Bug 203809 - Ctrl+Tab konqueror crash (KTabWidget::qt_metacall, KonqFrameTabs::qt_metacall)
Summary: Ctrl+Tab konqueror crash (KTabWidget::qt_metacall, KonqFrameTabs::qt_metacall)
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 205287 205969 207753 210182 213795 214360 217568 222053 222299 233140 234429 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-08-14 11:32 UTC by H L Prasad
Modified: 2011-12-15 06:04 UTC (History)
15 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description H L Prasad 2009-08-14 11:32:33 UTC
Application that crashed: konqueror
Version of the application: 4.3.00 (KDE 4.3.0)
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.29.6-217.2.3.fc11.i586 i686
Distribution: "Fedora release 11 (Leonidas)"

What I was doing when the application crashed:
I had multiple tabs open in Konqueror. I pressed "Ctrl+Tab" key combination by being in the first tab. This resulted in this crash.

 -- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[KCrash Handler]
#6  0x060698e9 in QTabWidget::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libQtGui.so.4
#7  0x067734da in KTabWidget::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkdeui.so.5
#8  0x055fa7fa in KConfigGroup::writeEntry(QString const&, QStringList const&, QFlags<KConfigBase::WriteConfigFlag>) () from /usr/lib/libkdeinit4_konqueror.so
#9  0x0537f2b3 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
#10 0x0537ff12 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#11 0x055f1e77 in KConfigGroup::writeEntry(QString const&, QStringList const&, QFlags<KConfigBase::WriteConfigFlag>) () from /usr/lib/libkdeinit4_konqueror.so
#12 0x055eeb5d in KConfigGroup::writeEntry(QString const&, QStringList const&, QFlags<KConfigBase::WriteConfigFlag>) () from /usr/lib/libkdeinit4_konqueror.so
#13 0x0536873a in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#14 0x05be638c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#15 0x05beeb21 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#16 0x06664a1a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#17 0x0536958b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#18 0x05be728e in ?? () from /usr/lib/libQtGui.so.4
#19 0x05c81cc0 in ?? () from /usr/lib/libQtGui.so.4
#20 0x05c84205 in ?? () from /usr/lib/libQtGui.so.4
#21 0x05c59f8f in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4
#22 0x05c85dd2 in ?? () from /usr/lib/libQtGui.so.4
#23 0x00632cf8 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#24 0x00636370 in ?? () from /lib/libglib-2.0.so.0
#25 0x006364a3 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#26 0x0539401c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#27 0x05c854b5 in ?? () from /usr/lib/libQtGui.so.4
#28 0x05367b79 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#29 0x05367fca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#30 0x0536a43f in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#31 0x05be6237 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#32 0x0566f121 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#33 0x080486db in _start ()

Reported using DrKonqi
Comment 1 FiNeX 2009-08-15 11:09:39 UTC
Confirmed in current trunk too.
Comment 2 Dario Andres 2009-08-16 20:57:10 UTC
@FiNeX: can you provide a better backtrace? Thanks
Comment 3 FiNeX 2009-08-16 21:03:21 UTC
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 0 (LWP 9778)]

Thread 2 (Thread 0x7f06502e6910 (LWP 9783)):
#0  0x00007f066996405d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f0669bd32b2 in QWaitCondition::wait () from /usr/lib/libQtCore.so.4
#2  0x00007f0669bc9412 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f0669bd2285 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f066995f57a in start_thread () from /lib/libpthread.so.0
#5  0x00007f066646316d in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f066a18e760 (LWP 9778)):
[KCrash Handler]
#5  0x00007f066744d311 in QTabWidget::qt_metacall () from /usr/lib/libQtGui.so.4
#6  0x00007f06682275d5 in KTabWidget::qt_metacall (this=0x21d2870, _c=QMetaObject::InvokeMetaMethod, _id=-2223672, _a=0x7fff59fd4fc0) at /home/test/KDE4/src/build/kdelibs/kdeui/ktabwidget.moc:124
#7  0x00007f065d0511a5 in KonqFrameTabs::qt_metacall (this=0x21d2870, _c=QMetaObject::InvokeMetaMethod, _id=-2223672, _a=0x7fff59fd4fc0)
    at /home/test/KDE4/src/build/kdebase/apps/konqueror/src/konqtabs.moc:94
#8  0x00007f0669cccdec in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#9  0x00007f065d0460ca in KonqFrame::eventFilter (this=0x21cf230, ev=<value optimized out>) at /home/test/KDE4/src/kdebase/apps/konqueror/src/konqframe.cpp:175
#10 0x00007f0669cb7007 in QCoreApplicationPrivate::sendThroughObjectEventFilters () from /usr/lib/libQtCore.so.4
#11 0x00007f066703166c in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4
#12 0x00007f0667039483 in QApplication::notify () from /usr/lib/libQtGui.so.4
#13 0x00007f0668137f36 in KApplication::notify (this=0x7fff59fd7730, receiver=0x220e760, event=0x7fff59fd5460) at /home/test/KDE4/src/kdelibs/kdeui/kernel/kapplication.cpp:302
#14 0x00007f0669cb7cec in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4
#15 0x00007f06670c0fca in ?? () from /usr/lib/libQtGui.so.4
#16 0x00007f06670c3511 in ?? () from /usr/lib/libQtGui.so.4
#17 0x00007f066709ca44 in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4
#18 0x00007f06670c4e6c in ?? () from /usr/lib/libQtGui.so.4
#19 0x00007f0665aeddbe in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#20 0x00007f0665af1568 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#21 0x00007f0665af1690 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#22 0x00007f0669ce01b6 in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4
#23 0x00007f06670c464e in ?? () from /usr/lib/libQtGui.so.4
#24 0x00007f0669cb65f2 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#25 0x00007f0669cb69c4 in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#26 0x00007f0669cb8b79 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#27 0x00007f065d0b5653 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /home/test/KDE4/src/kdebase/apps/konqueror/src/konqmain.cpp:257
#28 0x00000000004070be in launch (argc=4, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=32, envs=<value optimized out>, reset_env=true, tty=0x0,
    avoid_loops=false, startup_id_str=0x1919790 "blackhole;1250449488;49583;4479_TIME41236125") at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:705
#29 0x0000000000407ccd in handle_launcher_request (sock=19, who=<value optimized out>) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1197
#30 0x000000000040816b in handle_requests (waitForPid=0) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1381
#31 0x0000000000408962 in main (argc=1, argv=<value optimized out>, envp=<value optimized out>) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1825
Comment 4 Dario Andres 2009-08-16 21:04:49 UTC
Weird.. you don't have the KConfig calls..
Comment 5 Frank Reininghaus 2009-08-27 09:07:38 UTC
*** Bug 205287 has been marked as a duplicate of this bug. ***
Comment 6 FiNeX 2009-09-02 11:13:17 UTC
*** Bug 205969 has been marked as a duplicate of this bug. ***
Comment 7 Dario Andres 2009-09-19 18:44:53 UTC
*** Bug 207753 has been marked as a duplicate of this bug. ***
Comment 8 Tommi Tervo 2009-10-11 13:52:55 UTC
*** Bug 210182 has been marked as a duplicate of this bug. ***
Comment 9 Dario Andres 2009-11-11 02:06:15 UTC
*** Bug 213795 has been marked as a duplicate of this bug. ***
Comment 10 FiNeX 2009-11-29 22:39:23 UTC
*** Bug 214360 has been marked as a duplicate of this bug. ***
Comment 11 FiNeX 2009-12-06 14:01:59 UTC
*** Bug 217568 has been marked as a duplicate of this bug. ***
Comment 12 Pino Toscano 2010-01-10 14:05:08 UTC
*** Bug 222053 has been marked as a duplicate of this bug. ***
Comment 13 Maksim Orlovich 2010-01-16 21:34:17 UTC
==17290== Invalid read of size 4
==17290==    at 0x5C2FB12: QTabWidget::qt_metacall(QMetaObject::Call, int, void**) (moc_qtabwidget.cpp:143)
==17290==    by 0x4B36AE9: KTabWidget::qt_metacall(QMetaObject::Call, int, void**) (ktabwidget.moc:128)
==17290==    by 0x40D3F89: KonqFrameTabs::qt_metacall(QMetaObject::Call, int, void**) (konqtabs.moc:100)
==17290==    by 0x52257B5: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==17290==    by 0x5237979: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3291)
==17290==    by 0x40D0236: KonqFrameContainer::ctrlTabPressed() (konqframecontainer.moc:88)
==17290==    by 0x40CD0CC: KonqFrame::eventFilter(QObject*, QEvent*) (konqframe.cpp:180)
==17290==    by 0x521EBC4: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:819)
==17290==    by 0x571EE41: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4238)
==17290==    by 0x571CDD7: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3720)
==17290==    by 0x4A1E472: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302)
==17290==    by 0x521E91B: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704)
==17290==  Address 0x1c is not stack'd, malloc'd or (recently) free'd


That konqframe.cpp:180 cast looks really ugly...
Comment 14 Maksim Orlovich 2010-01-16 21:57:53 UTC
Yep, and it's the problem... That bit of code is from 2001, and is ultra-brittle, so no wonder it broke.

My naive attempt at fixing this is this:
--- src/konqframe.cpp   (revision 1066847)                         
+++ src/konqframe.cpp   (working copy)                             
@@ -177,7 +177,17 @@                                               
       QKeyEvent * keyEv = static_cast<QKeyEvent*>(ev);            
       if ((keyEv->key()==Qt::Key_Tab) && (keyEv->modifiers()==Qt::ControlModifier))
       {                                                                            
-         emit ((KonqFrameContainer*)parent())->ctrlTabPressed();                   
+         // Find the container frame..                                             
+         KonqFrameContainerBase* cont;                                             
+         for (cont = parentContainer(); cont; cont = cont->parentContainer()) {    
+                                                                                   
+            kDebug() << cont << frameTypeToString(cont->frameType());              
+            if (cont->frameType() == KonqFrameBase::Container)                     
+               break;                                                              
+         }                                                                         
+                                                                                   
+         if (cont)                                                                 
+            emit static_cast<KonqFrameContainer*>(cont)->ctrlTabPressed();         
          return true;                                                              
       }                                                                            
    }                                                                               

which sort of works --- it switches between views within a single tab; but I think I better consult dfaure for his opinion, since I don't know the class hierarchy well here at all.
Comment 15 David Faure 2010-01-18 23:33:52 UTC
SVN commit 1076829 by dfaure:

Rewrite the Ctrl+Tab handling with a single event filter; no more signals and unchecked casts (crash!).
BUG: 203809
Fixed for: 4.4


 M  +2 -16     konqframe.cpp  
 M  +0 -6      konqframe.h  
 M  +0 -2      konqframecontainer.h  
 M  +6 -1      konqmainwindow.cpp  
 M  +0 -2      konqtabs.h  
 M  +0 -4      konqviewmanager.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1076829
Comment 16 David Faure 2010-01-21 19:28:08 UTC
SVN commit 1078192 by dfaure:

Backport 1076829: Fix crash on Ctrl+Tab.
Fixed for: 4.3.5
CCBUG: 203809


 M  +2 -16     konqframe.cpp  
 M  +0 -6      konqframe.h  
 M  +0 -2      konqframecontainer.h  
 M  +6 -1      konqmainwindow.cpp  
 M  +0 -2      konqtabs.h  
 M  +0 -4      konqviewmanager.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1078192
Comment 17 Frank Reininghaus 2010-03-08 16:01:15 UTC
*** Bug 222299 has been marked as a duplicate of this bug. ***
Comment 18 David Faure 2010-04-02 21:26:55 UTC
For the record, I just fixed Ctrl+Tab handling so that it behaves as expected (even with splitted views and tabs) for KDE-4.5.


SVN commit 1110338 by dfaure:

Fix Ctrl+Tab handling, especially for the interesting case of splitted views in tabs:
* Rewrite chooseNextView to be deterministic rather than rely on a map sorted on pointer addresses
* Remove the fix for bug 67956 from KonqViewManager::doSetActivePart and fix that bug again at the right
level: by removing the setActivePart from KonqView::changePart, which I added in 2000 with the comment
"just in case". Heh.
* Fix another setActivePart in KonqMainWindow::slotPartChanged which also would trigger bug 67956.
* Fix the Ctrl+Tab event filter so that it doesn't let it propagate to QTabWidget (which also handles that shortcut)
* Add unittests for 67956 (with and without the option "tabs in front"); add unittests for Ctrl+Tab.
Comment 19 Dario Andres 2010-04-04 17:50:27 UTC
*** Bug 233140 has been marked as a duplicate of this bug. ***
Comment 20 Dawit Alemayehu 2011-12-15 06:04:51 UTC
*** Bug 234429 has been marked as a duplicate of this bug. ***