Bug 123573 - [PATCH] Fast right click on bookmarks folder and then rightclick on bookmark crashes konqueror
Summary: [PATCH] Fast right click on bookmarks folder and then rightclick on bookmark ...
Status: RESOLVED WORKSFORME
Alias: None
Product: konqueror
Classification: Applications
Component: bookmarks (show other bugs)
Version: 3.5
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-13 21:44 UTC by Marius
Modified: 2009-08-23 11:59 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marius 2006-03-13 21:44:27 UTC
Version:            (using KDE KDE 3.5.1)
Installed from:    Gentoo Packages

If you quickly move the mouse down on a bookmark folder and right click on it (the click has to happen before the content of the folder is shown i think), then move the mouse over a bookmark in that folder, right click on it and then move the mouse back over the bookmark folder listing, konqueror crashes.

So:
1. Quickly open a right click menu on a bookmark folder
2. Move the mouse to the content of the folder
3. Right click on a random bookmark in that folder
4. Move the mouse back to over the bookmark folder listings
5. Crash

The traceback told me it was useless (have unchecked "disable checking on startup" in kcontrol->kde perf)
Comment 1 Andreas R. 2006-07-06 23:44:07 UTC
I observed the same problem, but without the restriction to be fast:
1. Move to a bookmark folder, wait until it unfolds, select an entry, right-click on it: a small "right-click box" appears.
2. Now move your mouse pointer to the original bookmark folder and right-click on it while the above small "right-click box" is still visible.
-> Crash

Backtrace:
Using host libthread_db library "/lib/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 16497)]
[KCrash handler]
#6  0xb79d6d03 in KPopupMenu::ctxMenuHiding (this=0x8b171e0) at qmenudata.h:71
#7  0xb79d7929 in KPopupMenu::qt_invoke (this=0x8b171e0, _id=61, 
    _o=0xbfa48f40) at kpopupmenu.moc:231
#8  0xb70f4b8a in QObject::activate_signal (this=0x8b17b28, clist=0x8b174e0, 
    o=0xbfa48f40) at qconnection.h:54
#9  0xb70f52b4 in QObject::activate_signal (this=0xbfa48f54, 
    signal=-1079734800) at qobject.cpp:2325
#10 0xb744ddc6 in QPopupMenu::aboutToHide (this=0x0) at qmetaobject.h:261
#11 0xb71fe582 in QPopupMenu::hide (this=0x8b17b28) at qpopupmenu.cpp:1374
#12 0xb79d6d89 in KPopupMenu::hideEvent (this=0x8b171e0) at kpopupmenu.cpp:661
#13 0xb712c190 in QWidget::event (this=0x8b171e0, e=0xbfa493d0)
    at qwidget.cpp:4830
#14 0xb70929d0 in QApplication::internalNotify (this=0x0, receiver=0x8b171e0, 
    e=0xbfa493d0) at qapplication.cpp:2635
#15 0xb7092b63 in QApplication::notify (this=0xbfa49ff0, receiver=0x8b171e0, 
    e=0xbfa493d0) at qapplication.cpp:2523
#16 0xb77064be in KApplication::notify (this=0xbfa49ff0, receiver=0x8b171e0, 
    event=0xbfa493d0) at kapplication.cpp:550
#17 0xb71298dd in QWidget::hide (this=0x8b171e0) at qapplication.h:496
#18 0xb71fe5ed in QPopupMenu::hide (this=0x8b171e0) at qpopupmenu.cpp:1385
#19 0xb743c72f in QWidget::qt_invoke (this=0x8b171e0, _id=145846752, 
    _o=0xbfa495e0) at moc_qwidget.cpp:373
#20 0xb7443fa7 in QFrame::qt_invoke (this=0x0, _id=0, _o=0x0)
    at moc_qframe.cpp:118
#21 0xb744de1f in QPopupMenu::qt_invoke (this=0x8b171e0, _id=23, 
    _o=0xbfa495e0) at moc_qpopupmenu.cpp:199
#22 0xb79d781b in KPopupMenu::qt_invoke (this=0x8b171e0, _id=23, 
    _o=0xbfa495e0) at kpopupmenu.moc:234
#23 0xb70f4b8a in QObject::activate_signal (this=0x83f40a8, clist=0x8b174e0, 
    o=0xbfa495e0) at qconnection.h:54
#24 0xb7438ee2 in QSignal::signal (this=0xbfa49608, t0=@0x0)
    at moc_qsignal.cpp:100
#25 0xb710e4a9 in QSignal::activate (this=0x83f40a8) at qsignal.cpp:212
#26 0xb711592b in QSingleShotTimer::event (this=0x83f4080) at qtimer.cpp:286
#27 0xb70929d0 in QApplication::internalNotify (this=0x0, receiver=0x83f4080, 
    e=0xbfa499e0) at qapplication.cpp:2635
#28 0xb7092b63 in QApplication::notify (this=0xbfa49ff0, receiver=0x83f4080, 
    e=0xbfa499e0) at qapplication.cpp:2523
#29 0xb77064be in KApplication::notify (this=0xbfa49ff0, receiver=0x83f4080, 
    event=0xbfa499e0) at kapplication.cpp:550
#30 0xb70867e5 in QEventLoop::activateTimers (this=0x815c870)
    at qapplication.h:496
#31 0xb703fade in QEventLoop::processEvents (this=0x815c870, flags=4)
    at qeventloop_x11.cpp:389
#32 0xb70a897e in QEventLoop::enterLoop (this=0x815c870) at qeventloop.cpp:198
#33 0xb70a88d6 in QEventLoop::exec (this=0x815c870) at qeventloop.cpp:145
#34 0xb7091cb7 in QApplication::exec (this=0xbfa49ff0)
    at qapplication.cpp:2758
#35 0xb66a4921 in kdemain (argc=0, argv=0x0) at konq_main.cc:206
#36 0xb760880c in kdeinitmain (argc=0, argv=0x0) at konqueror_dummy.cc:3
#37 0x0804e405 in launch (argc=2, _name=0x813b81c "konqueror", 
    args=0x813b82f "\001", cwd=0x0, envc=1, envs=0x813b840 "", 
    reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x0)
    at kinit.cpp:639
#38 0x0804eb34 in handle_launcher_request (sock=8) at kinit.cpp:1203
#39 0x0804f06b in handle_requests (waitForPid=0) at kinit.cpp:1406
#40 0x0804f88d in main (argc=2, argv=0xbfa4a954, envp=0x0) at kinit.cpp:1850
#41 0xb68e738e in __libc_start_main (main=0x804f186 <main>, argc=0, 
    ubp_av=0xbfa4a954, init=0x805098c <__libc_csu_init>, fini=0, 
    rtld_fini=0xbfa48df0, stack_end=0xbfa4a94c) at libc-start.c:240
#42 0x0804ba61 in _start () at start.S:119
Current language:  auto; currently c
Comment 2 Frank Osterfeld 2006-08-23 09:51:25 UTC
Can't reproduce with 3.5.4.
Comment 3 Frank Osterfeld 2006-08-23 09:52:53 UTC
What is your Qt version?
Comment 4 Jason Bouzane 2006-11-05 13:26:14 UTC
I can reproduce the crash described in comment #1 using Kubuntu packages for Edgy. QT version is 3.3.6 and KDE version is 3.5.5. The crash is always reproducible.
Comment 5 Jason Bouzane 2006-11-05 13:34:23 UTC
Backtrace from gdb:

#0  0x00002b62e2bcba12 in KPopupMenu::ctxMenuHiding ()
   from /usr/lib/libkdeui.so.4
#1  0x00002b62e2c0f201 in KPopupMenu::qt_invoke () from /usr/lib/libkdeui.so.4
#2  0x00002b62e4489d76 in QObject::activate_signal ()
   from /usr/lib/libqt-mt.so.3
#3  0x00002b62e448a910 in QObject::activate_signal ()
   from /usr/lib/libqt-mt.so.3
#4  0x00002b62e4810b0d in QPopupMenu::aboutToHide ()
   from /usr/lib/libqt-mt.so.3
#5  0x00002b62e45a7c28 in QPopupMenu::hide () from /usr/lib/libqt-mt.so.3
#6  0x00002b62e2bc3193 in KPopupMenu::hideEvent () from /usr/lib/libkdeui.so.4
#7  0x00002b62e44beb0e in QWidget::event () from /usr/lib/libqt-mt.so.3
#8  0x00002b62e44252d6 in QApplication::internalNotify ()
   from /usr/lib/libqt-mt.so.3
#9  0x00002b62e4427b4a in QApplication::notify () from /usr/lib/libqt-mt.so.3
#10 0x00002b62e35d6ba8 in KApplication::notify () from /usr/lib/libkdecore.so.4
#11 0x00002b62e43b7e42 in QApplication::sendEvent ()
   from /usr/lib/libqt-mt.so.3
#12 0x00002b62e44bdce2 in QWidget::hide () from /usr/lib/libqt-mt.so.3
#13 0x00002b62e45a7d15 in QPopupMenu::hide () from /usr/lib/libqt-mt.so.3
#14 0x00002b62e47fdeaf in QWidget::qt_invoke () from /usr/lib/libqt-mt.so.3
#15 0x00002b62e480472d in QFrame::qt_invoke () from /usr/lib/libqt-mt.so.3
#16 0x00002b62e4810ad4 in QPopupMenu::qt_invoke () from /usr/lib/libqt-mt.so.3
---Type <return> to continue, or q <return> to quit---
#17 0x00002b62e2c0f17d in KPopupMenu::qt_invoke () from /usr/lib/libkdeui.so.4
#18 0x00002b62e4489d76 in QObject::activate_signal ()
   from /usr/lib/libqt-mt.so.3
#19 0x00002b62e47f7d85 in QSignal::signal () from /usr/lib/libqt-mt.so.3
#20 0x00002b62e44a8ecb in QSignal::activate () from /usr/lib/libqt-mt.so.3
#21 0x00002b62e44afefe in QSingleShotTimer::event ()
   from /usr/lib/libqt-mt.so.3
#22 0x00002b62e44252d6 in QApplication::internalNotify ()
   from /usr/lib/libqt-mt.so.3
#23 0x00002b62e4427065 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#24 0x00002b62e35d6ba8 in KApplication::notify () from /usr/lib/libkdecore.so.4
#25 0x00002b62e43b7e42 in QApplication::sendEvent ()
   from /usr/lib/libqt-mt.so.3
#26 0x00002b62e4418590 in QEventLoop::activateTimers ()
   from /usr/lib/libqt-mt.so.3
#27 0x00002b62e43cc56f in QEventLoop::processEvents ()
   from /usr/lib/libqt-mt.so.3
#28 0x00002b62e443e80b in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#29 0x00002b62e443e613 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#30 0x00002b62e4426d9c in QApplication::exec () from /usr/lib/libqt-mt.so.3
#31 0x00002b62e18855bc in kdemain () from /usr/lib/libkdeinit_konqueror.so
#32 0x00002b62e1e790c4 in __libc_start_main () from /lib/libc.so.6
#33 0x0000000000400519 in ?? ()
---Type <return> to continue, or q <return> to quit---
#34 0x00007fffc9402aa8 in ?? ()
#35 0x0000000000000000 in ?? ()

The disassembly is:

Dump of assembler code for function _ZN10KPopupMenu13ctxMenuHidingEv:
0x00002b62e2bcb9d0 <_ZN10KPopupMenu13ctxMenuHidingEv+0>:        mov    2956561(%rip),%rax        # 0x2b62e2e9d6e8 <_ZTI8QPtrDictI11QGuardedPtrI7QWidgetEE+5048>
0x00002b62e2bcb9d7 <_ZN10KPopupMenu13ctxMenuHidingEv+7>:        push   %rbx
0x00002b62e2bcb9d8 <_ZN10KPopupMenu13ctxMenuHidingEv+8>:        mov    %rdi,%rbx
0x00002b62e2bcb9db <_ZN10KPopupMenu13ctxMenuHidingEv+11>:       mov    (%rax),%esi
0x00002b62e2bcb9dd <_ZN10KPopupMenu13ctxMenuHidingEv+13>:       test   %esi,%esi
0x00002b62e2bcb9df <_ZN10KPopupMenu13ctxMenuHidingEv+15>:       jne    0x2b62e2bcba06 <_ZN10KPopupMenu13ctxMenuHidingEv+54>
0x00002b62e2bcb9e1 <_ZN10KPopupMenu13ctxMenuHidingEv+17>:       lea    1220519(%rip),%rcx        # 0x2b62e2cf598f <_fini+4215>
0x00002b62e2bcb9e8 <_ZN10KPopupMenu13ctxMenuHidingEv+24>:       lea    1220534(%rip),%rsi        # 0x2b62e2cf59a5 <_fini+4237>
0x00002b62e2bcb9ef <_ZN10KPopupMenu13ctxMenuHidingEv+31>:       mov    %rbx,%rdx
0x00002b62e2bcb9f2 <_ZN10KPopupMenu13ctxMenuHidingEv+34>:       mov    %rbx,%rdi
0x00002b62e2bcb9f5 <_ZN10KPopupMenu13ctxMenuHidingEv+37>:       callq  0x2b62e2b932a8 <_ZN7QObject10disconnectEPKS_PKcS1_S3_@plt>
0x00002b62e2bcb9fa <_ZN10KPopupMenu13ctxMenuHidingEv+42>:       mov    2952223(rip),%rax        # 0x2b62e2e9c620 <_ZTI8QPtrDictI11QGuardedPtrI7QWidgetEE+752>
0x00002b62e2bcba01 <_ZN10KPopupMenu13ctxMenuHidingEv+49>:       movb   $0x1,(%rax)
0x00002b62e2bcba04 <_ZN10KPopupMenu13ctxMenuHidingEv+52>:       pop    %rbx
0x00002b62e2bcba05 <_ZN10KPopupMenu13ctxMenuHidingEv+53>:       retq
0x00002b62e2bcba06 <_ZN10KPopupMenu13ctxMenuHidingEv+54>:       lea    0xf0(%rdi),%rdi
0x00002b62e2bcba0d <_ZN10KPopupMenu13ctxMenuHidingEv+61>:       callq  0x2b62e2b9d3d8 <_ZNK9QMenuData8findItemEi@plt>
0x00002b62e2bcba12 <_ZN10KPopupMenu13ctxMenuHidingEv+66>:       mov    0x28(%rax),%rdi
0x00002b62e2bcba16 <_ZN10KPopupMenu13ctxMenuHidingEv+70>:       test   %rdi,%rdi
0x00002b62e2bcba19 <_ZN10KPopupMenu13ctxMenuHidingEv+73>:       je     0x2b62e2bcb9e1 <_ZN10KPopupMenu13ctxMenuHidingEv+17>
0x00002b62e2bcba1b <_ZN10KPopupMenu13ctxMenuHidingEv+75>:       lea    1220435(%rip),%rcx        # 0x2b62e2cf5975 <_fini+4189>
0x00002b62e2bcba22 <_ZN10KPopupMenu13ctxMenuHidingEv+82>:       lea    1219561(%rip),%rsi        # 0x2b62e2cf5612 <_fini+3322>
0x00002b62e2bcba29 <_ZN10KPopupMenu13ctxMenuHidingEv+89>:       mov    %rbx,%rdx
0x00002b62e2bcba2c <_ZN10KPopupMenu13ctxMenuHidingEv+92>:       callq  0x2b62e2b932a8 <_ZN7QObject10disconnectEPKS_PKcS1_S3_@plt>
0x00002b62e2bcba31 <_ZN10KPopupMenu13ctxMenuHidingEv+97>:       jmp    0x2b62e2bcb9e1 <_ZN10KPopupMenu13ctxMenuHidingEv+17>
0x00002b62e2bcba33 <_ZN10KPopupMenu13ctxMenuHidingEv+99>:       nop
0x00002b62e2bcba34 <_ZN10KPopupMenu13ctxMenuHidingEv+100>:      data16
0x00002b62e2bcba35 <_ZN10KPopupMenu13ctxMenuHidingEv+101>:      data16
0x00002b62e2bcba36 <_ZN10KPopupMenu13ctxMenuHidingEv+102>:      data16
0x00002b62e2bcba37 <_ZN10KPopupMenu13ctxMenuHidingEv+103>:      nop
0x00002b62e2bcba38 <_ZN10KPopupMenu13ctxMenuHidingEv+104>:      data16
0x00002b62e2bcba39 <_ZN10KPopupMenu13ctxMenuHidingEv+105>:      data16
0x00002b62e2bcba3a <_ZN10KPopupMenu13ctxMenuHidingEv+106>:      data16
0x00002b62e2bcba3b <_ZN10KPopupMenu13ctxMenuHidingEv+107>:      nop
0x00002b62e2bcba3c <_ZN10KPopupMenu13ctxMenuHidingEv+108>:      data16
0x00002b62e2bcba3d <_ZN10KPopupMenu13ctxMenuHidingEv+109>:      data16
0x00002b62e2bcba3e <_ZN10KPopupMenu13ctxMenuHidingEv+110>:      data16
0x00002b62e2bcba3f <_ZN10KPopupMenu13ctxMenuHidingEv+111>:      nop

And the registers are:
rax            0x0      0
rbx            0x1007000        16805888
rcx            0x1007000        16805888
rdx            0x7fffc9400e00   140736569806336
rsi            0x7fffc9400e00   140736569806336
rdi            0xa4cbd0 10800080
rbp            0x7fffc9400f80   0x7fffc9400f80
rsp            0x7fffc9400e50   0x7fffc9400e50
r8             0x10093e0        16815072
r9             0x52ab   21163
r10            0x0      0
r11            0x2b62e2bcb9d0   47703710808528
r12            0x1007000        16805888
r13            0x7fffc9402888   140736569813128
r14            0x7fffc9401560   140736569808224
r15            0x0      0
rip            0x2b62e2bcba12   0x2b62e2bcba12 <KPopupMenu::ctxMenuHiding()+66>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

It looks like the MenuData::FindItem function is returning NULL and KPopupMenu's ctxMenuHiding function isn't checking the return value.
Comment 6 Philip Rodrigues 2007-01-21 17:45:13 UTC
Easy to fix the crashing, but I suspect this just causes a bug somewhere else:

Index: kpopupmenu.cpp
===================================================================
--- kpopupmenu.cpp      (revision 624070)
+++ kpopupmenu.cpp      (working copy)
@@ -609,15 +609,18 @@

 void KPopupMenu::ctxMenuHiding()
 {
-    if (KPopupMenuPrivate::s_highlightedItem)
+  if (KPopupMenuPrivate::s_highlightedItem)
     {
-        QPopupMenu* subMenu = findItem(KPopupMenuPrivate::s_highlightedItem)->popup();
-        if (subMenu)
+      QMenuItem* item = findItem(KPopupMenuPrivate::s_highlightedItem);
+      if (item)
         {
-            disconnect(subMenu, SIGNAL(aboutToShow()), this, SLOT(ctxMenuHideShowingMenu()));
+          QPopupMenu* subMenu = item->popup();
+          if (subMenu)
+            {
+              disconnect(subMenu, SIGNAL(aboutToShow()), this, SLOT(ctxMenuHideShowingMenu()));
+            }
         }
     }
-
     disconnect(this, SIGNAL(highlighted(int)), this, SLOT(itemHighlighted(int)));
     KPopupMenuPrivate::s_continueCtxMenuShow = true;
 }
Comment 7 Philip Rodrigues 2007-01-22 22:05:57 UTC
Should have mentioned that the patch is to be applied in kdelibs/kdeui
Comment 8 Jonas Björk 2008-05-17 11:17:07 UTC
This bug does not work for me in KDE 3.5.9 on openSUSE
Comment 9 Rui G. 2008-08-22 13:03:15 UTC
This bug is still there in OpenSuse 11.0 (kde 3.5.9). What it must happen for the crash to occur, is to follow the steps in the first comment, 2 contexts menus will appear and crash while drawing the 2nd. 

The bug doesn't happen in konq4 because the focus stays on the right-clicked item, unlike konq3.
Comment 10 Shriramana Sharma 2009-04-12 20:46:26 UTC
I believe this bug does not exist in KDE 4.2.2 because Konqueror's right-click behaviour has been totally changed. I tried these steps right now but I couldn't reproduce the bug. Suggest closing as WORKSFORME.
Comment 11 FiNeX 2009-08-23 11:59:14 UTC
I agree with Shriramana Sharma. Closing as worksforme.