[calligracommon] [Bug 512888] kioworker crash trying to make a thumbnail of a specific RTF file

bugzilla_noreply Wed, 11 Feb 2026 05:17:50 -0800

https://bugs.kde.org/show_bug.cgi?id=512888


[email protected] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[email protected]

--- Comment #1 from [email protected] ---
Same here, also on Arch Linux. The same bug can be reproduced with a very
simple file containing the word "foo" (or any text, for that matter), generated
by LibreOffice.

Operating System: Arch Linux 
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.2
Kernel Version: 6.18.8-arch2-1 (64-bit)
Graphics Platform: Wayland
Processors: 12 × 11th Gen Intel® Core™ i5-11600KF @ 3.90GHz
Memory: 16 GiB of RAM (15.5 GiB usable)
Graphics Processor: NVIDIA GeForce RTX 2070 SUPER
Product Name: B560M-HDV

Version: 25.8.4.2 (X86_64) / LibreOffice Community
Build ID: 580(Build:2)
CPU threads: 12; OS: Linux 6.18; UI render: default; VCL: kf6 (cairo+wayland)
Locale: it-IT (it_IT.UTF-8); UI: it-IT
25.8.4-1
Calc: threaded

I posted also in the Arch Linux forum
(https://bbs.archlinux.org/viewtopic.php?pid=2286923), as it may possibly be a
downstream bug.

The issue is solved for Calligra itself simply rebuilding the package, while
KIOWorker continues to segfault even when using the rebuilt libraries.

I tried to inspect some more, to understand whether that's an upstream or
downstream bug, but as I'm not that familiar with C++ I hit a dead end.

The backtraces for Calligra (rebuilt, does not crash), and KIOWorker (rebuild,
still segfaults) look basically the same, i.e.,

KIOWorker (crash dump):

Thread 1 (Thread 0x7f7aa4216a00 (LWP 42139)):
#0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=11, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f7aa8ea79d3 in __pthread_kill_internal (threadid=<optimized out>,
signo=11) at pthread_kill.c:89
#2  0x00007f7aa8e4d3a0 in __GI_raise (sig=11) at ../sysdeps/posix/raise.c:26
#3  0x00007f7aa9f1ee57 in KCrash::defaultCrashHandler(int) () at
/usr/lib/libKF6Crash.so.6
#4  0x00007f7aa8e4d4d0 in <signal handler called> () at /usr/lib/libc.so.6
#5  QStringDecoder::decodeAsString (this=0x7ffd79653c40, in=...) at
/usr/include/qt6/QtCore/qstringconverter.h:141
#6  0x00007f7a68ddab16 in QStringDecoder::EncodedData<QByteArray
const&>::operator QString (this=0x7ffd79653c00) at
/usr/include/qt6/QtCore/qstringconverter.h:105
#7  0x00007f7a68dd85ff in RtfReader::TextDocumentRtfOutput::appendText
(this=0x7ffd79653fa0, text=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/TextDocumentRtfOutput.cpp:52
#8  0x00007f7a68dd120a in RtfReader::DocumentDestination::handlePlainText
(this=0x56460d48bbd0, plainText=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/DocumentDestination.cpp:142
#9  0x00007f7a68dc4d3c in RtfReader::Reader::parseDocument
(this=0x7ffd79653f30) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:307
#10 0x00007f7a68dc287e in RtfReader::Reader::parseFile (this=0x7ffd79653f30) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:96
#11 0x00007f7a68dc2807 in RtfReader::Reader::parseTo (this=0x7ffd79653f30,
output=0x7ffd79653fa0) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:86
#12 0x00007f7a6b272a0f in RTFImport::convert (this=0x56460d48db30, from=...,
to=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/rtfimport.cpp:63
#13 0x00007f7a9cd098b8 in CalligraFilter::ChainLink::invokeFilter
(this=0x56460d48e370, parentChainLink=0x0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterChainLink.cpp:75
#14 0x00007f7a9ccfc9e4 in KoFilterChain::invokeChain (this=0x56460d479ee0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterChain.cpp:89
#15 0x00007f7a9ccf2905 in KoFilterManager::importDocument (this=0x56460d2ef030,
url=..., documentMimeType=..., status=@0x7ffd79654460: 133169152) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterManager.cpp:159
#16 0x00007f7a9cca63e0 in KoDocument::openFile (this=0x56460d307ac0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:1439
#17 0x00007f7a9cc9ce41 in KoDocument::Private::openFile (this=0x56460d313550)
at /usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:272
#18 0x00007f7a9cc9cfc5 in KoDocument::Private::openLocalFile
(this=0x56460d313550) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:294
#19 0x00007f7a9ccaf256 in KoDocument::openUrlInternal (this=0x56460d307ac0,
url=...) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:2651
#20 0x00007f7a9cca5083 in KoDocument::openUrl (this=0x56460d307ac0, _url=...)
at /usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:1252
#21 0x00007f7a9e2b2657 in CalligraCreator::create (this=0x56460d1fe2a0,
request=...) at
/usr/src/debug/calligra/calligra-25.12.2/extras/thumbnail/calligracreator.cpp:93
#22 0x00007f7aa9f656d0 in ThumbnailProtocol::createThumbnail
(this=0x7ffd79654df0, thumbCreator=0x56460d2d93f0, filePath=..., width=128,
height=128, thumbnail=...) at
/usr/src/debug/kio-extras/kio-extras-25.12.2/thumbnail/thumbnail.cpp:882
#23 0x00007f7aa9f616df in ThumbnailProtocol::get (this=0x7ffd79654df0, url=...)
at /usr/src/debug/kio-extras/kio-extras-25.12.2/thumbnail/thumbnail.cpp:340
#24 0x00007f7aa9ce4ec0 in KIO::WorkerSlaveBaseBridge::get (this=0x56460d1cd550,
url=...) at /usr/src/debug/kio/kio-6.22.1/src/core/workerbase_p.h:71
#25 0x00007f7aa9cdf50d in KIO::SlaveBase::dispatch (this=0x56460d1cd550,
command=67, data=...) at
/usr/src/debug/kio/kio-6.22.1/src/core/slavebase.cpp:1121
#26 0x00007f7aa9cda144 in KIO::SlaveBase::dispatchLoop (this=0x56460d1cd550) at
/usr/src/debug/kio/kio-6.22.1/src/core/slavebase.cpp:330
#27 0x00007f7aa9ce5c78 in KIO::WorkerBase::dispatchLoop (this=0x7ffd79654df0)
at /usr/src/debug/kio/kio-6.22.1/src/core/workerbase.cpp:27
#28 0x00007f7aa9f6055c in kdemain (argc=4, argv=0x7ffd79655978) at
/usr/src/debug/kio-extras/kio-extras-25.12.2/thumbnail/thumbnail.cpp:208
#29 0x00005645f7f25e32 in main (argc=5, argv=0x7ffd79655ae8) at
/usr/src/debug/kio/kio-6.22.1/src/kioworker/kioworker.cpp:144

Calligra (gdb stack on opening the same file):

#0  QByteArrayView::QByteArrayView<QByteArray, true> (this=0x7fffffffb9c0,
ba=..., this=<optimized out>, ba=<optimized out>) at
/usr/include/qt6/QtCore/qbytearrayview.h:170
#1  0x00007fffbc2e5afc in QStringDecoder::EncodedData<QByteArray
const&>::operator QString (this=0x7fffffffba20) at
/usr/include/qt6/QtCore/qstringconverter.h:105
#2  0x00007fffbc2e35ff in RtfReader::TextDocumentRtfOutput::appendText
(this=0x7fffffffbdc0, text=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/TextDocumentRtfOutput.cpp:52
#3  0x00007fffbc2dc20a in RtfReader::DocumentDestination::handlePlainText
(this=0x555555f4f920, plainText=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/DocumentDestination.cpp:142
#4  0x00007fffbc2cfd3c in RtfReader::Reader::parseDocument
(this=0x7fffffffbd50) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:307
#5  0x00007fffbc2cd87e in RtfReader::Reader::parseFile (this=0x7fffffffbd50) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:96
#6  0x00007fffbc2cd807 in RtfReader::Reader::parseTo (this=0x7fffffffbd50,
output=0x7fffffffbdc0) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/rtfreader.cpp:86
#7  0x00007fffc0a30a0f in RTFImport::convert (this=0x555555f47660, from=...,
to=...) at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/rtfimport.cpp:63
#8  0x00007ffff7e728b8 in CalligraFilter::ChainLink::invokeFilter
(this=0x555555f454d0, parentChainLink=0x0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterChainLink.cpp:75
#9  0x00007ffff7e659e4 in KoFilterChain::invokeChain (this=0x555555effaa0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterChain.cpp:89
#10 0x00007ffff7e5b905 in KoFilterManager::importDocument (this=0x5555556f1cb0,
url=..., documentMimeType=..., status=@0x7fffffffc280: 133169152) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoFilterManager.cpp:159
#11 0x00007ffff7e0f3e0 in KoDocument::openFile (this=0x55555570d190) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:1439
#12 0x00007ffff7e05e41 in KoDocument::Private::openFile (this=0x55555575eba0)
at /usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:272
#13 0x00007ffff7e05fc5 in KoDocument::Private::openLocalFile
(this=0x55555575eba0) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:294
#14 0x00007ffff7e18256 in KoDocument::openUrlInternal (this=0x55555570d190,
url=...) at
/usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:2651
#15 0x00007ffff7e0e083 in KoDocument::openUrl (this=0x55555570d190, _url=...)
at /usr/src/debug/calligra/calligra-25.12.2/libs/main/KoDocument.cpp:1252
#16 0x00007ffff7ed1cee in KoPart::openExistingFile (this=0x55555573b840,
url=...) at /usr/src/debug/calligra/calligra-25.12.2/libs/main/KoPart.cpp:230
...

The main difference seems to be at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/TextDocumentRtfOutput.cpp:52:
Calligra (rebuilt, not crashing):

Thread 1 "calligrawords" hit Breakpoint 1,
RtfReader::TextDocumentRtfOutput::appendText (this=0x7fffffffbdc0, text=...)
    at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/TextDocumentRtfOutput.cpp:52
52              (m_encoding != QStringConverter::Utf8 ?
QStringDecoder(m_encoding).decode(text) :
QString::fromLatin1(text)).remove(controlCharacters));
(gdb) p m_encoding
$11 = QStringConverter::Utf8

(KIOWorker, crash dump)

(gdb) f 7
#7  0x00007f7a68dd85ff in RtfReader::TextDocumentRtfOutput::appendText
(this=0x7ffd79653fa0, text=...)
    at
/usr/src/debug/calligra/calligra-25.12.2/filters/words/rtf/import/3rdparty/rtf-qt/src/TextDocumentRtfOutput.cpp:52
52              (m_encoding != QStringConverter::Utf8 ?
QStringDecoder(m_encoding).decode(text) :
QString::fromLatin1(text)).remove(controlCharacters));
(gdb) p m_encoding
$3 = 3801198
(gdb) ptype m_encoding
type = enum QStringConverter::Encoding : unsigned int {QStringConverter::Utf8,
QStringConverter::Utf16, 
    QStringConverter::Utf16LE, QStringConverter::Utf16BE,
QStringConverter::Utf32, QStringConverter::Utf32LE, 
    QStringConverter::Utf32BE, QStringConverter::Latin1,
QStringConverter::System, 
    QStringConverter::LastEncoding = 8}

I.e., it seems to me that the codepath KIOWorker follows causes it to pull in
all the possible encodings instead of just one (Calligra, after being rebuilt
reaches the same point with just m_encoding=QStringConverter::Utf8, with the
same file). This in turn causes it to try to load a non-existing decoder, which
leads to an out-of-bounds access:
(KIOWorker, crash dump)

(gdb) f 5
#5  QStringDecoder::decodeAsString (this=0x7ffd79653c40, in=...) at
/usr/include/qt6/QtCore/qstringconverter.h:141
141             QString result(iface->toUtf16Len(in.size()),
Qt::Uninitialized);
(gdb) p *iface
❌ Cannot access memory at address 0x7f7ab2b21f10

Indeed, the address 0x7f7ab2b21f10 seems to be out of bounds:

(gdb) info proc mappings
Mapped address spaces:

Start Addr         End Addr           Size               Offset            
File 
0x00005645f7f24000 0x00005645f7f25000 0x1000             0x0               
/usr/lib/kf6/kioworker 
0x00005645f7f25000 0x00005645f7f27000 0x2000             0x1000            
/usr/lib/kf6/kioworker 
0x00005645f7f27000 0x00005645f7f28000 0x1000             0x3000            
/usr/lib/kf6/kioworker 
0x00005645f7f28000 0x00005645f7f29000 0x1000             0x3000            
/usr/lib/kf6/kioworker 
0x00005645f7f29000 0x00005645f7f2a000 0x1000             0x4000            
/usr/lib/kf6/kioworker 
0x00007f7a68db1000 0x00007f7a68dc1000 0x10000            0x0               
/usr/lib/libRtfReader.so.25.12.2 
...
0x00007f7aa9f7d000 0x00007f7aa9f7e000 0x1000             0x28000           
/usr/lib/qt6/plugins/kf6/kio/thumbnail.so 
0x00007f7aa9f86000 0x00007f7aa9f87000 0x1000             0x0               
/usr/lib/ld-linux-x86-64.so.2 
0x00007f7aa9f87000 0x00007f7aa9fb1000 0x2a000            0x1000            
/usr/lib/ld-linux-x86-64.so.2 
0x00007f7aa9fb1000 0x00007f7aa9fbc000 0xb000             0x2b000           
/usr/lib/ld-linux-x86-64.so.2 
0x00007f7aa9fbc000 0x00007f7aa9fbe000 0x2000             0x36000           
/usr/lib/ld-linux-x86-64.so.2 
0x00007f7aa9fbe000 0x00007f7aa9fbf000 0x1000             0x38000           
/usr/lib/ld-linux-x86-64.so.2 

And this is where I'm stuck, as in my limited understanding of C++ I don't get
why the two programs should follow different code paths as the underlying
library and code should be the same, as it should be all contained in the
Calligra libraries which I rebuilt - yet the two processes seem to follow
different logics with different results, one of which tries to load a
non-existing location and segfaults, as Calligra did before I rebuilt it.

-- 
You are receiving this mail because:
You are watching all bug changes.

[calligracommon] [Bug 512888] kioworker crash trying to make a thumbnail of a specific RTF file

Reply via email to