.moc:162
#26 0xf75f6b84 in KIO::Job::emitResult (this=0x93be178) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:235
#27 0xf75f7a4e in KIO::SimpleJob::slotFinished (this=0x93be178)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:601
#28 0xf75f809c in KIO::TransferJob::slotFinished (this=0x93be178)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/job.cpp:971
#29 0xf75ec120 in KIO::TransferJob::qt_invoke (this=0x93be178, _id=17, _o=0xffd883b4) at ./jobclasses.moc:1071
#30 0xf6f941aa in QObject::activate_signal (this=0x9391360, clist=0x9447af0, o=0xffd883b4) at kernel/qobject.cpp:2359
#31 0xf6f966cb in QObject::activate_signal (this=0x9391360, signal=6) at kernel/qobject.cpp:2328
#32 0xf759e03c in KIO::SlaveInterface::finished (this=0x9391360) at ./slaveinterface.moc:226
#33 0xf76093c7 in KIO::SlaveInterface::dispatch (this=0x9391360, _cmd=104, rawdata=@0xffd88590)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/slaveinterface.cpp:243
#34 0xf75c386a in KIO::SlaveInterface::dispatch (this=0x9391360)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/slaveinterface.cpp:173
#35 0xf75cb5fc in KIO::Slave::gotInput (this=0x9391360) at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kio/kio/slave.cpp:300
#36 0xf75cb7b8 in KIO::Slave::qt_invoke (this=0x9391360, _id=4, _o=0xffd8867c) at ./slave.moc:113
#37 0xf6f941aa in QObject::activate_signal (this=0x9471398, clist=0x9339fe8, o=0xffd8867c) at kernel/qobject.cpp:2359
#38 0xf6f96589 in QObject::activate_signal (this=0x9471398, signal=2, param=12) at kernel/qobject.cpp:2452
#39 0xf72f2700 in QSocketNotifier::activated (this=0x9471398, t0=12)
at .moc/release-shared-mt/moc_qsocketnotifier.cpp:85
#40 0xf6fb35a7 in QSocketNotifier::event (this=0x9471398, e=0xffd889a8) at kernel/qsocketnotifier.cpp:261
#41 0xf6f2f7c5 in QApplication::internalNotify (this=0xffd88cc4, receiver=0x9471398, e=0xffd889a8)
at kernel/qapplication.cpp:2638
#42 0xf6f30806 in QApplication::notify (this=0xffd88cc4, receiver=0x9471398, e=0xffd889a8)
at kernel/qapplication.cpp:2375
---Type <return> to continue, or q <return> to quit---
#43 0xf6c15b82 in KApplication::notify (this=0xffd88cc4, receiver=0x9471398, event=0xffd889a8)
at /tmp/buildd/kdelibs-3.5.10.dfsg.1/./kdecore/kapplication.cpp:550
#44 0xf6f242cc in QEventLoop::activateSocketNotifiers (this=0x9109328) at kernel/qapplication.h:523
#45 0xf6eda66e in QEventLoop::processEvents (this=0x9109328, flags=4) at kernel/qeventloop_x11.cpp:386
#46 0xf6f481a0 in QEventLoop::enterLoop (this=0x9109328) at kernel/qeventloop.cpp:201
#47 0xf6f48066 in QEventLoop::exec (this=0x9109328) at kernel/qeventloop.cpp:148
#48 0xf6f2fe5f in QApplication::exec (this=0xffd88cc4) at kernel/qapplication.cpp:2761
#49 0xf7f19bcc in kdemain () from /usr/lib/libkdeinit_konqueror.so
#50 0x080484e2 in ?? ()
#51 0x00000002 in ?? ()
#52 0xffd89144 in ?? ()
#53 0xffd890b8 in ?? ()
#54 0x08048519 in ?? ()
#55 0xf7f7c250 in ?? () from /lib/ld-linux.so.2
#56 0xffd890c0 in ?? ()
#57 0xffd89118 in ?? ()
#58 0xf7bf7455 in __libc_start_main () from /lib/i686/cmov/libc.so.6
Backtrace stopped: frame did not save the PC
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (900, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages kdelibs4c2a depends on:
ii kdelibs-data 4:3.5.10.dfsg.1-0lenny1 core shared data for all KDE appli
ii libacl1 2.2.47-2 Access control list shared library
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libarts1c2a 1.5.9-2 aRts sound system core components
ii libasound2 1.0.16-2 ALSA library
ii libaspell15 0.60.6-1 GNU Aspell spell-checker runtime l
ii libattr1 1:2.4.43-2 Extended attribute shared library
ii libavahi-client 0.6.23-3lenny1 Avahi client library
ii libavahi-common 0.6.23-3lenny1 Avahi common library
ii libavahi-qt3-1 0.6.23-3lenny1 Avahi Qt 3 integration library
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcups2 1.3.8-1lenny5 Common UNIX Printing System(tm) -
ii libfam0 2.7.0-13.3 Client library to control the FAM
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libidn11 1.8+20080606-1 GNU libidn library, implementation
ii libilmbase6 1.0.1-2+nmu2 several utility libraries from ILM
ii libjasper1 1.900.1-5.1 The JasPer JPEG-2000 runtime libra
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii liblua50 5.0.3-3 Main interpreter library for the L
ii liblualib50 5.0.3-3 Extension library for the Lua 5.0
ii libopenexr6 1.6.1-3 runtime files for the OpenEXR imag
ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi
ii libqt3-mt 3:3.3.8b-5+b1 Qt GUI Library (Threaded runtime v
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxft2 2.1.12-3 FreeType-based font drawing librar
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii libxslt1.1 1.1.24-2 XSLT processing library - runtime
ii menu-xdg 0.3 freedesktop.org menu compliant win
ii perl 5.10.0-19 Larry Wall's Practical Extraction
ii x11-xserver-uti 7.3+5 X server utilities
ii xauth 1:1.0.3-2 X authentication utility
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
kdelibs4c2a recommends no packages.
Versions of packages kdelibs4c2a suggests:
ii fam 2.7.0-13.3 File Alteration Monitor
ii ghostscript 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
pn perl-suid <none> (no description available)
-- no debconf information
Reply to: